config.yaml

1. # Add all certificates of the upstream server to the certificate chain
2. # that will be served to the proxy client, as extras. Type bool.
3. add_upstream_certs_to_client_chain: false
4.  
5. # Strip out request headers that might cause the server to return
6. # 304-not-modified. Type bool.
7. anticache: false
8.  
9. # Try to convince servers to send us un-compressed data. Type bool.
10. anticomp: false
11.  
12. # Block connections from globally reachable networks, as defined in the
13. # IANA special purpose registries. Type bool.
14. block_global: true
15.  
16. # Block connections from private networks, as defined in the IANA
17. # special purpose registries. This option does not affect loopback
18. # addresses. Type bool.
19. block_private: false
20.  
21. # Byte size limit of HTTP request and response bodies. Understands k/m/g
22. # suffixes, i.e. 3m for 3 megabytes. Type optional str.
23. body_size_limit:
25. # SSL certificates of the form "[domain=]path". The domain may include a
26. # wildcard, and is equal to "*" if not specified. The file at path is a
27. # certificate in PEM format. If a private key is included in the PEM, it
28. # is used, else the default key in the conf dir is used. The PEM file
29. # should contain the full certificate chain, with the leaf certificate
30. # as the first entry. Type sequence of str.
31. certs: []
32.  
33. # Set supported ciphers for client connections using OpenSSL syntax.
34. # Type optional str.
35. ciphers_client:
37. # Set supported ciphers for server connections using OpenSSL syntax.
38. # Type optional str.
39. ciphers_server:
41. # Client certificate file or directory. Type optional str.
42. client_certs:
44. # Replay client requests from a saved file. Type sequence of str.
45. client_replay: []
46.  
47. # Location of the default mitmproxy configuration files. Type str.
48. confdir: ~/.mitmproxy
49.  
50. # The default content view mode. Valid values are 'auto', 'raw', 'hex',
51. # 'json', 'xml/html', 'wbxml', 'javascript', 'css', 'url-encoded',
52. # 'multipart form', 'image', 'query', 'protocol buffer'.
53. console_default_contentview: auto
54.  
55. # EventLog verbosity. Valid values are 'error', 'warn', 'info', 'alert',
56. # 'debug'.
57. console_eventlog_verbosity: info
58.  
59. # Focus follows new flows. Type bool.
60. console_focus_follow: false
61.  
62. # Console layout. Valid values are 'horizontal', 'single', 'vertical'.
63. console_layout: single
64.  
65. # Show layout component headers Type bool.
66. console_layout_headers: true
67.  
68. # Console mouse interaction. Type bool.
69. console_mouse: true
70.  
71. # Color palette. Valid values are 'dark', 'light', 'lowdark',
72. # 'lowlight', 'solarized_dark', 'solarized_light'.
73. console_palette: solarized_dark
74.  
75. # Set transparent background for palette. Type bool.
76. console_palette_transparent: false
77.  
78. # Enable/disable HTTP/2 support. HTTP/2 support is enabled by default.
79. # Type bool.
80. http2: true
81.  
82. # PRIORITY forwarding for HTTP/2 connections. Disabled by default to
83. # ensure compatibility with misbehaving servers. Type bool.
84. http2_priority: false
85.  
86. # Ignore host and forward all traffic without processing it. In
87. # transparent mode, it is recommended to use an IP address (range), not
88. # the hostname. In regular mode, only SSL traffic is ignored and the
89. # hostname should be used. The supplied value is interpreted as a
90. # regular expression and matched on the ip or the hostname. Type
91. # sequence of str.
92. ignore_hosts: []
93.  
94. # Intercept filter expression. Type optional str.
95. intercept:
97. # Intercept toggle Type bool.
98. intercept_active: false
99.  
100. # Reverse Proxy: Keep the original host header instead of rewriting it
101. # to the reverse proxy target. Type bool.
102. keep_host_header: false
103.  
104. # Address to bind proxy to. Type str.
105. listen_host: ''
106.  
107. # Proxy service port. Type int.
108. listen_port: 8080
109.  
110. # Mode can be "regular", "transparent", "socks5", "reverse:SPEC", or
111. # "upstream:SPEC". For reverse and upstream proxy modes, SPEC is host
112. # specification in the form of "http[s]://host[:port]". Type str.
113. mode: regular
114.  
115. # Toggle the mitmproxy onboarding app. Type bool.
116. onboarding: true
117.  
118. # Onboarding app domain. For transparent mode, use an IP when a DNS
119. # entry for the app domain is not present. Type str.
120. onboarding_host: mitm.it
121.  
122. # Port to serve the onboarding app from. Type int.
123. onboarding_port: 80
124.  
125. # Require proxy authentication. Format: "username:pass", "any" to accept
126. # any user/pass combination, "@path" to use an Apache htpasswd file, or
127. # "ldap[s]:url_server_ldap:dn_auth:password:dn_subtree" for LDAP
128. # authentication. Type optional str.
