HTTP Proxy Configuration

If your target is behind a proxy, or you require a proxy to reach the API for Mayhem for API, you can provide proxy information for the mapi CLI. Support for common proxy environment variables follows:

Environment VariableDescription
HTTP_PROXYThe address to use when initiating HTTP connection(s)
HTTPS_PROXYThe address to use when initiating HTTPS connection(s)
NO_PROXYNetwork address(es)/range(s) and domains to exclude from proxying


Say you wish to capture all the communication between the fuzzer and your API. You can place a proxy between Mayhem for API and your API such as Charles Proxy (which listens on localhost:8888 by default) to intercept and record all traffic.

HTTP_PROXY=http://localhost:8888 mapi run <target> ... 

If your target is an https, you can use the HTTPS_PROXY variable:

HTTPS_PROXY=https://localhost:8888 mapi run <target> ... 

If your proxy server requires authentication with username and password, you must include the credentials:

https_proxy=http://username:password@localhost:8888 mapi run <target> ...

For SOCKS5 proxy servers, you must specify the socks5 protocol in the URL:


Proxying https traffic may result in some certificate errors when the CLI attempts to communicate with the API for Mayhem for API. This can be resolved by ignoring certain addresses from being sent to the proxy with the NO_PROXY variable. For example:

HTTPS_PROXY=https://localhost:8888 \ \
 mapi run <target> ...