虚假ip链接服务器_使用代理服务器进行虚假相信

最新推荐文章于 2023-11-08 22:29:50 发布

cumian9828

最新推荐文章于 2023-11-08 22:29:50 发布

阅读量718

点赞数

文章标签： java linux http nginx web

原文链接：https://www.freecodecamp.org/news/playing-make-believe-using-proxy-server-1deecc068abe/

版权

虚假ip链接服务器

by Sumit Gupta

由Sumit Gupta

使用代理服务器进行虚假相信 (Playing make-believe using a proxy server)

使用代理服务器(mitmproxy)获取所需响应的指南 (Guide to using a proxy server (mitmproxy) to get the response you want)

Say you are developing a feature in an E-commerce web/mobile app.You have to show an “Item is out of stock” banner on the “Cart” page when an item is out of stock.

假设您正在开发电子商务Web /移动应用程序中的功能。当某商品缺货时，您必须在“购物车”页面上显示“商品缺货”标语。

You hit an endpoint /cart and this endpoint returns something like this.

您击中了一个端点/cart ，该端点返回了类似的内容。

[  {    "name": "SomeShoes",    "soldOut": false,    "price": "$50",    "quantity": 1,    ...  }]

You get soldOut as true when the item is sold out.To ease out development, you’d need to simulate this behavior.

当商品售罄时，您会得到soldOut为true 。为简化开发，您需要模拟这种行为。

Some ways to do so could be:

这样做的一些方法可能是：

You add an item to cart and then login as another user to buy all the available stock. This would simulate that the item was out of stock for the first user.
您将一个商品添加到购物车，然后以其他用户身份登录以购买所有可用库存。这将模拟该商品对于第一个用户而言无货。
You add an item to cart and then modify the data or change the code in the backend API to make sure that item is sold out.
您将商品添加到购物车，然后修改数据或更改后端API中的代码以确保商品售罄。

Both of the above approaches would work, but both might require a lot of work. If those APIs are external, then you’d have next to zero control. The first approach might be possible but the second approach is impossible.

以上两种方法都可以，但是都可能需要大量工作。如果这些API是外部的，那么您将需要零控制权。第一种方法是可能的，但第二种方法是不可能的。

What if you could hack your way and change the value of soldOut to true without any of the above methods?

如果不使用上述任何方法就可以改变自己的方式并将soldOut的值soldOut为true怎么办？

Enter the proxy server

输入代理服务器

A proxy server lets you see the response from the server and modify it even before it comes to the front-end app. You can intercept the /cart API call and modify the value of soldOut to true in the response.

代理服务器使您可以查看服务器的响应，甚至可以在响应到前端应用之前对其进行修改。您可以拦截/cart API调用，然后在响应soldOut的值修改为true 。

Imagine how much time you’d save. All you wanted was to check how your sold out banner looks when it appears, if it even does.

想象一下您将节省多少时间。您所要做的就是检查售罄的横幅在出现时的外观，甚至可以看到。

No one wants to change the world to make sure they get a true instead of a false.

没有人愿意改变世界以确保他们得到的是真实的而不是错误的。

选择代理服务器 (Choosing your proxy server)

There are many proxy servers out there that’ll let you do this, and one such is mitmproxy.

有很多代理服务器可以让您做到这一点，其中一个就是mitmproxy。

mitmproxy is a free and open source tool for Windows, Linux, and Mac.

mitmproxy是适用于Windows，Linux和Mac的免费开源工具。

Here’s how to use mitmproxy (commands below are for Mac, but they should work on Linux as well).

这是使用mitmproxy的方法(以下命令适用于Mac，但它们也适用于Linux)。

安装 (Installation)

Mac: brew install mitmproxyOthers: You can find installation instruction here.

Mac： brew install mitmproxy其他：您可以在此处找到安装说明。

mitmproxy has command line and web interfaces.

mitmproxy具有命令行和Web界面。

网页界面 (Web Interface)

To start the proxy server, use the command:

要启动代理服务器，请使用以下命令：

Mac: mitmweb --port 9000 --web-port 9001Windows: mitmweb.exe --listen-port 9000 --web-port 9001

Mac： mitmweb --port 9000 --web-port 9001 Windows： mitmweb.exe --listen-port 9000 --web-port 9001

Here,--port and --listen-port is used to specify the port on which the proxy server would run and --web-port is used to specify the port for the web interface of the server.

在这里， --port和--listen-port被用于指定代理服务器的运行会和端口--web-port用于指定的端口服务器的Web界面。

Now open the URLlocalhost:9001Below is the web interface of the proxy server where you can see every request that goes through it.

现在打开URL localhost:9001下面是代理服务器的Web界面，您可以在其中看到通过它的每个请求。

Now we need to route all network requests through it.

现在，我们需要通过它路由所有网络请求。

I use Firefox for this as it has support for adding proxy settings and certificates just for Firefox.

我为此使用Firefox，因为它支持仅针对Firefox添加代理设置和证书。

Note: an Android phone/emulator or any other client can also be used.

注意：也可以使用Android手机/模拟器或任何其他客户端。

配置Firefox (Configuring Firefox)

配置代理 (Configuring Proxy)

Install and open Firefox.Search “Connection Settings” in settings.

安装并打开Firefox。在设置中搜索“连接设置”。

Here, you will manually add a proxy configuration. If you are following this guide, then add localhost in the HTTP proxy and port as 9000. Also, clear the “No Proxy for” text.

