mitmproxy/mitmdump/mitmweb抓取websocket包并解码输出

 代理  mitmproxy/mitmdump/mitmweb抓取websocket包并解码输出已关闭评论
11月 292019
 

mitmproxy系列工具可以抓取websocket包并将它解码输出,需要怎么做呢?

 

mitmproxy/mitmdump/mitmweb命令行支持 -s  脚本文件.py,此脚本文件(addons)支持的Events事件见

https://docs.mitmproxy.org/stable/addons-events/#supported-events

 

mitmproxy 自带的addons实例文件可参考:https://github.com/mitmproxy/mitmproxy/tree/master/mitmproxy/addons

 

举例:(抓取并解码websocket的包并输出)

snifferWS.py

#!mitmdump -s

import mitmproxy.addonmanager

import mitmproxy.connections

import mitmproxy.http

import mitmproxy.log

import mitmproxy.tcp

import mitmproxy.websocket

import mitmproxy.proxy.protocol

class SniffWebSocket:

    def __init__(self):

        pass

    # Websocket lifecycle

    def websocket_handshake(self, flow: mitmproxy.http.HTTPFlow):

        “””

            Called when a client wants to establish a WebSocket connection. The

            WebSocket-specific headers can be manipulated to alter the

            handshake. The flow object is guaranteed to have a non-None request

            attribute.

        “””

    def websocket_start(self, flow: mitmproxy.websocket.WebSocketFlow):

        “””

            A websocket connection has commenced.

        “””

    def websocket_message(self, flow: mitmproxy.websocket.WebSocketFlow):

        “””

            Called when a WebSocket message is received from the client or

            server. The most recent message will be flow.messages[-1]. The

            message is user-modifiable. Currently there are two types of

            messages, corresponding to the BINARY and TEXT frame types.

        “””

        for flow_msg in flow.messages:

            packet = flow_msg.content

            from_client = flow_msg.from_client

            print(“[” + (“Sended” if from_client else “Reveived”) + “]: decode the packet here: %r…” % packet)

    def websocket_error(self, flow: mitmproxy.websocket.WebSocketFlow):

        “””

            A websocket connection has had an error.

        “””

        print(“websocket_error, %r” % flow)

    def websocket_end(self, flow: mitmproxy.websocket.WebSocketFlow):

        “””

            A websocket connection has ended.

        “””

addons = [

    SniffWebSocket()

]

 

使用命令行 mitmproxy或mitmdump或mitmweb 加 -s snifferWS.py(如: mitmweb -s snifferWS.py) 即可以看到websocket解码的输出了.

实际使用中我一般使用mitmweb -s snifferWS.py 方式,因为这样在web浏览器里可以窗口化显示http/https的详细输入输出,而在终端运行的窗口可以看到websocket的信息。

 

注意:

在使用中发现在我的ios 13.1的iphone机器上无法抓到websocket的解码内容,但android的机器可以,目前还没有找到好的方法,有知道的朋友可以分享下