2015-05-26

Project News

Before we get to the new release, I'd like to give a quick update on some internal project developments.

First up, after a somewhat involved process that included a couple of rounds of community voting and much discussion, we have a new logo:

This will be rolled out in all the places where it makes sense along with the 0.12 release.

Second, the long-dormant @mitmproxy Twitter account is finally waking up. Please follow us there for mitmproxy project updates and related news.

Third, we'd like to welcome Thomas Kriechbaumer to the project. Thomas is being sponsored to work on mitmproxy under the Google Summer of Code program, and will be adding HTTP2 support - one of our most anticipated features. Special thanks goes to the Honeynet Project under whose aegis the GSoC work will be done.

Lastly, a peek into the project's immediate future. We have websockets support on the way, thanks to a protocol contribution by Chandler Abraham. We have HTTP2 on the way, thanks to Thomas. The mitmproxy web interface is gradually maturing behind the scenes, and should be ready to be unleashed on the world soon. And, of course, the project continues to improve quickly in almost every other respect. It's an exciting time, and there's a lot of interesting work to do - if you'd like to be involved, please get in touch.

mitmproxy v0.12

The most immediately visible change in v0.12 is a thorough overhaul of the console interface, which has been improved in almost every respect. Performance and responsiveness is better, keybindings have been consolidated, and options have been collected in a dedicated options screen (shortcut "o"). Palettes have been overhauled entirely, with improvements to the palettes themselves, the ability to change palettes on the fly, and support for non-transparent (mitmproxy sets the console background) and transparent (your emulator sets the console background) modes. The console application has also sprouted a powerful new cookie editor that will make tampering with cookie names and values more convenient.

Other major features include official support for transparent mode on FreeBSD (thanks to Mike C), the ability to log TLS master keys for use with other tools like WireShark, support for creating flows from scratch in the console app (thanks Marcelo Glezer). A thorough overhaul of the documentation is also under way - thanks to Jim Shaver for his work there.

pathod v0.12

I'm also releasing pathod v0.12. The primary change here is the first phase of full support for websockets. At the moment, this is client-only - server support will follow in the next release.

Here's a taster - the pathoc command below initiates a websocket connection to echo.websockets.org, then sends 10 websocket frames, each with a body of 100 random bytes.

> ./pathoc echo.websockets.org ws:/ wf:b@100:x10 >> ws:/ << 200 OK: 225 bytes >> wf:b@100:ir,@1

The usual range of injections and stream manipulations are available, and every aspect of the websocket frames can be manipulated in ways that creatively violate the specs. See the pathod documentation for the language definition.