在这里，您将手动添加代理配置。如果您遵循本指南，请在HTTP代理和端口中将localhost添加为9000 。另外，清除“无代理”文本。

安装mitmproxy证书 (Installing mitmproxy certificate)

You need to install a certificate for mitmproxy to work. Otherwise, your browser won’t let you access anything.

您需要安装证书才能使mpmproxy起作用。否则，您的浏览器将不允许您访问任何内容。

DO NOT INSTALL THESE CERTIFICATES ON YOUR SYSTEM. INSTALL THEM ONLY ON THE CLIENT(the client is Firefox in this guide). Installing these certificates on your system is a security vulnerability.

不要在您的系统上安装这些证书。 仅在客户端上安装它们 (本指南中的客户端是Firefox) 。在您的系统上安装这些证书是一个安全漏洞。

This is one other reason I choose Firefox. Firefox allows you to install certificates only for itself.

这是我选择Firefox的另一个原因。 Firefox允许您仅自行安装证书。

Open the URL “mitm.it” in your Firefox and then click on “Other” to install the certificate. Check the checkbox “Trust this CA to identify websites.”

在Firefox中打开URL“ mitm.it ”，然后单击“ 其他 ”以安装证书。选中“信任此CA以标识网站”复选框。

The above step will install the mitmproxy certificate only in Firefox.

上面的步骤将仅在Firefox中安装mitmproxy证书。

Do not install the certificate by clicking on Apple, Windows, or Android unless your client is a Windows VM or an iOS simulator/Android emulator or a real phone which you want to use as a client.

除非您的客户端是您要用作客户端的Windows VM或iOS模拟器/ Android模拟器或真实电话，否则请勿通过单击Apple，Windows或Android来安装证书。

We are locked and loaded

我们被锁定并加载

Hit any URL you want and check the web interface of mitmproxy. You’ll find your request/response in there.

击中所需的任何URL，然后检查mitmproxy的Web界面。您将在其中找到您的请求/响应。

修改请求和响应 (Modifying request and response)

To modify the request and response, you must first intercept a request.When you intercept a request it is stopped twice. Once when it is going to the server and second time when the response is coming from the server.

要修改请求和响应，必须首先拦截一个请求，当拦截一个请求时，它会停止两次。一次到服务器，第二次从服务器收到响应。

To intercept it, add a URL pattern in the “Intercept” text box.

要拦截它，请在“拦截”文本框中添加一个URL模式。

In the image above, I’ve intercepted the URL which has “localhost” in it. The requests are shown in the bottom left box. The current request is paused as it is intercepted. You can modify the request here.

在上图中，我截获了其中包含“ localhost”的URL。这些请求显示在左下方的框中。当前请求在被拦截时会暂停。您可以在此处修改请求。

Now switch to the “Flow” tab and hit the resume button.

现在切换到“流程”标签，然后点击恢复按钮。

Your request has now gone to the server and the response will come. This request will be paused again, but this time it is going back to Firefox and you can change the response as well.

您的请求现在已发送到服务器，并且响应将到来。该请求将再次暂停，但是这次将返回到Firefox，您也可以更改响应。

闪耀的时刻 (The moment to shine)

Now change that soldOut to true and hit that Resume button to see the magic (hack *cough) happen. Your frontend will receive the modified response, and it should show you the “Item is out of stock” banner you’ve waited all your life for.

现在将soldOut更改为true然后单击“继续”按钮以查看魔术( hack * cough )的发生。您的前端将收到修改后的响应，并且应该显示一生都在等待的“商品缺货”标语。

You can change everything to a response and request. Literally, from head to body, cookies, and whatever else.

您可以将所有内容更改为响应和请求。从字面上看，从头到身体，饼干等等。

命令行界面(在Windows中不可用) (Command Line Interface (Unavailable in Windows))

mitmproxy has an excellent command line interface as well.

mitmproxy也具有出色的命令行界面。

To start the proxy server in the CLI, use the command mitmproxy --port 9000 Here,--port is used to specify the port on which this server must run.

要在CLI中启动代理服务器，请使用命令mitmproxy --port 9000在此，-- --port用于指定此服务器必须在其上运行的端口。

You’ll be greeted by this. Hit ? for shortcuts of the CLI.

您会被这个欢迎。打? CLI的快捷方式。

As mentioned in the Web Interface configuration section, configure your Firefox.

如Web Interface配置部分所述，配置Firefox。

At this point, you should be able to see all the requests/responses going through your proxy server.

此时，您应该能够查看通过代理服务器的所有请求/响应。

To intercept a request, hit i and add a URL pattern (this is a RegEx).Same as the web interface, mitmproxy intercepts requests twice: once while going to the server and again when coming back from the server.

要拦截请求，请点击i并添加一个URL模式( 这是一个RegEx )。与Web界面相同，mitmproxy会拦截两次请求：一次进入服务器，一次返回服务器。

I’ve added a pattern localhost. It intercepted a request. Hit Enter on it to view this paused request.

我添加了一个模式localhost 。它拦截了一个请求。在其上按Enter键以查看此暂停的请求。

To modify, hit e and you’d be given options to modify whatever you want to.

要进行修改，请点击e然后您将可以选择修改任何内容。

Hit a to let the request go to the server. Now you can view the response and modify it as well.

打a让请求到服务器。现在，您可以查看响应并进行修改。

Above is the response tab. Hit e and you can modify the response. Press a again to let the response go to Firefox.

上方是“响应”选项卡。点击e ，您可以修改响应。按下a再次让响应转到Firefox浏览器。

These are some basic commands you can use. For more help, hit ?.

这些是您可以使用的一些基本命令。如需更多帮助，请点击? 。

Now hack your way into software development like: