Setup mitmproxy to Intercept HTTP Traffic from ASP.NET Core on Windows

Learn how to use mitmproxy to inspect and debug outbound HTTP traffic from an ASP.NET Core application — useful for troubleshooting API calls, webhook payloads, and third-party integrations.

What is mitmproxy?

mitmproxy is a free, open-source interactive HTTPS proxy. It lets you intercept, inspect, modify, and replay HTTP/HTTPS traffic between your application and external services. This is extremely useful when debugging API calls made by your ASP.NET Core app.

Prerequisites

Windows 10/11
.NET SDK installed (dotnet --version to verify)
Administrator access (needed to trust the CA certificate)

Step 1 — Install mitmproxy

Download and install mitmproxy from the official site: https://mitmproxy.org/

On Windows you can also install via winget, Chocolatey, or Scoop:
```
# winget
winget install mitmproxy

# Chocolatey
choco install mitmproxy

# Scoop
scoop install mitmproxy
```
Verify the installation:
```
mitmproxy --version
```

Step 2 — Trust the mitmproxy CA certificate

mitmproxy generates its own Certificate Authority (CA) on first run so it can decrypt HTTPS traffic. Your machine and your .NET app need to trust this CA.

Run mitmproxy once so it generates the CA certificate files:
```
mitmproxy
```
Then close it (q → y). The certificate files are now at:
```
C:\Users\<your-username>\.mitmproxy\
```
Import the certificate into the Windows certificate store:

Open certlm.msc (Manage Computer Certificates) as Administrator, then:
- Navigate to Trusted Root Certification Authorities → Certificates
- Right-click → All Tasks → Import…
- Browse to the certificate file:
```
C:\Users\<your-username>\.mitmproxy\mitmproxy-ca-cert.cer
```
- Complete the wizard, placing it in Trusted Root Certification Authorities
Why? Without this step, HTTPS connections through the proxy will fail with certificate validation errors.

Step 3 — Start mitmproxy

mitmproxy ships with three UIs — choose whichever you prefer:

Command	Description
`mitmproxy`	Terminal-based interactive UI
`mitmweb`	Browser-based UI (opens on `:8081`)
`mitmdump`	Non-interactive, good for scripting

Basic start (intercept everything)

mitmweb --mode regular

Filter to specific hosts

Use --allow-hosts to only intercept traffic to certain domains (regex-based). This avoids noise from unrelated requests:

mitmweb --allow-hosts ".*\.azurestaticapps\.net" --allow-hosts ".*\.blob\.core\.windows\.net" --allow-hosts ".*\.episerver\.net" --mode regular

By default mitmproxy listens on port 8080 for proxy traffic and port 8081 for the web UI.

Step 4 — Configure your ASP.NET Core app to use the proxy

.NET respects the standard HTTP_PROXY / HTTPS_PROXY environment variables. There are several ways to set them.

Option A — Set environment variables before running

Bash (Linux / macOS / WSL):

export HTTP_PROXY=http://localhost:8080
export HTTPS_PROXY=http://localhost:8080
dotnet run

Command Prompt (Windows):

set HTTP_PROXY=http://localhost:8080
set HTTPS_PROXY=http://localhost:8080
dotnet run

PowerShell:

$env:HTTP_PROXY="http://localhost:8080"
$env:HTTPS_PROXY="http://localhost:8080"
dotnet run

Option B — Set in `launchSettings.json`

This keeps the proxy config with your project so you don't have to set it every time. Edit Properties/launchSettings.json:

{
  "profiles": {
    "MyApp": {
      "commandName": "Project",
      "environmentVariables": {
        "HTTP_PROXY": "http://localhost:8080",
        "HTTPS_PROXY": "http://localhost:8080"
      }
    }
  }
}

Tip: Add launchSettings.json to .gitignore or use a separate profile so you don't accidentally commit proxy settings.

Option C — Configure the proxy in code

If you need fine-grained control (e.g., only certain HttpClient instances should use the proxy), configure it explicitly:

var proxy = new WebProxy
{
    Address = new Uri("http://localhost:8080")
};

var httpClientHandler = new HttpClientHandler
{
    Proxy = proxy,
};

var httpClient = new HttpClient(httpClientHandler);

// All requests made with this httpClient will go through mitmproxy
var response = await httpClient.GetAsync("https://api.example.com/data");

Note: If you skipped trusting the CA certificate (Step 2), you can bypass certificate validation in development only by adding:
httpClientHandler.ServerCertificateCustomValidationCallback =
    HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
Never use this in production — it disables all certificate checks and opens you up to real man-in-the-middle attacks.

Step 5 — Verify it works

Start mitmproxy with the web UI:
```
mitmweb --mode regular
```
Run your ASP.NET Core app with the proxy environment variables set.
Trigger an outbound HTTP request in your app (e.g., call an external API).
Open http://localhost:8081 in your browser — you should see the intercepted request with full headers, body, and response.

Troubleshooting

Problem	Solution
SSL certificate problem: unable to get local issuer certificate	The CA cert is not trusted. Repeat Step 2.
No traffic appears in mitmproxy	Verify `HTTP_PROXY` / `HTTPS_PROXY` are set in the correct terminal session. Run `echo $HTTP_PROXY` to check.
Connection refused on port 8080	Make sure mitmproxy is running before your app.
Only want to inspect specific hosts	Use `--allow-hosts` with a regex pattern (see Step 3).
.NET `HttpClient` ignores proxy env vars	Some custom `HttpClientHandler` configurations or `IHttpClientFactory` setups may not respect env vars — use Option C to set the proxy explicitly.