Applying mitmproxy for Mobile Advertising Testing and Custom Field Validation

In mobile advertising testing, capturing and analyzing ad requests often relies on tools like Fiddler and Charles, which have platform limitations, cost issues, and difficulties handling encrypted protocols or validating numerous fields efficiently.

mitmproxy, an open‑source Python‑based proxy, provides a flexible solution with a programmable API, allowing custom scripts to control requests and responses, overcoming the shortcomings of traditional tools.

mitmproxy operates as a man‑in‑the‑middle (MITM) proxy, forwarding traffic like a normal proxy while optionally recording or modifying intercepted data. It includes two companion tools: mitmdump for command‑line scripting and mitmweb for a visual interface.

The proxy supports five modes—forward, transparent, reverse, upstream, and SOCKS—but forward proxy is commonly used for testing, where the client sends requests to mitmproxy, which then forwards them to the origin server and returns the responses.

Using HTTPS as an example, the article outlines the step‑by‑step handshake: the client connects to mitmproxy, initiates an SSL/TLS handshake using SNI, mitmproxy establishes a TLS connection to the server, generates an interception certificate, and then relays the encrypted traffic.

For practical application, the article shows how to automate multi‑field validation by creating an addons.py file containing addon classes (e.g., SemiNativeCSJAd ) that implement request and response event handlers. Shared validation logic is extracted into a common method ( semiNativeCSJfieldCheck ), enabling efficient, repeatable checks across many ad fields.

To address encryption challenges, the workflow intercepts a request, extracts a field, decrypts a secret using RSA, encrypts local ad content with AES using the derived key, and finally returns the encrypted ad to the client via mitmproxy.

Overall, mitmproxy’s extensibility through Python scripts makes it a powerful “capture tool” for mobile ad testing, improving efficiency, reducing manual effort, and handling complex encryption scenarios.