What is the purpose of mitmproxy in cuckoo?

[masifpak]

Hi Geeks,

Can anybody explain the purpose of mitmproxy in 3 to 5 line in cuckoo. What benefit we can get it from?

[duckasylum]

As I understand mitmproxy is used to look into the SSL/TLS encrypted HTTPS traffic that exits (or enters in case of a response) your sandbox using the same technique used in man-in-the-middle attacks. The way it works is that instead of making a direct connection to target you "proxy" your connection to mitmproxy which establishes a HTTPS connection between the proxy and sandbox and then, if your network configuration allows, mitmproxy makes a SSL/TLS protected connection to the target. This is all needed for example to analyze malware communication or payload acquisition - some malware encrypts its traffic (i.e stolen data) and communicates with C&C servers over HTTPS or downloads additional components over HTTPS.

[leniwiec16]

Is there any advantage in using mitmproxy over built-in httpreplay?

[doomedraven]

with mitmproxy you can manipulate traffic, with httpreplay you can't