129. proxyauth:
131. # Enable/disable experimental raw TCP support. TCP connections starting
132. # with non-ascii bytes are treated as if they would match tcp_hosts. The
133. # heuristic is very rough, use with caution. Disabled by default. Type
134. # bool.
135. rawtcp: false
136.  
137. # Read only matching flows. Type optional str.
138. readfile_filter:
140. # Replacement patterns of the form "/pattern/regex/replacement", where
141. # the separator can be any character. Type sequence of str.
142. replacements: []
143.  
144. # Read flows from file. Type optional str.
145. rfile:
147. # Stream flows to file as they arrive. Prefix path with + to append.
148. # Type optional str.
149. save_stream_file:
151. # Filter which flows are written to file. Type optional str.
152. save_stream_filter:
154. # Execute a script. Type sequence of str.
155. scripts: []
156.  
157. # Start a proxy server. Enabled by default. Type bool.
158. server: true
159.  
160. # Replay server responses from a saved file. Type sequence of str.
161. server_replay: []
162.  
163. # Ignore request's content while searching for a saved flow to replay.
164. # Type bool.
165. server_replay_ignore_content: false
166.  
167. # Ignore request's destination host while searching for a saved flow to
168. # replay. Type bool.
169. server_replay_ignore_host: false
170.  
171. # Request's parameters to be ignored while searching for a saved flow to
172. # replay. Type sequence of str.
173. server_replay_ignore_params: []
174.  
175. # Request's payload parameters (application/x-www-form-urlencoded or
176. # multipart/form-data) to be ignored while searching for a saved flow to
177. # replay. Type sequence of str.
178. server_replay_ignore_payload_params: []
179.  
180. # Kill extra requests during replay. Type bool.
181. server_replay_kill_extra: false
182.  
183. # Don't remove flows from server replay state after use. This makes it
184. # possible to replay same response multiple times. Type bool.
185. server_replay_nopop: false
186.  
187. # Refresh server replay responses by adjusting date, expires and last-
188. # modified headers, as well as adjusting cookie expiration. Type bool.
189. server_replay_refresh: true
190.  
191. # Request headers to be considered during replay. Type sequence of str.
192. server_replay_use_headers: []
193.  
194. # Header set pattern of the form "/pattern/header/value", where the
195. # separator can be any character. Type sequence of str.
196. setheaders: []
197.  
198. # Use the Host header to construct URLs for display. Type bool.
199. showhost: false
200.  
201. # Use the client's IP for server-side connections. Combine with
202. # --upstream-bind-address to spoof a fixed source address. Type bool.
203. spoof_source_address: false
204.  
205. # Do not verify upstream server SSL/TLS certificates. Type bool.
206. ssl_insecure: false
207.  
208. # Path to a PEM formatted trusted CA certificate. Type optional str.
209. ssl_verify_upstream_trusted_ca:
211. # Path to a directory of trusted CA certificates for upstream server
212. # verification prepared using the c_rehash tool. Type optional str.
213. ssl_verify_upstream_trusted_confdir:
215. # Set supported SSL/TLS versions for client connections. SSLv2, SSLv3
216. # and 'all' are INSECURE. Defaults to secure, which is TLS1.0+. Valid
217. # values are 'all', 'secure', 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1',
218. # 'TLSv1_2'.
219. ssl_version_client: secure
220.  
221. # Set supported SSL/TLS versions for server connections. SSLv2, SSLv3
222. # and 'all' are INSECURE. Defaults to secure, which is TLS1.0+. Valid
223. # values are 'all', 'secure', 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1',
224. # 'TLSv1_2'.
225. ssl_version_server: secure
226.  
227. # Set sticky auth filter. Matched against requests. Type optional str.
228. stickyauth:
230. # Set sticky cookie filter. Matched against requests. Type optional str.
231. stickycookie:
233. # Stream data to the client if response body exceeds the given
234. # threshold. If streamed, the body will not be stored in any way.
235. # Understands k/m/g suffixes, i.e. 3m for 3 megabytes. Type optional
236. # str.
237. stream_large_bodies:
239. # Stream WebSocket messages between client and server. Messages are
240. # captured and cannot be modified. Type bool.
241. stream_websockets: false
242.  
243. # Generic TCP SSL proxy mode for all hosts that match the pattern.
244. # Similar to --ignore, but SSL connections are intercepted. The
245. # communication contents are printed to the log in verbose mode. Type
246. # sequence of str.
247. tcp_hosts: []
248.  
249. # Add HTTP Basic authentication to upstream proxy and reverse proxy
250. # requests. Format: username:password. Type optional str.
251. upstream_auth:
253. # Address to bind upstream requests to. Type str.
254. upstream_bind_address: ''
255.  
256. # Connect to upstream server to look up certificate details. Type bool.
257. upstream_cert: true
258.  
259. # Limit the view to matching flows. Type optional str.
260. view_filter:
262. # Flow sort order. Valid values are 'time', 'method', 'url', 'size'.
263. view_order: time
264.  
265. # Reverse the sorting order. Type bool.
266. view_order_reversed: false
267.  
268. # Enable/disable WebSocket support. WebSocket support is enabled by
269. # default. Type bool.
270. websocket: true