15-mitmproxy

mitmproxy是一个代理工具(软件安装 或 Python模块安装),实现代理请求(拦截请求或修改请求)。

image-20231230182921187

1.安装报错

基于 Python3.9.10 解释器创建了个虚拟环境,然后在虚拟环境中安装 mitmproxy

pip install mitmproxy

报错信息:

return _msvc14_get_vc_env(plat_spec)
File "E:\PycharmProjects\mitmproxy_example\.venv\lib\site-packages\setuptools\msvc.py", line 270, in _msvc14_get_vc_env
raise distutils.errors.DistutilsPlatformError(
setuptools._distutils.errors.DistutilsPlatformError: Microsoft Visual C++ 14.0 or greater is required. Get it with "Microsoft C++ Build Tools": https://visualstudio.mi
crosoft.com/visual-cpp-build-tools/

需要去下载Visual C++ Build Tools for Visual Studio 2015安装到电脑,然后再重新 pip install mitmproxy 才行。

https://my.visualstudio.com/Downloads?q=Visual Studio 2015 update 3

image-20231230101610617

解压 mu_visual_cpp_build_tools_2015_update_3_x64_dvd_dfd9a39c.iso文件,然后默认安装。

image-20231230101640869

再次安装成功:

pip install mitmproxy

image-20231230104424371

2.Https请求

如果想要让mitmproxy支持:http和https请求,就需要安装证书。

image-20231230182921187

2.1 启动 Mitmproxy

启动mitmproxy,去本地用户目录中寻找证书。

>>>mitmdump -q  -p 8888 -s v1.py

image-20231230161832015

from mitmproxy import http
from mitmproxy.http import Request


def request(flow: http.HTTPFlow):
    print("请求->", flow.request.path)


def response(flow: http.HTTPFlow):
    pass

2.2 获取证书

1.本地读取

在电脑 C:\Users\Administrator\.mitmproxy 中去获取。

image-20231230115349244

2.代理下载

在电脑上配置mitmproxy为代理,访问 http://mitm.it/下载证书。

image-20231230115740879

image-20231230115806300

2.3 安装证书

image-20231230161417878

image-20231230161400731

image-20231230161433501

image-20231230161454337

image-20231230161509166

image-20231230161525450

2.4 运行测试

image-20231230161958727

3.请求

image-20231230182921187

3.1 读取请求

from mitmproxy import http
from mitmproxy.http import Request


def request(flow):
    print("请求-->", flow.request.url)
    print("请求-->", flow.request.host)
    print("请求-->", flow.request.path)
    print("请求-->", flow.request.query)
    print("请求-->", flow.request.cookies)
    print("请求-->", flow.request.headers)
    print("请求-->", flow.request.method)
    print("请求-->", flow.request.content)


def response(flow: http.HTTPFlow):
    pass

>>>mitmdump -q  -p 8888 -s v1.py

image-20231230164457725

3.2 修改请求

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow


def request(flow: HTTPFlow):
    flow.request.url = "https://movie.douban.com/j/search_subjects?type=movie&tag=%E7%83%AD%E9%97%A8&sort=recommend&page_limit=20&page_start=20"


def response(flow: http.HTTPFlow):
    pass

image-20231230175248320

3.4 拦截请求

可以拦截请求,并返回指定内容:

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
from mitmproxy.http import Response


def request(flow: HTTPFlow):
    if flow.request.url.startswith("https://dig.chouti.com/"):
        flow.response = Response.make(
            200,  # (optional) status code
            b"Hello World",  # (optional) content
            {"Content-Type": "text/html"}  # (optional) headers
        )


def response(flow: http.HTTPFlow):
    pass

# mitmdump -q  -p 8888 -s v1.py

image-20231230182204311

拦截的形式,也可以是kill当前请求:

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow


def request(flow: HTTPFlow):
    if flow.request.url.startswith("https://dig.chouti.com/"):
        flow.kill()


def response(flow: http.HTTPFlow):
    pass

# mitmdump -q  -p 8888 -s v1.py

image-20231230181722286

3.3 案例:免账号登录

  • 正常账号登录:获取凭证
  • 集成mitmproxy
  • 配置代理
武沛齐:192.168.140.1    8888
 舍友:...

image-20231230182921187

image-20231230180219656

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow


def request(flow: HTTPFlow):
    print(flow.request.url)
    flow.request.cookies = [
        ("token","eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqaWQiOiJjZHVfNDU3OTI2NDUxNTUiLCJleHBpcmUiOiIxNzA0MzI5NDY5OTMyIn0.8n_tWcEHXsBSXWIY9rBoGWwaLPF8iWIruryhKTe5_ks")
    ]



def response(flow: http.HTTPFlow):
    pass

# mitmdump -q  -p 8888 -s v1.py

image-20231230180903577

image-20231230180835659

4.响应

image-20231230182921187

4.1 读取响应

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
from mitmproxy.http import Response


def response(flow: http.HTTPFlow):
    print(flow.request.url)
    
    print(flow.response.status_code)
    print(flow.response.cookies)
    print(flow.response.headers)
    print(flow.response.content)

# mitmdump -q  -p 8888 -s v1.py

image-20231230183547162

4.2 修改响应

from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
from mitmproxy.http import Response


def response(flow: http.HTTPFlow):
    print(flow.request.url)
    print(flow.response.status_code)
    print(flow.response.cookies)
    print(flow.response.headers)
    # print(flow.response.content)
    
    flow.response = Response.make(
        200,  # (optional) status code
        b"Hello World",  # (optional) content
        {"Content-Type": "text/html"}  # (optional) headers
    )

# mitmdump -q  -p 8888 -s v1.py

image-20231230183710750

posted @ 2024-01-14 23:04  凫弥  阅读(67)  评论(0编辑  收藏  举报