AgentSkillsCN

mitm-help

介绍 @withseismic/mitm 代理插件——讲解其可用功能、脚本、REST API、规则引擎以及流量检测。当用户询问 MITM 代理能做什么、如何入门,或需要了解其各项功能的概览时,可参考此内容。

SKILL.md
--- frontmatter
name: mitm-help
description: Introduces the @withseismic/mitm proxy plugin — explains available skills, scripts, the REST API, rule engine, and traffic inspection. Use when a user asks what the MITM proxy can do, how to get started, or needs an overview of capabilities.
argument-hint: "[topic]"

@withseismic/mitm — MITM Proxy Plugin

An interactive man-in-the-middle proxy for intercepting, inspecting, and modifying HTTP/HTTPS traffic. It runs locally and exposes a REST API on port 8889 for programmatic control — no MCP server needed, just curl.

What can it do?

CapabilityDescription
Traffic captureIntercepts all HTTP/HTTPS requests routed through the proxy
Request inspectionView full request/response headers, bodies, timing, and status
Rule engineCreate rules that modify, block, redirect, or mock traffic in-flight
Inline transformsWrite TypeScript transform functions directly via the API
File-based rulesDrop JSON+TS rule pairs into rules/ for complex transforms (hot-reloaded)
BreakpointsPause requests/responses matching a pattern for manual inspection
Traffic filteringFilter captured requests by URL pattern, method, or status

Available skills

SkillCommandDescription
mitm-help/mitm-helpThis overview (you're reading it)
mitm-start/mitm-startStart the proxy and configure env vars
mitm-inspect/mitm-inspect [filter]List, filter, and inspect captured traffic
mitm-rules/mitm-rules [description]Create and manage interception rules
mitm-status/mitm-statusQuick proxy status and statistics

The mitm-debugger agent can also be invoked as a subagent for autonomous traffic analysis.

Quick start

1. Start the proxy

bash
npx @withseismic/mitm --skip-setup &
export HTTP_PROXY=http://127.0.0.1:8888
export HTTPS_PROXY=http://127.0.0.1:8888

2. Make some requests

Any HTTP client respecting proxy env vars will route through the proxy automatically:

bash
curl https://httpbin.org/get
curl -X POST https://httpbin.org/post -d '{"hello":"world"}'

3. Inspect traffic

bash
curl -s http://localhost:8889/api/requests?limit=10 | cat

4. Create a rule

bash
curl -s -X POST http://localhost:8889/api/rules \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Add custom header",
    "match": { "pattern": "httpbin.org" },
    "phase": "request",
    "transformCode": "export default { onRequest: (req) => { req.headers[\"x-custom\"] = \"hello\"; return req; } }"
  }' | cat

REST API reference

Base URL: http://localhost:8889

EndpointMethodDescription
/api/statusGETProxy status + rule/request counts
/api/requestsGETList captured requests (query: filter, limit, offset)
/api/requests/:idGETFull request/response detail
/api/requestsDELETEClear request history
/api/rulesGETList all rules (file + API)
/api/rulesPOSTCreate a new rule
/api/rules/:idPUTUpdate a rule
/api/rules/:idDELETEDelete a rule
/api/rules/:id/togglePATCHToggle rule enabled/disabled

Bundled scripts

Each skill includes helper scripts in its scripts/ directory:

ScriptSkillDescription
traffic-summary.shmitm-inspectSummarize traffic by domain, status, and timing
export-har.shmitm-inspectExport captured requests as HAR-like JSON
quick-rule.shmitm-rulesOne-liner rule creation helper
rule-templates.shmitm-rulesPrint common rule templates
proxy-up.shmitm-startStart proxy + verify + set env vars
health-check.shmitm-statusHealth check with retry logic

Run any script with bash:

bash
bash <skill-path>/scripts/<script-name>.sh [args]

Architecture

code
Port 8888 (proxy)          Port 8889 (API)
    │                           │
    ▼                           ▼
┌─────────┐              ┌───────────┐
│  Proxy  │◄────────────►│  REST API │
│ Server  │   shared     │  (Hono)   │
└────┬────┘   store      └───────────┘
     │
     ▼
┌──────────────────────┐
│     Rule Engine      │
│  ┌────────────────┐  │
│  │ File rules     │  │  ← rules/*.json + rules/*.ts (hot-reloaded)
│  │ API rules      │  │  ← POST /api/rules with transformCode
│  │ Block rules    │  │
│  │ Redirect rules │  │
│  │ Breakpoints    │  │
│  └────────────────┘  │
└──────────────────────┘

Transform types

Rules use a TransformModule with onRequest and/or onResponse handlers:

typescript
interface TransformModule {
  onRequest?: (req: ProxyRequest) => ProxyRequest | TransformAction;
  onResponse?: (res: ProxyResponse, req: ProxyRequest) => ProxyResponse | TransformAction;
}

// Return modified req/res, or an action:
type TransformAction =
  | { action: "block"; statusCode?: number }   // Return error status
  | { action: "drop" }                          // Silently drop
  | { action: "redirect"; url: string }         // Redirect to new URL

Common use cases

  • Debug API calls — inspect request/response bodies for a specific endpoint
  • Mock backends — return fake responses while frontend is under development
  • Add auth headers — inject authorization tokens into outgoing requests
  • Block tracking — prevent analytics/telemetry requests from leaving your machine
  • Redirect traffic — route production API calls to a staging server
  • Test error handling — force specific status codes on responses
  • Traffic analysis — understand what an application is doing on the network

If $ARGUMENTS was provided, focus the explanation on that specific topic.