mitmproxy介绍
习惯了用charles和fiddler抓包,数据多了看不过来?那能否有可以使用python脚本来获取流量呢?比如自动化查看https流量里request出现为手机号码的内容?
mitmproxy是一个支持HTTP和HTTPS的抓包程序,支持控制台和python脚本的形式来查看。
0x01 环境配置
1、MacOS下安装
pip install mitmproxy
2、mitmproxy生成的证书在此目录
~/.mitmproxy/mitmproxy-ca.pem
3、使用shell脚本(install_cert.sh)来安装证书我们生成的证书
#!/bin/bash
ca=$1
device_id=$2
hash=$(openssl x509 -inform PEM -subject_hash_old -in $ca| head -1)
cert_name=$hash.0
adb -s $device_id root
adb -s $device_id remount
adb -s $device_id push $ca /system/etc/security/cacerts/$cert_name
adb -s $device_id reboot
4、安装的脚本
device_id(安卓设备的id) 使用adb devices -l来查看
chmod +x install_cert.sh
./install_cert.sh ~/.mitmproxy/mitmproxy-ca.pem device_id(安卓设备的id)
5、使用python来运行mitmproxy
使用命令为mitmdump -s mitm_script.py
# -*- coding: utf-8 -*-
# @Time : 2020-03-23 23:12
# @Author : Tesi1a!!
# @FileName: mitm_script.py
# @Software: PyCharm
# @Blog :http://blog.csdn.net/tangsilian
import socket
import json
import os
from urllib.parse import urlparse
import mitmproxy.http
from mitmproxy import ctx
import re
# check mobile number
def check_mobile_num(tn):
reg = "1[3|4|5|7|8][0-9]{9}"
return re.findall(reg, tn)
class Master:
def __init__(self):
self.num = 0
"""
The master handles mitmproxy's main event loop.
"""
# 1.获取所有的ip
# 2.解析url的字段
# 3.查看request的body
def request(self, flow: mitmproxy.http.HTTPFlow):
"""
The full HTTP request has been read.
"""
self.num = self.num + 1
body, method, host, url = {}, flow.request.method, flow.request.host, flow.request.url
print(urlparse(url))
query = urlparse(url).query
print("mitmproxy - request method=%s,host=%s,url=%s" % (method,host,url))
if method == "GET":
get_query = flow.request.query
queryurl = "&".join(["%s=%s" % (k, v) for k, v in get_query.items()])
body = dict([(k, v) for k, v in get_query.items()])
ctx.log.info("query = %s " % queryurl)
elif method == "POST":
body = flow.request.get_text()
# ctx.log.info("body = %s" % body)
print(query)
print(body)
check_mobile_num(body)
# 一个叫 Counter 的 addon
addons = [
Master()
]
参考:https://www.mitmproxy.org/
github上有案例代码:https://github.com/mitmproxy/mitmproxy
docker https://www.jianshu.com/p/0eb46f21fee9