sniff own https traffic

In a Java programming project I needed to see what SOAP request my application sends out to a server. Everything soapy was done inside a 3rd-party-library and I couldn't make it log the request to the console.

So what I did was using a tool called mitmproxy. This provides a man-in-the-middle proxy server that accepts HTTP calls and can forward them via HTTPS.

First you need to create a configuration file. Mine is named httpser.py and looks like this (it actually is a python program):

def request(context, flow):
  flow.request.scheme = 'https'
  flow.request.port = 443

Then fire up the server by running:

mitmproxy -s httpser.py

Now tell your Java program to use a http proxy server by starting it with these JVM parameters:

-Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080

To learn how to use mitmproxy's UI, check out their website.