How MITMproxy has been slaying SSL Dragons

Monday, April 16th, 2012 | Jim Cheetham | Comments Off on How MITMproxy has been slaying SSL Dragons

I’ve just returned from the excellent OWASP regional conference in Sydney (the one with the long name of OWASP AppSec AsiaPac 2012), where I presented “How MITMproxy has been slaying SSL Dragons“.

The presentation covered the basics of what MITMproxy is (a developers/pen-testers HTTPS interception/modification proxy), why such software is useful, and what MITMproxy itself is especially good at.

The section on how to use MITMproxy ran about 90% successfully over the live Internet, which is always a risk for a demo at a conference!

The slides are available here, as the original LibreOffice ODP format, or as a PDF. They are Copyright © The University of Otago, released under the CC By-SA 3.0 NZ license.

LCA2012 — MITMproxy presentation

Thursday, January 26th, 2012 | Jim Cheetham | Comments Off on LCA2012 — MITMproxy presentation

At the LCA2012 conference earlier this year I presented “MITMproxy — use and abuse of a hackable SSL-capable man-in-the-middle proxy“.

The video of the talk is now available in a number of places :-

MITMproxy is a python-based console tool to help you inspect & alter the HTTP conversation between a client and a server, regardless of whether it is over HTTPS or not. “It is not an attack tool”, but instead is a powerful tool for debugging applications at either end of the conversation.

Giving a talk at an LCA conference is excellent fun, and very rewarding. I have 6 months to come up with my next submissions!