mitmproxy
Interactive TLS-capable HTTP(S) proxy with console, web, and scriptable interception.
Why it is included
Gold-standard open tool for debugging and assessing mobile/web TLS traffic ethically.
Best for
Mobile app assessments, API reviews, and TLS pinning analysis in scope.
Strengths
- Python addons
- Transparent mode
- Great docs
Limitations
- Certificate trust required on device under test
Good alternatives
OWASP ZAP · Burp (proprietary)
Related tools
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
bettercap
Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.
Security & Privacy
testssl.sh
CLI probe of TLS/SSL ciphers, protocols, headers, and common misconfigurations on any TCP listener.
Security & Privacy
OpenSSL
TLS and cryptography toolkit underpinning HTTPS, SSH adjacency, and certificate workflows.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.