python如何利用Mitmproxy抓包
一、使用
安装
pipinstallmitmproxy
- mitmproxy是具有控制台界面的交互式,支持SSL的拦截代理
- mitmdump是mitmproxy的命令行版本。想想tcpdump为HTTP
- mitmweb是一个基于web的界面,适用于mitmproxy
mitmproxy(mac)、mitmdump、mitmweb(win)这三个命令中的任意一个即可
mitmweb-smitm.py命令行启动默认端口8080
mitmweb-p8888-smitm.py指定端口8888
ctrl+c退出
启动后设置电脑或手机代理(电脑ip,端口8888),安装证书
打开cmd,执行"C:\ProgramFiles(x86)\Google\Chrome\Application\chrome.exe"--proxy-server=10.12.2.28:8888--ignore-certificate-errors
二、过滤、修改
"""
flow.request.scheme请求协议
flow.request.host请求host
flow.request.url请求URL链接
flow.request.method请求方法
flow.request.query请求URL查询参数
flow.request.path请求URLhttps://www.baidu.com/
flow.request.path_components#请求URL不包含域名的元祖('project','classify','list')
flow.request.urlencoded_form请求POST数据
flow.response.status_codeHTTP响应状态码
flow.response.headersHTTP响应头信息
flow.response.get_textHTTP响应内容
"""
classCounter:
def__init__(self):
self.result={}#存接口请求和返回信息
#urlfilter去掉
self.url_filter=['baidu.com','qq.com','360']
#urlscreen仅访问
self.url_race=['10.162.16.39:8091']
#httpstaticextension
self.static_ext=['js','css','ico','jpg','png','gif','jpeg','bmp','xml']
#httpContent-Type
self.static_files=['text/css','image/jpeg','image/gif','image/png','text/html','application/octet-stream','application/x-protobuf']
#httpContent-Typemediaresourcefilestype
self.media_types=['image','video','audio']
defparser_data(self,query,data={}):
forkey,valueinquery.items():
data[key]=value
returndata
defget_extension(self,url_tup):
ifnoturl_tup:
return''
else:
end_path=url_tup[-1]
split_ext=end_path.split('.')#1148e88a9d97.jpg#list
return''ifnotsplit_extorlen(split_ext)==1elsesplit_ext[-1]
#拒绝连接
defhttp_connect(self,flow:mitmproxy.http.HTTPFlow):
foriinself.url_filter:#过滤url
ifiinflow.request.host:
flow.response=http.HTTPResponse.make(404)
#存在筛选就返回true拦截,Flase通过
defcapture_pass(self,request,response):
ifself.url_race:
ifrequest.hostnotinself.url_race:#筛选url
returnTrue
url_tup=request.path_components#获取url的tup
extension=self.get_extension(url_tup)
ifextensioninself.static_ext:#判断后缀
returnTrue
try:
content_type=response.headers['Content-Type'].split(';')[0]
ifnotcontent_type:
returnFalse
elifcontent_typeinself.static_files:#判断Content-Type
returnTrue
else:
http_mime_type=content_type.split('/')[0]
ifhttp_mime_typeinself.media_types:#判断Content-Type的filestype
returnTrue
else:
returnFalse
exceptException:
returnFalse
defrequest(self,flow:mitmproxy.http.HTTPFlow):
request=flow.request
#修改请求头
#request.headers["shuzf"]="shuzf"
##修改get参数
#if"shuzf"inflow.request.query.keys():
#request.query.set_all("shuzf",["舒志福"])
##修改post参数
#if"shuzf"inflow.request.urlencoded_form.keys():
#request.urlencoded_form.set_all('shuzf','舒志福')
scheme=request.scheme
domain=request.host
self.result['url']=parse.unquote(request.url)#url解码
self.result['method']=request.method
self.result['request_headers']={}
foriteminrequest.headers:
self.result['request_headers'][item]=request.headers[item]
self.result['get_data']=self.parser_data(request.query)#将表单转字典
self.result['post_data']=self.parser_data(request.urlencoded_form)#将表单转字典
defresponse(self,flow:mitmproxy.http.HTTPFlow):
request=flow.request
response=flow.response
##修改返回头
#response.headers["shuzf"]="shuzf"
##修改返回体
#text=response.text
#text=text.replace("shuzf","舒志福")
#flow.response.set_text(text)
ifnotself.capture_pass(request,response):
print(request.url)
self.result['status_code']=response.status_code
self.result['response_headers']={}
foriteminresponse.headers:
self.result['response_headers'][item]=response.headers[item]
#HTTPResponse内部使用了iso-8859-1编码,先进行解码为Unicode再进行utf-8编码response.text.encode("iso-8859-1").decode("utf-8")
self.result['response_content']=response.text
#添加result至数据库
new_url=Proxy(url=self.result['url'],res=self.result['response_content'],content=json.dumps(self.result))
session.add(new_url)
session.commit()
#关闭session:
#session.close()
addons=[Counter()]#实例类
以上就是python利用Mitmproxy抓包的详细内容,更多关于pythonMitmproxy抓包的资料请关注毛票票其它相关文章!