MITMProxy Plugin for Hackers

May 4, 2025 - ⧖ 1 min
🗒️

Introducing a custom MITMProxy plugin designed for hackers, pentesters, and bug hunters. This tool enhances your pentesting and CTF hacking capabilities with automated features and custom commands.

Git Repository:
https://git.sr.ht/~rek2/mitmproxy_hacking

Features

  • Automatic Extraction: As you browse using MITMProxy, the plugin automatically extracts comments and links from the target.
  • Dirbusting: Perform directory brute-forcing using custom wordlists.
  • Sticky Cookie: Set a persistent cookie from a cookie.txt file for all requests.
  • Nikto Scan: Initiate a Nikto scan directly from MITMProxy.

Installation

  1. Load the Plugin:
    mitmproxy -s hacking.py

  2. Configure MITMProxy:
    Move the config folder to its proper location and create a symlink:

    mv ~/.mitmproxy ~/.config/mitmproxy
ln -sf ~/.config/mitmproxy ~/.mitmproxy

  3. Update config.yaml:
    Add the path to your custom plugin:

    scripts:
  - ./path/to/hacking.py

Usage

  • Start MITMProxy:
    mitmproxy

  • Dirbusting:
    :hacking.dirbust @focus /path/to/your/wordlist.txt

    Replace /path/to/your/wordlist.txt with your wordlist file path.

  • Sticky Cookie:

    • Activate: :hacking.stickcookie on
    • Deactivate: :hacking.stickcookie off

    Ensure a cookie.txt file is present in the specified path.

  • Nikto Scan:
    :hacking.nikto @focus

Important Notes

  • Always understand the tools you use. Refer to the MITMProxy documentation:
    https://docs.mitmproxy.org/stable/

  • Remember, hacking is not a crime. https://www.hackingisnotacrime.org/

Stay true to the hacker ethics, and happy hacking!