def test_tlsmaster_client_random():
pcapfile = open("tests/pcaps/2019-05-01-airfrance-fr-traffic.pcap", "rb")
tlsmaster = "tests/tlsmasters/2019-05-01-airfrance-fr-tlsmaster.mitm"
if tlsmaster:
tls_master_secrets = read_tlsmaster(tlsmaster)
else:
tls_master_secrets = {}
handlers = {
25: smtp_handler,
80: http_handler,
8000: http_handler,
8080: http_handler,
443: lambda: https_handler(tls_master_secrets),
4443: lambda: https_handler(tls_master_secrets),
}
reader = PcapReader(pcapfile)
reader.tcp = TCPPacketStreamer(reader, handlers)
res = []
(s, ts, protocol, sent, recv) = next(reader.process())
assert sent.uri == "/"
assert sent.headers["host"] == "www.airfrance.fr"
assert recv.status == "200" and recv.reason == "OK"
assert recv.body[76:114] == b"09D925754D91E3F90CEE2306B9861683.a63s1"
assert recv.headers["content-type"] == "text/html;charset=UTF-8"
def _https_handler(self):
session_id = "5ab7c9537928268ba71cd5fc790b6accb29707cfa7b3f85347e432a439eb1b4b"
master_key = "50321cf5552ba2f3ed34cd6eee005cf6490f5d915c7db8e2cfbf54940140308aa09c0a4e94107df6b25d2509f5bf0f13"
return https_handler({
session_id.decode("hex"):
master_key.decode("hex"),
})
def _https_handler(self):
session_id = "479ef8a88198b5b3f7e5b8bf79dea2d0635300ad744de08deb4e83610c5227e9"
master_key = "25fba9ac38b8750ead7b9ba50aba06e12aa566ffa0c3fa24cbdaf638711b8458da84cd79e9b32f4025a858a5c106c7a5"
return https_handler({
session_id.decode("hex"):
master_key.decode("hex"),
})
def test_no_tls_keys(self, p):
h = https_handler()
h.parent.parent = dummy = self.DummyProtocol()
h.handle((0, 0, 0, 0), 0, "tcp", "foo\r\n", "bar")
p.assert_not_called()
assert dummy.values == [
((0, 0, 0, 0), 0, "tcp", "foo\r\n", "bar"),
]
def httpreplay(pcapfile, tlsmaster):
if tlsmaster:
tls_master_secrets = read_tlsmaster(tlsmaster)
else:
tls_master_secrets = {}
handlers = {
25: smtp_handler,
80: http_handler,
8000: http_handler,
8080: http_handler,
443: lambda: https_handler(tls_master_secrets),
4443: lambda: https_handler(tls_master_secrets),
}
reader = PcapReader(pcapfile)
reader.tcp = TCPPacketStreamer(reader, handlers)
for s, ts, protocol, sent, recv in reader.process():
print s, "%f" % ts, protocol, getattr(sent, "uri", None)
def httpreplay(pcapfile, tlsmaster):
if tlsmaster:
tls_master_secrets = read_tlsmaster(tlsmaster)
else:
tls_master_secrets = {}
handlers = {
25: smtp_handler,
80: http_handler,
8000: http_handler,
8080: http_handler,
443: lambda: https_handler(tls_master_secrets),
4443: lambda: https_handler(tls_master_secrets),
}
reader = PcapReader(pcapfile)
reader.tcp = TCPPacketStreamer(reader, handlers)
for s, ts, protocol, sent, recv in reader.process():
print(s, "%f" % ts, protocol, getattr(sent, "uri", None))
def _create_handlers(self, tlsmaster={}, ports=[]):
tls_ports = [443, 4443, 8443]
http_ports = [80, 8000, 8080]
for port in ports:
if port not in tls_ports:
http_ports.append(port)
self.handlers = {"generic": forward_handler}
for httpport in http_ports:
self.handlers.update({httpport: http_handler})
if tlsmaster:
for tlsport in tls_ports:
self.handlers.update(
{tlsport: lambda: https_handler(tlsmaster)})
def pcap2mitm(pcapfile, mitmfile, tlsmaster=None, stream=False):
try:
from mitmproxy import models
from mitmproxy.flow import FlowWriter
from netlib.exceptions import HttpException
from netlib.http import http1
except ImportError:
log.warning(
"In order to use this utility it is required to have the "
"mitmproxy tool installed (`pip install httpreplay[mitmproxy]`)")
return False
if tlsmaster:
tlsmaster = read_tlsmaster(tlsmaster)
else:
tlsmaster = {}
handlers = {
443: lambda: https_handler(tlsmaster),
4443: lambda: https_handler(tlsmaster),
"generic": http_handler,
}
reader = PcapReader(pcapfile)
reader.tcp = TCPPacketStreamer(reader, handlers)
writer = FlowWriter(mitmfile)
l = reader.process()
if not stream:
# Sort the http/https requests and responses by their timestamp.
l = sorted(l, key=lambda x: x[1])
for s, ts, protocol, sent, recv in l:
if protocol not in ("http", "https"):
continue
srcip, srcport, dstip, dstport = s
client_conn = models.ClientConnection.make_dummy((srcip, srcport))
client_conn.timestamp_start = ts
server_conn = models.ServerConnection.make_dummy((dstip, dstport))
server_conn.timestamp_start = ts
flow = models.HTTPFlow(client_conn, server_conn)
try:
sent = io.BytesIO(sent.raw)
request = http1.read_request_head(sent)
body_size = http1.expected_http_body_size(request)
request.data.content = "".join(
http1.read_body(sent, body_size, None))
except HttpException as e:
log.warning("Error parsing HTTP request: %s", e)
continue
flow.request = models.HTTPRequest.wrap(request)
flow.request.timestamp_start = client_conn.timestamp_start
flow.request.host = dstip
flow.request.port = dstport
flow.request.scheme = protocol
try:
recv = io.BytesIO(recv.raw)
response = http1.read_response_head(recv)
body_size = http1.expected_http_body_size(request, response)
response.data.content = "".join(
http1.read_body(recv, body_size, None))
except HttpException as e:
log.warning("Error parsing HTTP response: %s", e)
# Fall through (?)
flow.response = models.HTTPResponse.wrap(response)
flow.response.timestamp_start = server_conn.timestamp_start
flow.id = str(
uuid.UUID(bytes=hashlib.md5(
b"%d%d%s%s" %
(client_conn.timestamp_start, server_conn.timestamp_start,
request.data.content, response.data.content)).digest()))
writer.add(flow)
return True