mitmproxy包装说明
mitmproxy是一个支持SSL的人在这方面的中间人HTTP代理。它提供了一个控制台界面,允许流量进行检查和编辑的飞行。同时运是mitmdump,mitmproxy的命令行版本,具有相同的功能,但没有多余的装饰。想想tcpdump的断点续传。
产品特点:
- 截取和修改在飞行HTTP流量
- 保存以备将来回放和分析HTTP会话
- 重播两个HTTP客户端和服务器
- 让使用Python脚本修改HTTP流量
- 在飞行中产生的SSL拦截证书
资料来源:http://mitmproxy.org/
mitmproxy首页 | 卡利mitmproxy回购
- 作者:阿尔Cortesi的
- 许可:GPLv3的
包含在mitmproxy包工具
mitmproxy - 支持SSL的人在这方面的中间人HTTP代理
[email protected]:~# mitmproxy -h
usage: mitmproxy [options]
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-b ADDR Address to bind proxy to (defaults to all interfaces)
--anticache Strip out request headers that might cause the server
to return 304-not-modified.
--confdir CONFDIR Configuration directory. (~/.mitmproxy)
-e Show event log.
-n Don't start a proxy server.
-p PORT Proxy service port.
-P REVERSE_PROXY Reverse proxy to upstream server:
http[s]://host[:port]
-F FORWARD_PROXY Proxy to unconditionally forward to:
http[s]://host[:port]
-q Quiet.
-r RFILE Read flows from file.
-s "script.py --bar" Run a script. Surround with quotes to pass script
arguments. Can be passed multiple times.
-t FILTER Set sticky cookie filter. Matched against requests.
-T Set transparent proxy mode.
-u FILTER Set sticky auth filter. Matched against requests.
-v Increase verbosity. Can be passed multiple times.
-w WFILE Write flows to file.
-z Try to convince servers to send us un-compressed data.
-Z SIZE Byte size limit of HTTP request and response bodies.
Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
--host Use the Host header to construct URLs for display.
--no-upstream-cert Don't connect to upstream server to look up
certificate details.
--debug
--palette PALETTE Select color palette: dark, light, solarized_dark,
solarized_light
Web App:
-a Disable the mitmproxy web app.
--app-host host Domain to serve the app from. For transparent mode,
use an IP when a DNS entry for the app domain is not
present. Default: mitm.it
--app-port 80 Port to serve the app from.
--app-external Serve the app outside of the proxy.
Client Replay:
-c PATH Replay client requests from a saved file.
Server Replay:
-S PATH Replay server responses from a saved file.
-k Kill extra requests during replay.
--rheader RHEADERS Request headers to be considered during replay. Can be
passed multiple times.
--norefresh Disable response refresh, which updates times in
cookies and headers for replayed responses.
--no-pop Disable response pop from response flow. This makes it
possible to replay same response multiple times.
Replacements:
Replacements are of the form "/pattern/regex/replacement", where the
separator can be any character. Please see the documentation for more
information.
--replace PATTERN Replacement pattern.
--replace-from-file PATH
Replacement pattern, where the replacement clause is a
path to a file.
Set Headers:
Header specifications are of the form "/pattern/header/value", where the
separator can be any character. Please see the documentation for more
information.
--setheader PATTERN Header set pattern.
Proxy Authentication:
Specify which users are allowed to access the proxy and the method used
for authenticating them. These options are ignored if the proxy is in
transparent or reverse proxy mode.
--nonanonymous Allow access to any user long as a credentials are
specified.
--singleuser USER Allows access to a a single user, specified in the
form username:password.
--htpasswd PATH Allow access to users specified in an Apache htpasswd
file.
SSL:
--cert CERT User-created SSL certificate file.
--client-certs CLIENTCERTS
Client certificate directory.
Filters:
See help in mitmproxy for filter expression syntax.
-i INTERCEPT, --intercept INTERCEPT
Intercept filter expression.mitmdump(命令行的同伴mitmproxy) - 改进后的tcpdump的用于HTTP
[email protected]:~# mitmdump -h
usage: mitmdump [options] [filter]
positional arguments:
args
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-b ADDR Address to bind proxy to (defaults to all interfaces)
--anticache Strip out request headers that might cause the server
to return 304-not-modified.
--confdir CONFDIR Configuration directory. (~/.mitmproxy)
-e Show event log.
-n Don't start a proxy server.
-p PORT Proxy service port.
-P REVERSE_PROXY Reverse proxy to upstream server:
http[s]://host[:port]
-F FORWARD_PROXY Proxy to unconditionally forward to:
http[s]://host[:port]
-q Quiet.
-r RFILE Read flows from file.
-s "script.py --bar" Run a script. Surround with quotes to pass script
arguments. Can be passed multiple times.
-t FILTER Set sticky cookie filter. Matched against requests.
-T Set transparent proxy mode.
-u FILTER Set sticky auth filter. Matched against requests.
-v Increase verbosity. Can be passed multiple times.
-w WFILE Write flows to file.
-z Try to convince servers to send us un-compressed data.
-Z SIZE Byte size limit of HTTP request and response bodies.
Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
--host Use the Host header to construct URLs for display.
--no-upstream-cert Don't connect to upstream server to look up
certificate details.
--keepserving Continue serving after client playback or file read.
We exit by default.
Web App:
-a Disable the mitmproxy web app.
--app-host host Domain to serve the app from. For transparent mode,
use an IP when a DNS entry for the app domain is not
present. Default: mitm.it
--app-port 80 Port to serve the app from.
--app-external Serve the app outside of the proxy.
Client Replay:
-c PATH Replay client requests from a saved file.
Server Replay:
-S PATH Replay server responses from a saved file.
-k Kill extra requests during replay.
--rheader RHEADERS Request headers to be considered during replay. Can be
passed multiple times.
--norefresh Disable response refresh, which updates times in
cookies and headers for replayed responses.
--no-pop Disable response pop from response flow. This makes it
possible to replay same response multiple times.
Replacements:
Replacements are of the form "/pattern/regex/replacement", where the
separator can be any character. Please see the documentation for more
information.
--replace PATTERN Replacement pattern.
--replace-from-file PATH
Replacement pattern, where the replacement clause is a
path to a file.
Set Headers:
Header specifications are of the form "/pattern/header/value", where the
separator can be any character. Please see the documentation for more
information.
--setheader PATTERN Header set pattern.
Proxy Authentication:
Specify which users are allowed to access the proxy and the method used
for authenticating them. These options are ignored if the proxy is in
transparent or reverse proxy mode.
--nonanonymous Allow access to any user long as a credentials are
specified.
--singleuser USER Allows access to a a single user, specified in the
form username:password.
--htpasswd PATH Allow access to users specified in an Apache htpasswd
file.
SSL:
--cert CERT User-created SSL certificate file.
--client-certs CLIENTCERTS
Client certificate directory.mitmproxy用法示例
运行在端口2139 mitmproxy监听(P)。
[email protected]:~# mitmproxy -p 2139