mit­m­dump is a proxy which can store and mod­i­fy content.

Change content of a third-party site

Sce­nario:

• You want to manip­u­late some con­tent from a web­site $tar­get visits.

1. Per­form ARP-pois­en­ing with Bet­ter­cap, Etter­cap, the http_hijack.py script or some­how else.
2. Start mit­m­dump in trans­par­ent mode:
   mitmdump --mode transparent --replace /~s/wars/trek/
   or alter­na­tive­ly to read the new con­tent from a file. Note that the sep­a­ra­tor char­ac­ter can be changed.
   mitmdump --mode transparent --replace :~s:wars:@/tmp/trekfile:

This replaces all strings wars with trek in the respons­es (~s) fil­ter. See here for all fil­ter expres­sions. Note that you prob­a­bly want to cre­ate a very spe­cif­ic fil­ter expres­sion to not cre­ate side effects or prob­lems with oth­er pages.

Remove HTTPS references

Add the -s sslstrip.py com­mand and do the same as before in the change con­tent section.