Mitmproxy is a free and open-source interactive HTTPS proxy.

It is a swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode messages in HTML and other protocols, intercept messages on-the-fly, change them before they reach their target, and replay them to a client or server later on.

Mitmproxy's main features are simple to use through its graphical interface, Mitmweb. Mitmweb gives you a similar experience to Chrome's DevTools. Unlike Chrome's DevTools, Mitmweb works for any application or device, plus it adds additional features such as to request interception and replay.

Mitmproxy is a flexible tool. Conventional proxies can neither view nor manipulate TLS-encrypted data streams, so a CONNECT request asks the proxy to open a pipe between client and server. Proxies here are just facilitators - they blindly forward data in both directions without knowing anything about the contents. The negotiation of the encripted connection happens through this pipe, and the subsequent flow of requests and responses are entirely opaque to the proxy.

Mitmproxy's fundamental trick comes into play; it lets us intercept and interfere with theoretically opaque data streams. We pretend to be the server to the client, and at the same time, we pretend to be the client to the server. This lets us sit in the middle, decrypting all traffic.

The Certificate Authority system should block precisely this sort of attack. By only allowing a trusted third-party to sign a server's certificates cryptographically, security should be ensured, verifying that they are legit. If this certificate doesn't match or is from an untrusted party, a secure client will refuse to proceed. Despite the various deficiencies of the CA system as it is today, this usually blocks all attempts to MITM an encrypted connection for analysis. Our answer to this dilemma is to become a trusted Certificate Authority ourselves. Mitmproxy includes a full CA implementation that creates interception certificates on the fly.