mitmproxy-mcp
HTTP/HTTPS traffic analysis, interception, and replay through mitmproxy.
Prerequisites
- •mitmproxy running with the mitmproxy-mcp addon loaded
- •MCP server available at
http://localhost:9011/sse(SSE transport)
If the MCP server is not connected, tell the user to start mitmproxy first:
bash
mitmproxy # or mitmweb, or mitmdump
The addon and MCP server start automatically if configured in ~/.mitmproxy/config.yaml.
When to Use This Skill
- •User asks to inspect, debug, or analyze HTTP traffic
- •User wants to replay or modify an HTTP request
- •User wants to intercept requests matching a pattern
- •User needs to export captured traffic (HAR format)
- •User is doing API debugging or security testing
Available Tools (20)
Flow Tools -- querying captured traffic
- •
get_flows-- list captured flows with optional filtering by method, URL pattern, or status code. Supportslimitandoffsetfor pagination. - •
get_flow_by_id-- get full request and response details for a single flow - •
search_flows-- search flows by regex pattern across URL, method, status, and headers - •
get_flow_request-- get only the request portion of a flow - •
get_flow_response-- get only the response portion of a flow - •
get_flow_count-- count of currently stored flows - •
clear_flows-- clear all stored flows - •
export_flows-- export flows to HAR 1.2 format. Optionally pass specific flow IDs.
Replay Tools -- sending and modifying requests
- •
replay_request-- replay a captured request exactly as-is. Returns a new flow with the response. - •
send_request-- send a new HTTP request. Parameters:url(required),method(default GET),headers,body. - •
modify_and_send-- take an existing flow, change its method/url/headers/body, and send it. Useful for testing variations. - •
duplicate_flow-- clone a flow without sending it. Useful for before/after comparisons.
Intercept Tools -- pausing and controlling live traffic
- •
set_intercept_filter-- set a mitmproxy filter expression to intercept matching requests. Uses mitmproxy filter syntax:~u example.com,~m POST,~u api & ~m GET. Pass empty string to disable. - •
get_intercepted_flows-- list flows currently paused by interception - •
resume_flow-- resume a single intercepted flow - •
resume_all-- resume all intercepted flows - •
drop_flow-- drop/kill an intercepted flow without forwarding it
Config Tools -- proxy settings
- •
get_options-- get current mitmproxy option values. Pass specific keys or get curated defaults. - •
set_option-- set a mitmproxy option at runtime. Some dangerous options (listen_host, listen_port, mode, server, ssl_insecure) are blocked. - •
get_status-- get proxy status: version, listen address, mode, flow count, intercept settings.
Workflow Patterns
Basic traffic inspection
- •Make sure mitmproxy is running and proxying the target traffic
- •Use
get_flowsto see what has been captured - •Use
get_flow_by_idto drill into specific requests/responses - •Use
search_flowswith a regex to find specific patterns
Replaying and modifying requests
- •Find the flow you want with
get_flowsorsearch_flows - •Use
replay_requestto resend it exactly - •Or use
modify_and_sendto change headers, body, or URL before sending - •Compare the original and modified responses
Intercepting live traffic
- •Set a filter with
set_intercept_filter(e.g.~u api.example.com & ~m POST) - •Wait for matching requests -- they will be paused
- •Use
get_intercepted_flowsto see what is waiting - •Use
resume_flowordrop_flowto control each one - •Use
set_intercept_filterwith empty string to stop intercepting
Important Notes
- •Sensitive data redaction is off by default. Enable with
mcp_redact: truein mitmproxy config to redact tokens, passwords, API keys, and JWTs - •Request/response bodies are truncated to 10KB to prevent context overflow
- •All data is in-memory only -- cleared when mitmproxy stops
- •The proxy stores up to 1000 flows by default (oldest evicted first)