zarp VS mitmproxy

Compare zarp vs mitmproxy and see what are their differences.

mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. (by mitmproxy)
Scout Monitoring - Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
zarp mitmproxy
1 153
1,415 34,857
- 1.5%
0.0 9.4
about 1 year ago 3 days ago
Python Python
GNU General Public License v3.0 or later MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

zarp

Posts with mentions or reviews of zarp. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-06.

mitmproxy

Posts with mentions or reviews of mitmproxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-05-24.
  • Apple's M4 Has Reportedly Adopted the ARMv9 Architecture
    3 projects | news.ycombinator.com | 24 May 2024
    Mainly this was just myself getting irritated at MS Teams and trying to figure out what it was doing. It was a couple years ago and my current company doesn't use teams, thankfully, so I can't really see if its still valid.

    From what I remember..

    There are files on the disk that get updated/overwritten with pulls from the server every time it launches. Somewhere in AppData I think. A few of these are config files (with lots of interesting looking settings, including beta features).

    One of the config entries specifies a telemetry endpoint (which, you _could_ figure out with a network tracing tool but there are a ton of MS telemetry endpoints your machine is probably talking to. Best to just grab the one explicitly being used from the config like this). I forget the full name of the setting but the name pretty clearly indicates its for telemetry, and the file is clearly a config file. If you can't find it just by browsing the structure, try a multi-file search tool and look for 'telemetry' or URL/hostnames.

    You can't really change the value on disk and make it just take effect from there, since it gets downloaded from the server and overwritten before Teams loads. There might be some tricks you can do locally to persist the change but nothing seemed to work for me. You could override response from server via mitmproxy but that requires finding where it comes across the wire at launch time and then building a script/config to replace it.

    Anyway, you can block that telemetry endpoint from a firewall and see your memory bloat. Or you can intercept that endpoint in any mitm proxy. I went with this [mitmproxy](https://mitmproxy.org/). From there you can capture the content it sends to the endpoint, or even change the response the server sends (Teams just seems to expect a 200 code back).

    The telemetry data itself is some kind of streaming event format. I think I even found documentation on the structure on some microsoft website, so its likely a reused format.

    It's pretty straightforward.

    I couldn't spend too much time on it and now it's not something I even use, but some cool things you might want to try if you dive deeper into this:

    - Overwrite the config file as it returns from the server, to turn on EU data protection, change various functionality you're not supposed to, or flip some feature flags.

    - Figure out if there's a feature flag or even other overwrite to fully disable the metrics so they aren't even collected, from anywhere in the app.

    - Intercept telemetry, return an 'OK' response and drop the data from telemetry, or maybe document what they collect more definitively if you think there's interest somewhere. This keeps your privacy but doesn't really do anything for performance.

    - Interfere with the data before actually returning it, maybe try playing with event contents and channel/user indicators. Microsoft probably won't like this if they notice, but it's unlikely they'll even notice.

  • Ask HN: Fiddler Alternatives
    1 project | news.ycombinator.com | 14 Mar 2024
  • Bruno
    20 projects | news.ycombinator.com | 9 Mar 2024
  • AirBnb Wifi Safety Precaution needed?
    1 project | /r/AskNetsec | 6 Dec 2023
    This statement gives a false sense of security. You can use a transparent proxy, like mitmproxy, to view HTTPS traffic - https://mitmproxy.org/. https://reedmideke.github.io/networking/2021/01/04/mitmproxy-openwrt.html
  • WORKING tutorial on how to enable iOS voice chat RIGHT NOW
    1 project | /r/ChatGPT | 3 Oct 2023
    You'll need to install mitmproxy and set it up on your computer and iOS. I won't go into too much detail here on how to do this, but there are plenty of guides available. This is a pretty good one: https://nadav.ca/2021/02/26/inspecting-an-iphone-s-https-traffic/
  • mitmproxy VS petep - a user suggested alternative
    2 projects | 3 Oct 2023
  • Upside-Down-Ternet (2006)
    1 project | news.ycombinator.com | 2 Oct 2023
    TIL this goes back to 2006, how cool! We nowadays have a much simpler version as a mitmproxy example: https://github.com/mitmproxy/mitmproxy/blob/main/examples/ad.... Although it obviously does not work as well anymore with everything being HTTPS nowadays (unless you trust the cert of course). :)
  • Ask Dang: What Has Happened with HN's HTTPS Recently?
    1 project | news.ycombinator.com | 13 Sep 2023
    Perhaps you could have your device use a proxy that can do the HTTPS unwrap for you? https://mitmproxy.org/ maybe?
  • How to implement SSL/TLS pinning in Node.js
    2 projects | dev.to | 29 Aug 2023
    A great way to test the effectiveness of a pinning implementation is by simulating an MITM attack. Tools like Mitmproxy or Wireshack allow us to create a test environment to monitor, intercept, and proxy network requests for a test host.
  • Evading JavaScript Anti-Debugging Techniques
    4 projects | news.ycombinator.com | 1 Aug 2023

What are some alternatives?

When comparing zarp and mitmproxy you can also consider the following projects:

masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Wireshark - Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.

Shadowrocket-ADBlock-Rules - 提供多款 Shadowrocket 规则,带广告过滤功能。用于 iOS 未越狱设备选择性地自动翻墙。

bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

IOXY - MQTT intercepting proxy

ZAP - The ZAP core project

grml - Grmls core configuration files for zsh, vim, screen…

mockttp - Powerful friendly HTTP mock server & proxy library

perf-tools - Performance analysis tools based on Linux perf_events (aka perf) and ftrace

httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac :tada: Open an issue here to give feedback or ask for help.

MITMf - Framework for Man-In-The-Middle attacks

Scout Monitoring - Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured