def request(self, flow: mitmproxy.http.HTTPFlow):
uri = flow.request.path
if uri.find("a_new_task_here_rebirth") != -1:
ref = flow.request.path
pos = ref.find("?url=")
if (pos != -1):
ref = ref[pos + 5:]
self.task = ref
self.task = urllib.parse.unquote(self.task)
flow.response = mitmproxy.http.HTTPResponse.make(404)
#print("bingo")
return
if uri.find("a_new_req_here_rebirth") != -1:
ref = flow.request.path
pos = ref.find("?url=")
if (pos != -1):
ref = ref[pos + 5:]
self.req = ref
self.req = urllib.parse.unquote(self.req)
flow.response = mitmproxy.http.HTTPResponse.make(404)
#print("bingo")
return
# if self.task != "":
# print(self.task)
# flow.request.headers["Referer"] = self.task
url = flow.request.host + uri
for pattern in self.patterns:
if re.search(pattern["pattern"], url):
self.db.insert(self.task, 1, pattern["service"], url, self.req)
break
return
def response(flow: mitmproxy.http.HTTPFlow) -> None:
if flow.response.status_code != 200:
mitmproxy.ctx.log("[-] %s" % flow.response.status_code)
if flow.response.status_code == 401:
flow.response.headers = Headers(
content_type="text/html;chartset=utf-8")
return
if flow.response.status_code == 433:
flow.response.headers = Headers(
content_type="text/html;chartset=utf-8")
flow.response.text = "<html><body><h1>403 Forbidden</h1><p>You have been blocked by Cloudflare.</p></body></html>"
return
if flow.response.status_code == 200:
body = flow.response.content.decode("utf-8")
resp = pickle.loads(b64decode(body))
r = flow.response.make(
status_code=resp.status_code,
content=b64decode(resp.data),
headers=dict(resp.headers),
)
flow.response = r
def response_hello_world(flow: mitmproxy.http.HTTPFlow):
if flow.request.pretty_url.endswith("gitlab.com/users/sign_in"):
flow.response = mitmproxy.http.HTTPResponse.make(
200,
"<html><body>hello world</body></html>",
{"content-type": "text/html"},
)
def http_connect(self, flow: mitmproxy.http.HTTPFlow):
# LAYER 1 : BLACKLIST BLOCK ------------------------
fo = open("blacklist.txt", "r+")
line = fo.readline()
while line:
ctx.log.info("now comparing:" +
line.replace("\n", "").replace("\r", ""))
if flow.request.host == line.replace("\n", "").replace(
"\r", "").strip() and line.strip() != "":
flow.response = http.HTTPResponse.make(404)
ctx.log.info(line + " BAN.")
return
line = fo.readline()
fo.close()
# LAYER 2 : AUTONOMOUS BLOCK -----------------------
if self.a == "0": # all block
flow.response = http.HTTPResponse.make(404)
#flow.request.host = "www.bing.cn"
ctx.log.info("ALL BLOCK CHAIN PERFORMED.")
if self.a == "1" or self.a == "2": # only block black
# fo = open("blacklist.txt","r+")
# line = purify(fo.readline())
# while line:
# ctx.log.info("now matching:"+line)
# if flow.request.host == line:
# ctx.log.info("matched.block")
# flow.response = http.HTTPResponse.make(404)
# line = purify(fo.readline())
# fo.close()
pass
if self.a == "2": # smart block + black
pass
if self.a == "3": # only white
fo = open("whitelist.txt", "r+")
line = purify(fo.readline())
while line:
ctx.log.info("now granting:" + line)
if flow.request.host == line:
ctx.log.info("ACCESS GRANTED.")
return
line = purify(fo.readline())
flow.response = http.HTTPResponse.make(404)
ctx.log.info("ACCORDING TO POLICY 3 , NOW DENIED.")
fo.close()
ctx.log.info("ORZ -------------------------------")
def request(self, flow: mitmproxy.http.HTTPFlow):
"""
The full HTTP request has been read.
"""
if "https://stock.xueqiu.com/v5/stock/batch/quote.json" in flow.request.url and \
"x=" in flow.request.url:
# print("雪球"*10)
print(flow)
with open("../datas/quote.json", encoding="utf-8") as f:
flow.response = http.HTTPResponse.make(200, f.read())
print("request done")
def change_response_immediately(self, flow: mitmproxy.http.HTTPFlow):
if self.is_request_match(flow):
modified_response = open(self.error_response_file, "r").read()
flow.response = http.HTTPResponse.make(
200, # (optional) status code
modified_response, # (optional) content
{
"access-control-allow-origin": "https://www.tokopedia.com",
"access-control-allow-credentials": "true",
"content-type": "application/json",
"access-control-allow-headers": "Content-type, Fingerprint-Data, Fingerprint-Hash, x-user-id, Webview-App-Version, Redirect, Access-Control-Allow-Origin, Content-MD5, Tkpd-UserId, X-Tkpd-UserId, Tkpd-SessionId, X-Device, X-Source, X-Method, X-Date, Authorization, Accounts-Authorization, flight-thirdparty, x-origin, Cshld-SessionID, X-Mitra-Device, x-tkpd-akamai, x-tkpd-lite-service, x-ga-id, Akamai-Bot, x-tkpd-app-name, x-tkpd-clc, x-return-hmac-md5"
}
)
def request(self, flow: mitmproxy.http.HTTPFlow):
"""
The full HTTP request has been read.
