Skills

mitmproxy-mcp

Installation
SKILL.md

mitmproxy-mcp

HTTP/HTTPS traffic analysis, interception, and replay through mitmproxy.

Prerequisites

  • mitmproxy running with the mitmproxy-mcp addon loaded
  • MCP server available at http://localhost:9011/sse (SSE transport)

If the MCP server is not connected, tell the user to start mitmproxy first:

mitmproxy      # or mitmweb, or mitmdump

The addon and MCP server start automatically if configured in ~/.mitmproxy/config.yaml. For dependency-safe startup, install shims once with mitmproxy-mcp install-shims --force.

When to Use This Skill

  • User asks to inspect, debug, or analyze HTTP traffic
  • User wants to replay or modify an HTTP request
  • User wants to intercept requests matching a pattern
  • User needs to export captured traffic (HAR format)
  • User is doing API debugging or security testing

Available Tools (20)

Flow Tools -- querying captured traffic

  • get_flows -- list captured flows with optional filtering by method, URL pattern, or status code. Supports limit and offset for pagination.
  • get_flow_by_id -- get full request and response details for a single flow
  • search_flows -- search flows by regex pattern across URL, method, status, and headers
  • get_flow_request -- get only the request portion of a flow
  • get_flow_response -- get only the response portion of a flow
  • get_flow_count -- count of currently stored flows
  • clear_flows -- clear all stored flows and clear mitmproxy's flow view when sync includes clear
  • export_flows -- export flows to HAR 1.2 format. Optionally pass specific flow IDs.

Replay Tools -- sending and modifying requests

  • replay_request -- replay a captured request exactly as-is. Replays in-place when view sync includes replay; otherwise creates a detached replay flow.
  • send_request -- send a new HTTP request. Parameters: url (required), method (default GET), headers, body.
  • modify_and_send -- take an existing flow, change its method/url/headers/body, and send it. Useful for testing variations.
  • duplicate_flow -- clone a flow without sending it. Useful for before/after comparisons.

Replay tool flows are reflected to mitmproxy's flow list when mcp_view_sync_actions includes replay (default: all).

Intercept Tools -- pausing and controlling live traffic

  • set_intercept_filter -- set a mitmproxy filter expression to intercept matching requests. Uses mitmproxy filter syntax: ~u example.com, ~m POST, ~u api & ~m GET. Pass empty string to disable.
  • get_intercepted_flows -- list flows currently paused by interception
  • resume_flow -- resume a single intercepted flow
  • resume_all -- resume all intercepted flows
  • drop_flow -- drop/kill an intercepted flow without forwarding it

Config Tools -- proxy settings

  • get_options -- get current mitmproxy option values. Pass specific keys or get curated defaults.
  • set_option -- set a mitmproxy option at runtime. Some dangerous options (listen_host, listen_port, mode, server, ssl_insecure) are blocked.
  • get_status -- get proxy status: version, listen address, mode, flow count, intercept settings.

Workflow Patterns

Basic traffic inspection

  1. Make sure mitmproxy is running and proxying the target traffic
  2. Use get_flows to see what has been captured
  3. Use get_flow_by_id to drill into specific requests/responses
  4. Use search_flows with a regex to find specific patterns

Replaying and modifying requests

  1. Find the flow you want with get_flows or search_flows
  2. Use replay_request to resend it exactly
  3. Or use modify_and_send to change headers, body, or URL before sending
  4. Compare the original and modified responses

Intercepting live traffic

  1. Set a filter with set_intercept_filter (e.g. ~u api.example.com & ~m POST)
  2. Wait for matching requests -- they will be paused
  3. Use get_intercepted_flows to see what is waiting
  4. Use resume_flow or drop_flow to control each one
  5. Use set_intercept_filter with empty string to stop intercepting

Important Notes

  • Sensitive data redaction is off by default. Enable with mcp_redact: true in mitmproxy config to redact tokens, passwords, API keys, and JWTs
  • Use mcp_view_sync_actions to control what syncs to mitmproxy's view (all, none, replay, clear, or replay,clear)
  • Request/response bodies are truncated to 10KB to prevent context overflow
  • All data is in-memory only -- cleared when mitmproxy stops
  • The proxy stores up to 1000 flows by default (oldest evicted first)
Installs
42
Repository
moha-abdi/mitmproxy-mcp
GitHub Stars
3
First Seen
Feb 7, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail