mitmproxy cheatsheet

[mitmproxy]( is a free and open source interactive HTTPS proxy. This is a quick reference cheat sheet to the mitmproxy.

#Getting stared


-pmitmproxy -p 8001Start proxy on port 8001
-mmitmproxy -p 8001 -m reverse: proxy on port 8001 to port 4000
-wmitmproxy -p 8001 -w traffic.mitmStream flows to file as they arrive
-rmitmproxy -r traffic.mitmRead flows from file
-Cmitmproxy -C traffic.mitmReplay client requests from a saved file
-Smitmproxy -S traffic.mitmReplay server responses from a saved file
-smitmproxy -s myScript.pyExecute a script
-hmitmproxy -hmitmproxy quick help


        k                 Ctrl b
        ▲                   ▲▲
        │                   ││
h ◀ ─── + ─── ▶ l           ││ page
        │                   ││
        ▼                   ▼▼
        j             Ctrl f / Space 
h, j, k ,lLeft, Down, Up, Right
Ctrl bPage up
Space / Ctrl fPage down
g / GGo to beginning / end
ArrowsUp, Down, Left, Right

#Common Keybindings

qBack / Exit
zClear flow list
:Command prompt
EView event log
OView options
rReplay this flow

#Global Keybindings

-Cycle to next layout
?View help
BStart an attached browser
CView commands
IToggle intercept
KView key bindings
PView flow details
QExit immediately
WStream to file
iSet intercept
Ctrl rightFocus next layout pane
Shift tabFocus next layout pane

#Flow (View)

AResume all intercepted flows
DDuplicate flow
FSet focus follow
LLoad flows from file
MToggle viewing marked flows
SStart server replay
UUn-set all marks
VRevert changes to this flow
XKill this flow
ZPurge all flows not showing
aResume this intercepted flow
bSave response body to file
dDelete flow from view
eExport this flow to file
fSet view filter
mToggle mark on this flow
nCreate a new flow
oSet flow list order
rReplay this flow
vReverse flow list order
wSave listed flows to file
|Run a script on this flow
Ctrl lSend cuts to clipboard




fSet view filter (on flow view page)

The regex are Python-style, it can be specified as quoted strings


!unary not


~aMatch asset in response: CSS, Javascript, Flash, images.
~b regexBody
~bq regexRequest body
~bs regexResponse body
~c intHTTP response code
~d regexDomain
~dst regexMatch destination address
~eMatch error
~h regexHeader
~hq regexRequest header
~hs regexResponse header
~httpMatch HTTP flows
~m regexMethod
~markedMatch marked flows
~qMatch request with no response
~sMatch response
~src regexMatch source address
~t regexContent-type header
~tcpMatch TCP flows
~tq regexRequest Content-Type header
~ts regexResponse Content-Type header
~u regexURL
~websocketMatch WebSocket flows (and HTTP-WebSocket handshake flows)

#Flow selectors

Expressions | - | - | |--------------|----------------------------| | @all | All flows | | @focus | The currently focused flow | | @shown | All flows currently shown | | @hidden | All flows currently hidden | | @marked | All marked flows | | @unmarked | All unmarked flows |

mitmproxy has a set of convenient flow selectors that operate on the current view


URL containing ""


Requests whose body contains the string "test"

~q ~b test

Anything but requests with a text/html content type:

!(~q & ~t "text/html")

Replace entire GET string in a request (quotes required to make it work):

":~q ~m GET:.*:/replacement.html"


#Custom response

from mitmproxy import http

def request(flow: http.HTTPFlow) -> None:
    if flow.request.pretty_url == "":
        flow.response = http.HTTPResponse.make(
            200,  # (optional) status code
            b"Hello World",  # (optional) content
            {"Content-Type": "text/html"}  # (optional) headers

Send a reply from the proxy without sending any data to the remote server

#Add header

class AddHeader:
    def __init__(self):
        self.num = 0

    def response(self, flow):
        self.num = self.num + 1
        flow.response.headers["count"] = str(self.num)

addons = [

Add an HTTP header to each response

#See also

#See also