This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, August 5 • 15:30 - 15:55
Embedding Web Apps in MITMProxy Scripts

Sign up or log in to save this to your schedule and see who's attending!

MITMProxy is a popular open source Python-based HTTP(S) interception proxy. The developers have recently added a web-based front-end to supplement the existing ncurses console GUI.
This talk will focus on work that I have done to bring a plugin architecture to the web front-end, allowing existing and new MITMProxy scripts to be configured and triggered through the browser.
Two types of plugins have been added: view-only transformations, and "action" transformations with options affecting the data traveling across the wire. This gives MITMProxy users more capabilities in terms of manipulating and visualizing intercepted HTTP(S) traffic, using application or domain-specific plugins.
I will show how this plugin architecture can be used in practice via an example of cheating at a popular mobile word puzzle game. There will also be a brief discussion of other interesting plugins and next steps.


Chris Czub

Chris Czub is a Security Researcher at Duo Security, an Ann Arbor, Michigan-based start-up focused on two-factor authentication and account security. With a career spanning a decade, he has worked in various roles from software engineer to tech lead at start-ups and IT companies in SE Michigan. He has seen security in practice at small and medium-sized organizations and worked on various aspects of security, such as secure coding... Read More →

Wednesday August 5, 2015 15:30 - 15:55
Proving Ground Florentine E

Attendees (28)