def __init__(self, flow: mitmproxy.http.HTTPFlow, parameters: list):
self.origin_flow = flow.copy()
self.finished = False
self.parameters = {}
self.response: mitmproxy.http.HTTPResponse = None
for val in parameters:
self.parameters[val] = (False, True)
def __init__(self, flow: mitmproxy.http.HTTPFlow, parameters: list):
self.origin_flow = flow.copy()
self.origin_form = flow.request.text
self.origin_response = flow.response
self.form_parameters = {}
for val in parameters:
self.form_parameters[val] = False
def test_url_parameters(flow: mitmproxy.http.HTTPFlow, pattern: str = "*"):
global simplified_url
# check legality
if flow.request.pretty_url.find(pattern) == -1 and pattern != "*":
return
# check if this is a replay flow
if "test_url_parameters" in flow.request.headers.keys():
if flow.request.headers["test_url_parameters"] == "true":
# This is a replay flow. It needs to be test with its response
simplified_url[flow.request.headers["flow_id"]].judge_parameter(flow)
flow.intercept()
time.sleep(4)
flow.resume()
return
origin_url = flow.request.pretty_url
# if no query in url, return
if origin_url.find("?") == -1:
return
# block this flow
flow.intercept()
# extract the parameters in url
url = origin_url.split("?")
assert len(url) == 2
parameters = url[1].split("&")
flow_id = str(hash(flow))
simplified_url[flow_id] = Simplified_URL(flow, parameters)
# try removing each parameters in url
# replay and see the change of response
for i, val in enumerate(parameters):
# compose fake url
fake_url = origin_url
index = fake_url.find(val)
if not fake_url.find("&", index) == -1:
fake_url = fake_url[:index] + fake_url[index+len(val)+1:]
else:
fake_url = fake_url[:index] + fake_url[index+len(val):]
if fake_url.endswith("&"):
fake_url = fake_url[:-1]
# ctx.log.info("fake_url: " + fake_url)
# replay the flow with fake url
fake_flow = flow.copy()
fake_flow.request.headers["test_url_parameters"] = "true"
fake_flow.request.headers["deleted"] = val
fake_flow.request.headers["flow_id"] = flow_id
fake_flow.request.url = fake_url
replay(fake_flow)
time.sleep(3)
ctx.log.info("origin_url: " + origin_url)
surl = simplified_url[flow_id].summary()
ctx.log.info("simplified_url: " + surl)
flow.resume() # release the block
return surl
def test_post_form(flow: mitmproxy.http.HTTPFlow, pattern: str = "*"):
global simplified_form
# check legality
if flow.request.pretty_url.find(pattern) == -1 and pattern != "*":
return
if flow.request.method != "POST":
return
# check if this is a replay flow
if "test_post_form" in flow.request.headers.keys():
if flow.request.headers["test_post_form"] == "true":
# This is a replay flow. It needs to be test with its response
simplified_form[flow.request.headers["flow_id"]].judge_parameter(flow)
flow.intercept()
return
origin_form = flow.request.text
# block this flow
flow.intercept()
# extract the parameters in form
parameters = origin_form.split("&")
flow_id = str(hash(flow))
simplified_form[flow_id] = Simplified_Form(flow, parameters)
# try removing each parameters in form
# replay and see the change of response
for i, val in enumerate(parameters):
# compose fake form
fake_form = origin_form
index = fake_form.find(val)
if not fake_form.find("&", index) == -1:
fake_form = fake_form[:index] + fake_form[index+len(val)+1:]
else:
fake_form = fake_form[:index] + fake_form[index+len(val):]
if fake_form.endswith("&"):
fake_form = fake_form[:-1]
ctx.log.info("fake_form: " + fake_form)
# replay the flow with fake form
fake_flow = flow.copy()
fake_flow.request.headers["test_post_form"] = "true"
fake_flow.request.headers["deleted"] = val
fake_flow.request.headers["flow_id"] = flow_id
fake_flow.request.text = fake_form
replay(fake_flow)
time.sleep(3)
ctx.log.info("origin_form: " + origin_form)
sform = simplified_form[flow_id].summary()
ctx.log.info("simplified_form: " + sform)
flow.resume() # release the block
return sform
def __init__(self, flow: mitmproxy.http.HTTPFlow, parameters: list):
self.origin_flow = flow.copy()
self.parameters = {}
for val in parameters:
self.parameters[val] = (False, True)