HTTP Proxy Configuration
If your target is behind a proxy, or you require a proxy to reach the
API for Mayhem for API, you can provide proxy information for the
mapi CLI. Support for common proxy environment variables follows:
| Environment Variable | Description |
|---|---|
HTTP_PROXY | The address to use when initiating HTTP connection(s) |
HTTPS_PROXY | The address to use when initiating HTTPS connection(s) |
NO_PROXY | Network address(es)/range(s) and domains to exclude from proxying |
Examples
Say you wish to capture all the communication between the fuzzer and your API. You
can place a proxy between Mayhem for API and your API such as
Charles Proxy (which listens on localhost:8888 by
default) to intercept and record all traffic.
HTTP_PROXY=http://localhost:8888 mapi run <target> ...
If your target is an https, you can use the HTTPS_PROXY variable:
HTTPS_PROXY=https://localhost:8888 mapi run <target> ...
If your proxy server requires authentication with username and password, you must include the credentials:
https_proxy=http://username:password@localhost:8888 mapi run <target> ...
For SOCKS5 proxy servers, you must specify the socks5 protocol in the
URL:
https_proxy=socks5://socksproxy.example.com
Proxying https traffic may result in some certificate errors when the
CLI attempts to communicate with the API for Mayhem for API. This can be
resolved by ignoring certain addresses from being sent to the proxy with
the NO_PROXY variable. For example:
HTTPS_PROXY=https://localhost:8888 \
NO_PROXY=mayhem4api.forallsecure.com \
mapi run <target> ...