獏狩,雨林蝎,网游之gm也疯狂
我要评论"""
this inline script allows conditional tls interception based
on a user-defined strategy.
example:
> mitmdump -s tls_passthrough.py
1. curl --proxy http://localhost:8080 https://example.com --insecure
// works - we'll also see the contents in mitmproxy
2. curl --proxy http://localhost:8080 https://example.com --insecure
// still works - we'll also see the contents in mitmproxy
3. curl --proxy http://localhost:8080 https://example.com
// fails with a certificate error, which we will also see in mitmproxy
4. curl --proxy http://localhost:8080 https://example.com
// works again, but mitmproxy does not intercept and we do *not* see the contents
authors: maximilian hils, matthew tuusberg
"""
import collections
import random
from enum import enum
import mitmproxy
from mitmproxy import ctx
from mitmproxy.exceptions import tlsprotocolexception
from mitmproxy.proxy.protocol import tlslayer, rawtcplayer
class interceptionresult(enum):
success = true
failure = false
skipped = none
class _tlsstrategy:
"""
abstract base class for interception strategies.
"""
def __init__(self):
# a server_address -> interception results mapping
self.history = collections.defaultdict(lambda: collections.deque(maxlen=200))
def should_intercept(self, server_address):
"""
returns:
true, if we should attempt to intercept the connection.
false, if we want to employ pass-through instead.
"""
raise notimplementederror()
def record_success(self, server_address):
self.history[server_address].append(interceptionresult.success)
def record_failure(self, server_address):
self.history[server_address].append(interceptionresult.failure)
def record_skipped(self, server_address):
self.history[server_address].append(interceptionresult.skipped)
class conservativestrategy(_tlsstrategy):
"""
conservative interception strategy - only intercept if there haven't been any failed attempts
in the history.
"""
def should_intercept(self, server_address):
if interceptionresult.failure in self.history[server_address]:
return false
return true
class probabilisticstrategy(_tlsstrategy):
"""
fixed probability that we intercept a given connection.
"""
def __init__(self, p):
self.p = p
super(probabilisticstrategy, self).__init__()
def should_intercept(self, server_address):
return random.uniform(0, 1) < self.p
class tlsfeedback(tlslayer):
"""
monkey-patch _establish_tls_with_client to get feedback if tls could be established
successfully on the client connection (which may fail due to cert pinning).
"""
def _establish_tls_with_client(self):
server_address = self.server_conn.address
try:
super(tlsfeedback, self)._establish_tls_with_client()
except tlsprotocolexception as e:
tls_strategy.record_failure(server_address)
raise e
else:
tls_strategy.record_success(server_address)
# inline script hooks below.
tls_strategy = none
def load(l):
l.add_option(
"tlsstrat", int, 0, "tls passthrough strategy (0-100)",
)
def configure(updated):
global tls_strategy
if ctx.options.tlsstrat > 0:
tls_strategy = probabilisticstrategy(float(ctx.options.tlsstrat) / 100.0)
else:
tls_strategy = conservativestrategy()
def next_layer(next_layer):
"""
this hook does the actual magic - if the next layer is planned to be a tls layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, tlslayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
if tls_strategy.should_intercept(server_address):
# we try to intercept.
# monkey-patch the layer to get feedback from the tlslayer if interception worked.
next_layer.__class__ = tlsfeedback
else:
# we don't intercept - reply with a pass-through layer and add a "skipped" entry.
mitmproxy.ctx.log("tls passthrough for %s" % repr(next_layer.server_conn.address), "info")
next_layer_replacement = rawtcplayer(next_layer.ctx, ignore=true)
next_layer.reply.send(next_layer_replacement)
tls_strategy.record_skipped(server_address)
如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复
python求numpy中array按列非零元素的平均值案例
网友评论