Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/mitmproxy

Name: mitmproxy
Author: aeondave

offensive-tools/network/mitmproxy/SKILL.md

npx skillsauth add aeondave/malskill mitmproxy

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

mitmproxy

Interactive HTTP/HTTPS MITM proxy.

Quick Start

mitmproxy -p 8080
mitmweb -p 8080
mitmdump -p 8080 -w traffic.dump

Install CA cert: browse to http://mitm.it while proxy is running.

Modes

| Mode | Command | Use case | |------|---------|----------| | Regular proxy | mitmproxy | Browser/tool proxying | | Transparent | --mode transparent | Intercept without proxy config | | Reverse | --mode reverse:http://target | Reverse proxy | | SOCKS5 | --mode socks5 | SOCKS proxy |

TUI Keybindings

| Key | Action | |-----|--------| | Enter | Inspect request | | e | Edit request/response | | r | Replay request | | f | Set filter | | i | Set intercept filter |

Python Addon

from mitmproxy import http

def request(flow: http.HTTPFlow):
    if flow.request.method == "POST":
        print(flow.request.pretty_url, flow.request.get_text())

mitmproxy -s addon.py

Useful Addons

# Dump all POST bodies
from mitmproxy import http

def request(flow: http.HTTPFlow):
    if flow.request.method == "POST":
        with open("posts.txt", "a") as f:
            f.write(f"{flow.request.pretty_url}\n{flow.request.get_text()}\n---\n")

# Modify response (e.g. replace token)
def response(flow: http.HTTPFlow):
    if "api/auth" in flow.request.pretty_url:
        flow.response.text = flow.response.text.replace(
            '"role":"user"', '"role":"admin"'
        )

# Add header to all requests (e.g. auth bypass)
def request(flow: http.HTTPFlow):
    flow.request.headers["X-Admin"] = "true"
    flow.request.headers["X-Forwarded-For"] = "127.0.0.1"

Transparent Proxy Setup (Linux)

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Redirect traffic to mitmproxy (iptables)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

# Start in transparent mode
mitmproxy --mode transparent --showhost -p 8080

CLI Filtering (mitmdump)

# Capture only POST requests
mitmdump -p 8080 -w traffic.dump "~m POST"

# Capture by domain
mitmdump -p 8080 -w traffic.dump "~d example.com"

# Show only responses with 2xx status
mitmdump -p 8080 "~s ~c 2"

Resources

| File | When to load | |------|--------------| | references/addons.md | Full addon API reference, filter syntax, transparent proxy iptables, upstream proxy chaining |

aeondave/mitmproxy

offensive-tools/network/mitmproxy/SKILL.md

mitmproxy: interactive TLS-capable HTTP/HTTPS proxy for intercepting, inspecting, modifying, and replaying web traffic. Use when proxying application traffic during web app tests, modifying requests/responses on the fly, or scripting request interception with Python addons.

3 stars

development

Updated May 19, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill mitmproxy

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 19, 2026, 4:49 AM264.9s2 files scanned

SKILL.md

name:: mitmproxy
description:: mitmproxy: interactive TLS-capable HTTP/HTTPS proxy for intercepting, inspecting, modifying, and replaying web traffic. Use when proxying application traffic during web app tests, modifying requests/responses on the fly, or scripting request interception with Python addons.
license:: MIT
compatibility:: Linux / macOS / Windows. pip install mitmproxy. Python 3.8+.
author:: AeonDave
version:: 1.1

mitmproxy

Interactive HTTP/HTTPS MITM proxy.

Quick Start

mitmproxy -p 8080
mitmweb -p 8080
mitmdump -p 8080 -w traffic.dump

Install CA cert: browse to http://mitm.it while proxy is running.

Modes

TUI Keybindings

| Key | Action | |-----|--------| | Enter | Inspect request | | e | Edit request/response | | r | Replay request | | f | Set filter | | i | Set intercept filter |

Python Addon

from mitmproxy import http

def request(flow: http.HTTPFlow):
    if flow.request.method == "POST":
        print(flow.request.pretty_url, flow.request.get_text())

mitmproxy -s addon.py

Useful Addons

# Dump all POST bodies
from mitmproxy import http

def request(flow: http.HTTPFlow):
    if flow.request.method == "POST":
        with open("posts.txt", "a") as f:
            f.write(f"{flow.request.pretty_url}\n{flow.request.get_text()}\n---\n")

# Modify response (e.g. replace token)
def response(flow: http.HTTPFlow):
    if "api/auth" in flow.request.pretty_url:
        flow.response.text = flow.response.text.replace(
            '"role":"user"', '"role":"admin"'
        )

# Add header to all requests (e.g. auth bypass)
def request(flow: http.HTTPFlow):
    flow.request.headers["X-Admin"] = "true"
    flow.request.headers["X-Forwarded-For"] = "127.0.0.1"

Transparent Proxy Setup (Linux)

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Redirect traffic to mitmproxy (iptables)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

# Start in transparent mode
mitmproxy --mode transparent --showhost -p 8080

CLI Filtering (mitmdump)

# Capture only POST requests
mitmdump -p 8080 -w traffic.dump "~m POST"

# Capture by domain
mitmdump -p 8080 -w traffic.dump "~d example.com"

# Show only responses with 2xx status
mitmdump -p 8080 "~s ~c 2"

Resources

| File | When to load | |------|--------------| | references/addons.md | Full addon API reference, filter syntax, transparent proxy iptables, upstream proxy chaining |

Related Skills

aeondave/offensive-linux-role

data-ai

VerifiedTrustedCommunity

Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.

4SKILL.mdUpdated Jun 5, 2026

aeondave/offensive-linux-role

aeondave/ics-technique

development

VerifiedTrustedCommunity

Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).

4SKILL.mdUpdated Jun 2, 2026

aeondave/ics-technique

aeondave/game-technique

tools

VerifiedTrustedCommunity

Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).

4SKILL.mdUpdated Jun 2, 2026

aeondave/game-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 2, 2026

aeondave/hardware-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/network/mitmproxy ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

3 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT