python如何利用Mitmproxy抓包
一、使用
安装
pipinstallmitmproxy
- mitmproxy是具有控制台界面的交互式,支持SSL的拦截代理
- mitmdump是mitmproxy的命令行版本。想想tcpdump为HTTP
- mitmweb是一个基于web的界面,适用于mitmproxy
mitmproxy(mac)、mitmdump、mitmweb(win)这三个命令中的任意一个即可
mitmweb-smitm.py命令行启动默认端口8080
mitmweb-p8888-smitm.py指定端口8888
ctrl+c退出
启动后设置电脑或手机代理(电脑ip,端口8888),安装证书
打开cmd,执行"C:\ProgramFiles(x86)\Google\Chrome\Application\chrome.exe"--proxy-server=10.12.2.28:8888--ignore-certificate-errors
二、过滤、修改
""" flow.request.scheme请求协议 flow.request.host请求host flow.request.url请求URL链接 flow.request.method请求方法 flow.request.query请求URL查询参数 flow.request.path请求URLhttps://www.baidu.com/ flow.request.path_components#请求URL不包含域名的元祖('project','classify','list') flow.request.urlencoded_form请求POST数据 flow.response.status_codeHTTP响应状态码 flow.response.headersHTTP响应头信息 flow.response.get_textHTTP响应内容 """ classCounter: def__init__(self): self.result={}#存接口请求和返回信息 #urlfilter去掉 self.url_filter=['baidu.com','qq.com','360'] #urlscreen仅访问 self.url_race=['10.162.16.39:8091'] #httpstaticextension self.static_ext=['js','css','ico','jpg','png','gif','jpeg','bmp','xml'] #httpContent-Type self.static_files=['text/css','image/jpeg','image/gif','image/png','text/html','application/octet-stream','application/x-protobuf'] #httpContent-Typemediaresourcefilestype self.media_types=['image','video','audio'] defparser_data(self,query,data={}): forkey,valueinquery.items(): data[key]=value returndata defget_extension(self,url_tup): ifnoturl_tup: return'' else: end_path=url_tup[-1] split_ext=end_path.split('.')#1148e88a9d97.jpg#list return''ifnotsplit_extorlen(split_ext)==1elsesplit_ext[-1] #拒绝连接 defhttp_connect(self,flow:mitmproxy.http.HTTPFlow): foriinself.url_filter:#过滤url ifiinflow.request.host: flow.response=http.HTTPResponse.make(404) #存在筛选就返回true拦截,Flase通过 defcapture_pass(self,request,response): ifself.url_race: ifrequest.hostnotinself.url_race:#筛选url returnTrue url_tup=request.path_components#获取url的tup extension=self.get_extension(url_tup) ifextensioninself.static_ext:#判断后缀 returnTrue try: content_type=response.headers['Content-Type'].split(';')[0] ifnotcontent_type: returnFalse elifcontent_typeinself.static_files:#判断Content-Type returnTrue else: http_mime_type=content_type.split('/')[0] ifhttp_mime_typeinself.media_types:#判断Content-Type的filestype returnTrue else: returnFalse exceptException: returnFalse defrequest(self,flow:mitmproxy.http.HTTPFlow): request=flow.request #修改请求头 #request.headers["shuzf"]="shuzf" ##修改get参数 #if"shuzf"inflow.request.query.keys(): #request.query.set_all("shuzf",["舒志福"]) ##修改post参数 #if"shuzf"inflow.request.urlencoded_form.keys(): #request.urlencoded_form.set_all('shuzf','舒志福') scheme=request.scheme domain=request.host self.result['url']=parse.unquote(request.url)#url解码 self.result['method']=request.method self.result['request_headers']={} foriteminrequest.headers: self.result['request_headers'][item]=request.headers[item] self.result['get_data']=self.parser_data(request.query)#将表单转字典 self.result['post_data']=self.parser_data(request.urlencoded_form)#将表单转字典 defresponse(self,flow:mitmproxy.http.HTTPFlow): request=flow.request response=flow.response ##修改返回头 #response.headers["shuzf"]="shuzf" ##修改返回体 #text=response.text #text=text.replace("shuzf","舒志福") #flow.response.set_text(text) ifnotself.capture_pass(request,response): print(request.url) self.result['status_code']=response.status_code self.result['response_headers']={} foriteminresponse.headers: self.result['response_headers'][item]=response.headers[item] #HTTPResponse内部使用了iso-8859-1编码,先进行解码为Unicode再进行utf-8编码response.text.encode("iso-8859-1").decode("utf-8") self.result['response_content']=response.text #添加result至数据库 new_url=Proxy(url=self.result['url'],res=self.result['response_content'],content=json.dumps(self.result)) session.add(new_url) session.commit() #关闭session: #session.close() addons=[Counter()]#实例类
以上就是python利用Mitmproxy抓包的详细内容,更多关于pythonMitmproxy抓包的资料请关注毛票票其它相关文章!