快捷導(dǎo)航

python如何利用Mitmproxy抓包

更新時間：2020年10月10日 09:58:20 作者：南方的墻

這篇文章主要介紹了python如何利用Mitmproxy抓包，幫助大家更好的理解和使用python，感興趣的朋友可以了解下

一、使用

安裝

pip install mitmproxy

mitmproxy 是具有控制臺界面的交互式，支持SSL的攔截代理
mitmdump是mitmproxy的命令行版本。想想tcpdump為HTTP
mitmweb 是一個基于web的界面，適用于mitmproxy

mitmproxy(mac)、mitmdump、mitmweb(win) 這三個命令中的任意一個即可

mitmweb -s mitm.py 命令行啟動默認端口8080
mitmweb -p 8888 -s mitm.py 指定端口8888
ctrl+c退出

啟動后設(shè)置電腦或手機代理(電腦ip，端口8888)，安裝證書
打開 cmd，執(zhí)行 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server=10.12.2.28:8888 --ignore-certificate-errors

二、過濾、修改

"""
flow.request.scheme 請求協(xié)議
flow.request.host 請求host
flow.request.url  請求URL鏈接
flow.request.method 請求方法
flow.request.query 請求URL查詢參數(shù)
flow.request.path 請求URL https://www.baidu.com/ 
flow.request.path_components #請求URL不包含域名的元祖 ('project', 'classify', 'list')
flow.request.urlencoded_form 請求POST數(shù)據(jù)
flow.response.status_code HTTP響應(yīng)狀態(tài)碼
flow.response.headers HTTP響應(yīng)頭信息
flow.response.get_text HTTP響應(yīng)內(nèi)容

"""

class Counter:
 def __init__(self):
  self.result = {} # 存接口請求和返回信息
  # url filter 去掉
  self.url_filter = ['baidu.com','qq.com','360']
  # url screen 僅訪問
  self.url_race = ['10.162.16.39:8091']
  # http static extension
  self.static_ext = ['js', 'css', 'ico', 'jpg', 'png', 'gif', 'jpeg', 'bmp','xml']
  # http Content-Type
  self.static_files = ['text/css','image/jpeg', 'image/gif','image/png','text/html','application/octet-stream','application/x-protobuf']
  # http Content-Type media resource files type
  self.media_types = ['image', 'video', 'audio']

 def parser_data(self,query,data = {}):
  for key, value in query.items():
   data[key] = value
  return data

 def get_extension(self, url_tup):
  if not url_tup:
   return ''
  else:
   end_path = url_tup[-1]
   split_ext = end_path.split('.')  #1148e88a9d97.jpg #list
   return '' if not split_ext or len(split_ext) == 1 else split_ext[-1]

 # 拒絕連接
 def http_connect(self, flow: mitmproxy.http.HTTPFlow):
  for i in self.url_filter: #過濾url
   if i in flow.request.host:
    flow.response = http.HTTPResponse.make(404)

 #存在篩選就返回true攔截，F(xiàn)lase通過
 def capture_pass(self,request,response):
  if self.url_race:
   if request.host not in self.url_race: #篩選url
    return True
  url_tup = request.path_components #獲取url的tup
  extension = self.get_extension(url_tup)
  if extension in self.static_ext: #判斷后綴
   return True
  try:
   content_type = response.headers['Content-Type'].split(';')[0]
   if not content_type:
    return False
   elif content_type in self.static_files: #判斷Content-Type
    return True
   else:
    http_mime_type = content_type.split('/')[0]
    if http_mime_type in self.media_types: #判斷Content-Type的files type
     return True
    else:
     return False
  except Exception:
   return False



 def request(self, flow: mitmproxy.http.HTTPFlow):
  request = flow.request
  # 修改請求頭
  # request.headers["shuzf"] = "shuzf"
  # # 修改get參數(shù)
  # if "shuzf" in flow.request.query.keys():
  #  request.query.set_all("shuzf", ["舒志福"])
  # # 修改post參數(shù)
  # if "shuzf" in flow.request.urlencoded_form.keys():
  #  request.urlencoded_form.set_all('shuzf', '舒志福')
  scheme = request.scheme
  domain = request.host
  self.result['url'] = parse.unquote(request.url) # url解碼
  self.result['method'] = request.method
  self.result['request_headers'] = {}
  for item in request.headers:
   self.result['request_headers'][item] = request.headers[item]
  self.result['get_data'] = self.parser_data(request.query) # 將表單轉(zhuǎn)字典
  self.result['post_data'] = self.parser_data(request.urlencoded_form) # 將表單轉(zhuǎn)字典

 def response(self, flow: mitmproxy.http.HTTPFlow):
  request = flow.request
  response = flow.response
  # # 修改返回頭
  # response.headers["shuzf"] = "shuzf"
  # # 修改返回體
  # text = response.text
  # text = text.replace("shuzf", "舒志福")
  # flow.response.set_text(text)
  if not self.capture_pass(request,response):
   print(request.url)
   self.result['status_code '] = response.status_code
   self.result['response_headers'] = {}
   for item in response.headers:
    self.result['response_headers'][item] = response.headers[item]
   # HTTPResponse內(nèi)部使用了iso-8859-1編碼，先進行解碼為Unicode再進行utf-8編碼 response.text.encode("iso-8859-1").decode("utf-8")
   self.result['response_content'] = response.text 
   # 添加result至數(shù)據(jù)庫
   new_url = Proxy(url=self.result['url'],res=self.result['response_content'], content=json.dumps(self.result))

   session.add(new_url)
   session.commit()

   # 關(guān)閉session:
   # session.close()

addons = [Counter()] # 實例類

以上就是python利用Mitmproxy抓包的詳細內(nèi)容，更多關(guān)于python Mitmproxy抓包的資料請關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: