OpenTV Enterprise Integration Tool

mitmproxy-based HTTP capture & OpenAPI validation service

home
1

Configure your device to use the proxy

required

Set your browser, device, or application's HTTP/HTTPS proxy to the address below. The IP is an Elastic IP — it does not change between redeploys.

Proxy 52.200.113.73:443
  • Browser: Use Firefox — it has its own proxy settings independent of Windows, so you can run a proxied and a non-proxied browser at the same time. Go to Settings → Network Settings → Manual proxy and set HTTP proxy to 52.200.113.73, port 443. (Chrome and Edge share the Windows system proxy — every window gets proxied if you set it there.)
  • Android phone / iPhone: Settings → Wi-Fi → tap your network → Proxy → Manual. Enter 52.200.113.73 as host and 443 as port.
  • Android TV / Fire TV: Use ADB — adb shell settings put global http_proxy 52.200.113.73:443. To remove later: adb shell settings put global http_proxy :0.
  • Tizen (Samsung TV) / WebOS (LG TV): Open the TV browser DevTools or the TV's network settings and configure a manual HTTP proxy with the address above.
  • Custom app / script: Set HTTP_PROXY=http://52.200.113.73:443 and HTTPS_PROXY=http://52.200.113.73:443 in your environment.
2

Install the mitmproxy CA certificate

required for HTTPS

To capture HTTPS traffic the proxy needs to intercept TLS. Install its CA cert so your device trusts it.

  • With the proxy configured, open your browser and go to http://mitm.it — this page is served locally by mitmproxy, no internet access needed.
  • Download the certificate for your platform (Windows, macOS, iOS, Android, Firefox…).
  • Install and mark it as trusted in your OS certificate store or browser trust store.
  • Verify: visit any https:// site — if the connection succeeds without a warning, the cert is trusted.
Your dedicated port: Each tester has their own mitmdump process. Nobody else captures on your port, and your results are visible only to you.
Note: On Android 7+ and some apps, user-installed CAs are not trusted by default for app traffic. You may need a rooted device or a debug build with networkSecurityConfig set to trust user CAs.
Proxy-enabled app build required: Most Android and iOS apps ignore the system Wi-Fi proxy and send traffic directly. Use the proxy-enabled build of the app to ensure its traffic is routed through mitmproxy.
3

Verify traffic is being captured

sanity check

Browse or use your application normally. Open the mitmweb UI to confirm requests are appearing in real time.

mitmweb 52.200.113.73:8081
  • You should see HTTP and HTTPS flows appearing as you generate traffic.
  • Flows are written to the EC2 instance and synced to S3 automatically — no action needed.
  • If no flows appear, double-check that the proxy is set correctly and the certificate is trusted.
4

Review the validation pipeline

automated · runs every minute

An Airflow DAG runs every minute and automatically validates captured flows against the loaded OpenAPI specs. No manual trigger is needed after the first boot — results appear in the Validations page within ~2 minutes of capture.

Airflow 52.200.113.73/airflow
  • DAG: validation_pipeline — four tasks in sequence: base validation → rule validation → analytics cleaner → aggregator.
  • Rules are loaded from the S3 key config/validation/rules.yaml. Edit locally and re-upload to S3 to update without a redeploy.
  • OpenAPI specs are loaded from config/oas_docs/ in S3.
Tip: The first validation run after boot may take up to 2 minutes to start while Airflow initialises.