I’ve just returned from the excellent OWASP regional conference in Sydney (the one with the long name of OWASP AppSec AsiaPac 2012), where I presented “How MITMproxy has been slaying SSL Dragons“.
The presentation covered the basics of what MITMproxy is (a developers/pen-testers HTTPS interception/modification proxy), why such software is useful, and what MITMproxy itself is especially good at.
The section on how to use MITMproxy ran about 90% successfully over the live Internet, which is always a risk for a demo at a conference!
The slides are available here, as the original LibreOffice ODP format, or as a PDF. They are Copyright © The University of Otago, released under the CC By-SA 3.0 NZ license.
At the LCA2012 conference earlier this year I presented “MITMproxy — use and abuse of a hackable SSL-capable man-in-the-middle proxy“.
The video of the talk is now available in a number of places :-
MITMproxy is a python-based console tool to help you inspect & alter the HTTP conversation between a client and a server, regardless of whether it is over HTTPS or not. “It is not an attack tool”, but instead is a powerful tool for debugging applications at either end of the conversation.
Giving a talk at an LCA conference is excellent fun, and very rewarding. I have 6 months to come up with my next submissions!