PyPI removes ‘mitmproxy2’ over code execution concerns

Be very careful what you download. I use mitmproxy for demo purposes when I want to hammer home the point about networks being insecure. My favourite trick is to replace a particular word in a website page e.g. ‘Putin’ to ‘Tinkywinky’…:

The PyPI repository has removed a Python package called ‘mitmproxy2’ that was an identical copy of the official “mitmproxy” library, but with an “artificially introduced” code execution vulnerability. The ‘mitmproxy’ Python package is a free and open-source interactive HTTPS proxy […]

Original Article