<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta  content="text/html; charset=utf-8" http-equiv="Content-Type"/>


<link  href="../01-bootstrap.min.css" type="text/css" rel="StyleSheet"/>
<link  href="../02-docstyle.css" type="text/css" rel="StyleSheet"/>
<link  href="../syntax.css" type="text/css" rel="StyleSheet"/>
<title>mitmproxy 0.9 - Sticky cookies and auth</title></head><body><div class="navbar navbar-fixed-top">
  <div class="navbar-inner">
    <div class="container">
      <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </a>
      <a class="brand" href="../index.html">mitmproxy 0.9 docs</a>
      </div><!--/.nav-collapse -->
    </div>
  </div>
</div>

<div class="container">
  <div class="row">
    <div class="span3">
      <div class="well sidebar-nav">
        <ul class="nav nav-list">
            <li><a href="../index.html">Introduction</a></li>
            <li><a href="../install.html">Installation</a></li>
            <li><a href="../howmitmproxy.html">How mitmproxy works</a></li>

            <li class="nav-header">Tools</li>
                <li><a href="../mitmproxy.html">mitmproxy</a></li>
                <li><a href="../mitmdump.html">mitmdump</a></li>

            <li class="nav-header">Features</li>
                <li><a href="anticache.html">Anticache</a></li>
                <li><a href="clientreplay.html">Client-side replay</a></li>
                <li><a href="filters.html">Filter expressions</a></li>
                <li><a href="proxyauth.html">Proxy Authentication</a></li>
                <li><a href="replacements.html">Replacements</a></li>
                <li><a href="serverreplay.html">Server-side replay</a></li>
                <li><a href="setheaders.html">Set Headers</a></li>
                <li class="active"><a href="sticky.html">Sticky cookies and auth</a></li>
                <li><a href="reverseproxy.html">Reverse proxy mode</a></li>
                <li><a href="upstreamcerts.html">Upstream Certs</a></li>

            <li class="nav-header">Installing Certificates</li>
                <li><a href="../ssl.html">Overview</a></li>
                <li><a href="../certinstall/firefox.html">Firefox</a></li>
                <li><a href="../certinstall/osx.html">OSX</a></li>
                <li><a href="../certinstall/windows7.html">Windows 7</a></li>
                <li><a href="../certinstall/ios.html">IOS</a></li>
                <li><a href="../certinstall/ios-simulator.html">IOS Simulator</a></li>
                <li><a href="../certinstall/android.html">Android</a></li>

            <li class="nav-header">Transparent Proxying</li>
                <li><a href="../transparent.html">Overview</a></li>
                <li><a href="../transparent/linux.html">Linux</a></li>
                <li><a href="../transparent/osx.html">OSX</a></li>

             <li class="nav-header">Tutorials</li>
                <li><a href="../tutorials/30second.html">Client playback: a 30 second example</a></li>
                <li><a href="../tutorials/gamecenter.html">Setting highscores on Apple's GameCenter</a></li>

            <li class="nav-header">Scripting mitmproxy</li>
                <li><a href="../scripting/inlinescripts.html">Inline Scripts</a></li>
                <li><a href="../scripting/libmproxy.html">libmproxy</a></li>

            <li class="nav-header">Hacking</li>
                <li><a href="../dev/testing.html">Testing</a></li>

        </ul>
      </div>
    </div>

    <div class="span9">
        <div class="page-header">
        <h1>Sticky cookies and auth</h1>
        </div>
        <h2>Sticky cookies</h2>

<p>When the sticky cookie option is set, <strong>mitmproxy</strong> will add the cookie most
recently set by the server to any cookie-less request. Consider a service that
sets a cookie to track the session after authentication. Using sticky cookies,
you can fire up mitmproxy, and authenticate to a service as you usually would
using a browser. After authentication, you can request authenticated resources
through mitmproxy as if they were unauthenticated, because mitmproxy will
automatically add the session tracking cookie to requests. Among other things,
this lets you script interactions with authenticated resources (using tools
like wget or curl) without having to worry about authentication. </p>

<p>Sticky cookies are especially powerful when used in conjunction with <a href="clientreplay.html">client
replay</a> - you can record the authentication
process once, and simply replay it on startup every time you need to interact
with the secured resources.</p>

<table class="table">
    <tbody>
        <tr>
            <th width="20%">command-line</th>
            <td>
                <ul>
                    <li>-t FILTER</li>
                </ul>
            </td>
        </tr>
        <tr>
            <th>mitmproxy shortcut</th> <td><b>t</b></td>
        </tr>
    </tbody>
</table>

<h2>Sticky auth</h2>

<p>The sticky auth option is analogous to the sticky cookie option, in that HTTP
<strong>Authorization</strong> headers are simply replayed to the server once they have been
seen. This is enough to allow you to access a server resource using HTTP Basic
authentication through the proxy. Note that <strong>mitmproxy</strong> doesn't (yet) support
replay of HTTP Digest authentication. </p>

<table class="table">
    <tbody>
        <tr>
            <th width="20%">command-line</th>
            <td>
                <ul>
                    <li>-u FILTER</li>
                </ul>
            </td>
        </tr>
        <tr>
            <th>mitmproxy shortcut</th> <td><b>u</b></td>
        </tr>
    </tbody>
</table>

    </div>
  </div>

  <hr>

  <footer>
    <p>© mitmproxy project, 2013</p>
  </footer>
</div>
</body></html>