diff options
Diffstat (limited to 'doc-src/features/replacements.html')
| -rw-r--r-- | doc-src/features/replacements.html | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/doc-src/features/replacements.html b/doc-src/features/replacements.html deleted file mode 100644 index 6de06d5e..00000000 --- a/doc-src/features/replacements.html +++ /dev/null @@ -1,74 +0,0 @@ -Mitmproxy lets you specify an arbitrary number of patterns that define text -replacements within flows. Each pattern has 3 components: a filter that defines -which flows a replacement applies to, a regular expression that defines what -gets replaced, and a target value that defines what is substituted in. - -Replace hooks fire when either a client request or a server response is -received. Only the matching flow component is affected: so, for example, if a -replace hook is triggered on server response, the replacement is only run on -the Response object leaving the Request intact. You control whether the hook -triggers on the request, response or both using the filter pattern. If you need -finer-grained control than this, it's simple to create a script using the -replacement API on Flow components. - -Replacement hooks are extremely handy in interactive testing of applications. -For instance you can use a replace hook to replace the text "XSS" with a -complicated XSS exploit, and then "inject" the exploit simply by interacting -with the application through the browser. When used with tools like Firebug and -mitmproxy's own interception abilities, replacement hooks can be an amazingly -flexible and powerful feature. - - -## On the command-line - -The replacement hook command-line options use a compact syntax to make it easy -to specify all three components at once. The general form is as follows: - - /patt/regex/replacement - -Here, __patt__ is a mitmproxy filter expression, __regex__ is a valid Python -regular expression, and __replacement__ is a string literal. The first -character in the expression (__/__ in this case) defines what the separation -character is. Here's an example of a valid expression that replaces "foo" with -"bar" in all requests: - - :~q:foo:bar - -In practice, it's pretty common for the replacement literal to be long and -complex. For instance, it might be an XSS exploit that weighs in at hundreds or -thousands of characters. To cope with this, there's a variation of the -replacement hook specifier that lets you load the replacement text from a file. -So, you might start __mitmdump__ as follows: - -<pre class="terminal"> -mitmdump --replace-from-file :~q:foo:~/xss-exploit -</pre> - -This will load the replacement text from the file __~/xss-exploit__. - -Both the _--replace_ and _--replace-from-file_ flags can be passed multiple -times. - - -## Interactively - -The _R_ shortcut key in the mitmproxy options menu (_o_) lets you add and edit -replacement hooks using a built-in editor. The context-sensitive help (_?_) has -complete usage information. - -<table class="table"> - <tbody> - <tr> - <th width="20%">command-line</th> - <td> - <ul> - <li>--replace</li> - <li>--replace-from-file</li> - </ul> - </td> - </tr> - <tr> - <th>mitmproxy shortcut</th> <td><b>o</b> then <b>R</b></td> - </tr> - </tbody> -</table> |