Filter expressions

Many commands in mitmproxy and mitmdump take a filter expression. Filter expressions consist of the following operators:

Expression Description
~a Match asset in response: CSS, Javascript, Flash, images.
~b regex Body
~bq regex Request body
~bs regex Response body
~c int HTTP response code
~d regex Domain
~dst regex Match destination address
~e Match error
~h regex Header
~hq regex Request header
~hs regex Response header
~http Match HTTP flows
~m regex Method
~marked Match marked flows
~q Match request with no response
~s Match response
~src regex Match source address
~t regex Content-type header
~tcp Match TCP flows
~tq regex Request Content-Type header
~ts regex Response Content-Type header
~u regex URL
~websocket Match WebSocket flows
! unary not
& and
| or
(...) grouping
  • Regexes are Python-style
  • Regexes can be specified as quoted strings
  • Header matching (~h, ~hq, ~hs) is against a string of the form “name: value”.
  • Strings with no operators are matched against the request URL.
  • The default binary operator is &.

Examples

URL containing “google.com”:

google\.com

Requests whose body contains the string “test”:

~q ~b test

Anything but requests with a text/html content type:

!(~q & ~t "text/html")