"""
#匹配规则
if "https://stock.xueqiu.com/v5/stock/batch/quote.json?_t" in flow.request.url and "x=" in flow.request.url:
with open("quote.json", encoding="utf-8") as f:
flow.response = http.HTTPResponse.make(
# 状态码
200,
# 响应体,传入数据格式为str
f.read(),
# 响应头
)
def request(self, flow: mitmproxy.http.HTTPFlow):
'''
网络层
dns查询之后
'''
url = flow.request.scheme + '://' + \
flow.request.host + \
flow.request.path.split('?')[0] + ' ' + flow.request.method
db = sqlite3.connect(database)
cursor = db.cursor()
sql = f"select * from Mock1 where url='{url}' and status='1'"
print(f'拦截{url}到本地')
result = cursor.execute(sql)
js = [i for i in cursor.execute(sql)]
if len(js) > 0:
result = json.loads(parse.unquote(js[0][1]))
# flow.response = result['data']['response']
response = result['data'].get('response', None)
if not response:
return None
headers = {}
try:
for header in response['headers']:
headers[header[0]] = header[1]
except:
pass
content_type = headers.get('content-type', None) or headers.get(
'Content-Type', None)
html = response['html']
if 'image' in content_type or 'video' in content_type:
html = base64.b64decode(html.encode())
flow.response = mitmproxy.http.HTTPResponse.make(
response['status_code'] or 200, # (optional) status code
html, # (optional) content
headers # (optional) headers
)
cursor.close()
db.close()
def response(flow: mitmproxy.http.HTTPFlow):
if flow.response.status_code != 200:
mitmproxy.ctx.log.warn("Error")
if flow.response.status_code == 401:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
return
if flow.response.status_code == 433:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
flow.respons.content = "<html><body>操作已超过云函数服务最大时间限制,可<a href='https://console.cloud.tencent.com/workorder/category'>提交工单</a>申请提升超时限制</body></html>",
return
if flow.response.status_code == 200:
body = flow.response.content.decode("utf-8")
resp = pickle.loads(b64decode(body))
r = flow.response.make(
status_code=resp.status_code,
headers=dict(resp.headers),
content=resp.content,
)
flow.response = r
def response(flow: mitmproxy.http.HTTPFlow):
if flow.response.status_code != 200:
mitmproxy.ctx.log.warn("Error")
if flow.response.status_code == 401:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
return
if flow.response.status_code == 433:
flow.response.headers = Headers(content_type="text/html;charset=utf-8")
flow.response.content = (
"<html><body>操作已超过云函数服务最大时间限制,可在函数配置中修改执行超时时间</body></html>", )
return
if flow.response.status_code == 200:
body = flow.response.content.decode("utf-8")
resp = pickle.loads(b64decode(body))
r = flow.response.make(
status_code=resp.status_code,
headers=dict(resp.headers),
content=resp.content,
)
flow.response = r
def request(flow: mitmproxy.http.HTTPFlow) -> None:
if config.mock_configuration is None:
print(f'Passing request to {str(flow.request.url)}')
return None
else:
pass
matching_mocks = [
mock for mock in config.mock_configuration.mocks
if re.match(mock.path, str(flow.request.url)) and mock.enabled
]
if len(matching_mocks) <= 0:
print(f'Passing request to {str(flow.request.url)}')
return None
else:
pass
mock = matching_mocks[0]
if mock is not None:
if mock.interactive:
print(f'Wating for send confirmation for {str(flow.request.url)}')
input('\x1b[1;30;41mPress Return to continue...\x1b[0m')
else:
pass
if mock.offline:
if mock.status_code is not None:
print(
f'Responding offline to request to {str(flow.request.url)}'
)
print(f'...using status code {mock.status_code}')
response = mitmproxy.http.Response.make(
mock.status_code,
b'',
{},
)
else:
print(
f'Invalid mock, passing request to {str(flow.request.url)}'
)
return None
for k, v in mock.headers.items():
print(f'...using header {k} with {v}')
response.headers[k] = v
if mock.body_path is not None:
print(f'...using body with content of {mock.body_path}')
with open(f'{config.mock_configuration.path}/{mock.body_path}',
'r') as mock_data:
response.content = str.encode(mock_data.read())
elif mock.body is not None:
print(f'...using body with {mock.body}')
response.content = mock.body.encode('utf-8')
else:
pass
flow.response = response
else:
print(f'Passing request to {str(flow.request.url)}')
else:
print(f'Passing request to {str(flow.request.url)}')