mitmdump 参数

2020-08-17  本文已影响0人  mocobk
Parameter Type Default Description
add_upstream_certs_to_client_chain bool False Add all certificates of the upstream server to the certificate chain that will be served to the proxy client, as extras.
allow_hosts sequence of str [] Opposite of --ignore-hosts.
anticache bool False Strip out request headers that might cause the server to return 304-not-modified.
anticomp bool False Try to convince servers to send us un-compressed data.
block_global bool True Block connections from globally reachable networks, as defined in the IANA special purpose registries.
block_private bool False Block connections from private networks, as defined in the IANA special purpose registries. This option does not affect loopback addresses.
body_size_limit optional str None Byte size limit of HTTP request and response bodies. Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
certs sequence of str [] SSL certificates of the form "[domain=]path". The domain may include a wildcard, and is equal to "*" if not specified. The file at path is a certificate in PEM format. If a private key is included in the PEM, it is used, else the default key in the conf dir is used. The PEM file should contain the full certificate chain, with the leaf certificate as the first entry.
ciphers_client optional str None Set supported ciphers for client connections using OpenSSL syntax.
ciphers_server optional str None Set supported ciphers for server connections using OpenSSL syntax.
client_certs optional str None Client certificate file or directory.
client_replay sequence of str [] Replay client requests from a saved file.
command_history bool True Persist command history between mitmproxy invocations.
confdir str ~/.mitmproxy Location of the default mitmproxy configuration files.
content_view_lines_cutoff int 512 Flow content view lines limit. Limit is enabled by default to speedup flows browsing.
dumper_default_contentview str auto The default content view mode.
Choices: auto, raw, hex, json, xml/html, wbxml, javascript, css, url-encoded, multipart form, image, query, protocol buffer
dumper_filter optional str None Limit which flows are dumped.
flow_detail int 1 The display detail level for flows in mitmdump: 0 (almost quiet) to 3 (very verbose). 0: shortened request URL, response status code, WebSocket and TCP message notifications. 1: full request URL with response status code 2: 1 + HTTP headers 3: 2 + full response content, content of WebSocket and TCP messages.
http2 bool True Enable/disable HTTP/2 support. HTTP/2 support is enabled by default.
http2_priority bool False PRIORITY forwarding for HTTP/2 connections. Disabled by default to ensure compatibility with misbehaving servers.
ignore_hosts sequence of str [] Ignore host and forward all traffic without processing it. In transparent mode, it is recommended to use an IP address (range), not the hostname. In regular mode, only SSL traffic is ignored and the hostname should be used. The supplied value is interpreted as a regular expression and matched on the ip or the hostname.
keep_host_header bool False Reverse Proxy: Keep the original host header instead of rewriting it to the reverse proxy target.
keepserving bool False Continue serving after client playback, server playback or file read. This option is ignored by interactive tools, which always keep serving.
key_size int 2048 TLS key size for certificates and CA.
listen_host str Address to bind proxy to.
listen_port int 8080 Proxy service port.
map_local sequence of str [] Map remote resources to a local file using a pattern of the form "[/flow-filter]/url-regex/file-or-directory-path", where the separator can be any character.
map_remote sequence of str [] Map remote resources to another remote URL using a pattern of the form "[/flow-filter]/url-regex/replacement", where the separator can be any character.
mode str regular Mode can be "regular", "transparent", "socks5", "reverse:SPEC", or "upstream:SPEC". For reverse and upstream proxy modes, SPEC is host specification in the form of "http[s]://host[:port]".
modify_body sequence of str [] Replacement pattern of the form "[/flow-filter]/regex/[@]replacement", where the separator can be any character. The @ allows to provide a file path that is used to read the replacement string.
modify_headers sequence of str [] Header modify pattern of the form "[/flow-filter]/header-name/[@]header-value", where the separator can be any character. The @ allows to provide a file path that is used to read the header value string. An empty header-value removes existing header-name headers.
onboarding bool True Toggle the mitmproxy onboarding app.
onboarding_host str mitm.it Onboarding app domain. For transparent mode, use an IP when a DNS entry for the app domain is not present.
onboarding_port int 80 Port to serve the onboarding app from.
proxyauth optional str None Require proxy authentication. Format: "username:pass", "any" to accept any user/pass combination, "@path" to use an Apache htpasswd file, or "ldap[s]:url_server_ldap:dn_auth:password:dn_subtree" for LDAP authentication.
rawtcp bool False Enable/disable experimental raw TCP support. TCP connections starting with non-ascii bytes are treated as if they would match tcp_hosts. The heuristic is very rough, use with caution. Disabled by default.
readfile_filter optional str None Read only matching flows.
rfile optional str None Read flows from file.
save_stream_file optional str None Stream flows to file as they arrive. Prefix path with + to append.
save_stream_filter optional str None Filter which flows are written to file.
scripts sequence of str [] Execute a script.
server bool True Start a proxy server. Enabled by default.
server_replay sequence of str [] Replay server responses from a saved file.
server_replay_ignore_content bool False Ignore request's content while searching for a saved flow to replay.
server_replay_ignore_host bool False Ignore request's destination host while searching for a saved flow to replay.
server_replay_ignore_params sequence of str [] Request's parameters to be ignored while searching for a saved flow to replay.
server_replay_ignore_payload_params sequence of str [] Request's payload parameters (application/x-www-form-urlencoded or multipart/form-data) to be ignored while searching for a saved flow to replay.
server_replay_ignore_port bool False Ignore request's destination port while searching for a saved flow to replay.
server_replay_kill_extra bool False Kill extra requests during replay.
server_replay_nopop bool False Don't remove flows from server replay state after use. This makes it possible to replay same response multiple times.
server_replay_refresh bool True Refresh server replay responses by adjusting date, expires and last-modified headers, as well as adjusting cookie expiration.
server_replay_use_headers sequence of str [] Request headers to be considered during replay.
showhost bool False Use the Host header to construct URLs for display.
spoof_source_address bool False Use the client's IP for server-side connections. Combine with --upstream-bind-address to spoof a fixed source address.
ssl_insecure bool False Do not verify upstream server SSL/TLS certificates.
ssl_verify_upstream_trusted_ca optional str None Path to a PEM formatted trusted CA certificate.
ssl_verify_upstream_trusted_confdir optional str None Path to a directory of trusted CA certificates for upstream server verification prepared using the c_rehash tool.
ssl_version_client str secure Set supported SSL/TLS versions for client connections. SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+.
Choices: all, secure, SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2
ssl_version_server str secure Set supported SSL/TLS versions for server connections. SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+.
Choices: all, secure, SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2
stickyauth optional str None Set sticky auth filter. Matched against requests.
stickycookie optional str None Set sticky cookie filter. Matched against requests.
stream_large_bodies optional str None Stream data to the client if response body exceeds the given threshold. If streamed, the body will not be stored in any way. Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
stream_websockets bool False Stream WebSocket messages between client and server. Messages are captured and cannot be modified.
tcp_hosts sequence of str [] Generic TCP SSL proxy mode for all hosts that match the pattern. Similar to --ignore, but SSL connections are intercepted. The communication contents are printed to the log in verbose mode.
termlog_verbosity str info Log verbosity.
Choices: error, warn, info, alert, debug
upstream_auth optional str None Add HTTP Basic authentication to upstream proxy and reverse proxy requests. Format: username:password.
upstream_bind_address str Address to bind upstream requests to.
upstream_cert bool True Connect to upstream server to look up certificate details.
websocket bool True Enable/disable WebSocket support. WebSocket support is enabled by default.
上一篇下一篇

猜你喜欢

热点阅读