fiddleitm: Detect Malicious Web Traffic with Open-Source MITM Proxy
▼ Summary
– fiddleitm is an open-source tool built on mitmproxy that detects malicious web traffic by analyzing HTTP requests and responses for known threat patterns.
– Created by Jérôme Segura, fiddleitm is designed for security researchers and offers cross-platform compatibility and extensibility.
– The tool uses a rule system (from GitHub and local files) to identify threats, alerts users via the mitmproxy console, and logs findings in rules.log.
– Features include customizable request headers, a “traffic lite” mode to filter common files, and the ability to update rules without restarting.
– Future plans include improving user experience, adding API-based automation, and collaborating with mitmproxy to integrate native features.
Fiddleitm is an open-source MITM proxy tool designed to identify suspicious web traffic patterns that could indicate malware, phishing attempts, or other cyber threats. Built as an extension for mitmproxy, it provides security researchers with a powerful way to analyze HTTP requests and responses in real time.
The tool was developed by security researcher Jérôme Segura as a cross-platform alternative to similar solutions. What sets fiddleitm apart is its flexible rule-based detection system, which scans traffic using predefined patterns from both a GitHub repository and customizable local configuration files. When potential threats are detected, alerts appear in the mitmproxy console and get logged for later review.
Key features include the ability to modify request headers—such as User-Agent and Referer—for testing different traffic scenarios. A “traffic lite” mode helps reduce clutter by filtering out common media files, allowing users to focus on high-risk data. The tool also supports automatic updates, letting users refresh rules and recheck traffic without restarting the session.
Segura emphasizes that fiddleitm’s strength lies in combining traffic capture with threat classification, backed by community-driven detection rules. Future updates may introduce API-driven automation and deeper integration with mitmproxy’s core functionality.
Available for free on GitHub, fiddleitm serves as a valuable resource for cybersecurity professionals looking to analyze and replay malicious web activity efficiently.
For those interested in open-source security tools, staying updated with the latest developments can provide a competitive edge in threat detection and mitigation.
(Source: HELPNET SECURITY)
