If your target is behind a proxy, or you require a proxy to reach the
API for Mayhem for API, you can provide proxy information for the
mapi CLI. Support for common proxy environment variables follows:
|The address to use when initiating HTTP connection(s)|
|The address to use when initiating HTTPS connection(s)|
|Network address(es)/range(s) and domains to exclude from proxying|
Say you wish to capture all the communication between the fuzzer and your API. You
can place a proxy between Mayhem for API and your API such as
Charles Proxy (which listens on
default) to intercept and record all traffic.
HTTP_PROXY=http://localhost:8888 mapi run <target> ...
If your target is an
https, you can use the
HTTPS_PROXY=https://localhost:8888 mapi run <target> ...
https traffic may result in some certificate errors when the
CLI attempts to communicate with the API for Mayhem for API. This can be
resolved by ignoring certain addresses from being sent to the proxy with
NO_PROXY variable. For example:
HTTPS_PROXY=https://localhost:8888 \ NO_PROXY=mayhem4api.forallsecure.com \ mapi run <target> ...