mitmproxy | 易学教程

Trouble setting up port forwarding for transparent proxy on Mac OS X

阅读更多关于 Trouble setting up port forwarding for transparent proxy on Mac OS X

I'm trying to set up a transparent proxy on my Mac OS X Lion (10.7.5), so I can use mitmproxy (to intercept SSL traffic from android applications). I followed the steps in the mitmproxy docs for setting up port forwarding with pf on Mac OS X , and they all went without any errors: $ sudo sysctl -w net.inet.ip.forwarding=1 Password: net.inet.ip.forwarding: 0 -> 1 $ sudo pfctl -f pf.conf No ALTQ support in kernel ALTQ related functions disabled $ sudo pfctl -e No ALTQ support in kernel ALTQ related functions disabled pf enabled But it doesn't seem to have had any effect. When I go to websites in

How to capture HTTP request / response headers with mitmproxy?

阅读更多关于 How to capture HTTP request / response headers with mitmproxy?

I have been able to capture the HTTP(s) traffic from a smartphone and also stored this traffic using mitmdump using the command mitmdump -w outfile This seems to dump the HTTP body along with the headers as well. I am interested in capturing only the headers, prefarably as a single csv row (or json string). How can I do that? Yet another derived snippet based on previous responses and updated to python3: def response(flow): print("") print("="*50) #print("FOR: " + flow.request.url) print(flow.request.method + " " + flow.request.path + " " + flow.request.http_version) print("-"*50 + "request

Mitmproxy tampering GET and POST request/response in one script

阅读更多关于 Mitmproxy tampering GET and POST request/response in one script

A POST request to a certain url( http://test.com ) is like: { "messageType": "OK", "city": { "Name": "Paris", "Views": { "1231": { "id": 4234, "enableView": false }, }, "Views": [5447, 8457], "messages": [{ "id": "message_6443", "eTag": 756754338 }] }, "client": { "Id": 53, "email": "test@test.us", "firstName": "test", "lastName": "test", "id": 52352352, "uuid": "5631f-grdeh4", "isAdmin": false, I need to intercept that and change "isAdmin" to true. And a GET request to a certain url ( https://test.com/profiles/ {Random_Numbers}/id}) has a 'response' [decoded gzip] JSON { "id": 0, "Code":

MITMProxy: smart URL replacement

阅读更多关于 MITMProxy: smart URL replacement

问题 We use a custom scraper that have to take a separate website for a language (this is an architecture limitation). Like site1.co.uk, site1.es, site1.de etc. But we need to parse a website with many languages, separated by url - like site2.com/en, site2.com/de, site2.com/es and so on. I thought about MITMProxy: I could redirect all requests this way: en.site2.com/* --> site2.com/en de.site2.com/* --> site2.com/de ... I have written a small script which simply takes URLs and rewrites them: class

Mitmproxy tampering GET and POST request/response in one script

阅读更多关于 Mitmproxy tampering GET and POST request/response in one script

问题 A POST request to a certain url(http://test.com) is like: { "messageType": "OK", "city": { "Name": "Paris", "Views": { "1231": { "id": 4234, "enableView": false }, }, "Views": [5447, 8457], "messages": [{ "id": "message_6443", "eTag": 756754338 }] }, "client": { "Id": 53, "email": "test@test.us", "firstName": "test", "lastName": "test", "id": 52352352, "uuid": "5631f-grdeh4", "isAdmin": false, I need to intercept that and change "isAdmin" to true. And a GET request to a certain url (https:/

Change URL to another URL using mitmproxy

阅读更多关于 Change URL to another URL using mitmproxy

问题 I am trying to redirect one page to another by using mitmproxy and Python. I can run my inline script together with mitmproxy without issues, but I am stuck when it comes to changing the URL to another URL. Like if I went to google.com it would redirect to stackoverflow.com def response(context, flow): print("DEBUG") if flow.request.url.startswith("http://google.com/"): print("It does contain it") flow.request.url = "http://stackoverflow/" This should in theory work. I see http://google.com/

ImportError: No module named 'thread'

阅读更多关于 ImportError: No module named 'thread'

问题 when I run mitmproxy command in command line, I get the following error. % mitmproxy Traceback (most recent call last): File "/usr/local/bin/mitmproxy", line 7, in <module> from libmproxy.main import mitmproxy File "/usr/local/lib/python3.5/site-packages/libmproxy/main.py", line 5, in <module> import thread ImportError: No module named 'thread' I googled this error and found this stackoverflow Q&A page. pydev importerror: no module named thread, debugging no longer works after pydev upgrade

MITM attack reported on deprecated NSURLConnectionDelegate

阅读更多关于 MITM attack reported on deprecated NSURLConnectionDelegate

I have an Objective-C project whose .ipa was tested with this tool online: https://www.immuniweb.com/mobile It reports that my app has a high risk security issue, pointing to the canAuthenticateAgainstProtectionSpace in the NSURLConnectionDelegate protocol. This method has been deprecated by iOS after 8.0 version. My app is not using it directly anywhere and I suppose this is not used by apple also even indirectly, since it is deprecated. I tried a sample ipa (new project with nothing in it) with Objective-C project and the same issue came for that as well. But it did not come for a sample ipa

MITM attack reported on deprecated NSURLConnectionDelegate

阅读更多关于 MITM attack reported on deprecated NSURLConnectionDelegate

问题 I have an Objective-C project whose .ipa was tested with this tool online: https://www.immuniweb.com/mobile It reports that my app has a high risk security issue, pointing to the canAuthenticateAgainstProtectionSpace in the NSURLConnectionDelegate protocol. This method has been deprecated by iOS after 8.0 version. My app is not using it directly anywhere and I suppose this is not used by apple also even indirectly, since it is deprecated. I tried a sample ipa (new project with nothing in it)