mitmproxy(TLS错误)
一.原来的基础上添加代码
"""
This inline script allows conditional TLS Interception based
on a user-defined strategy.
Example:
> mitmdump -s tls_passthrough.py
1. curl --proxy http://localhost:8080 https://example.com --insecure
// works - we'll also see the contents in mitmproxy
2. curl --proxy http://localhost:8080 https://example.com --insecure
// still works - we'll also see the contents in mitmproxy
3. curl --proxy http://localhost:8080 https://example.com
// fails with a certificate error, which we will also see in mitmproxy
4. curl --proxy http://localhost:8080 https://example.com
// works again, but mitmproxy does not intercept and we do *not* see the contents
Authors: Maximilian Hils, Matthew Tuusberg
"""
import collections
import random
from enum import Enum
import mitmproxy
from mitmproxy import ctx
from mitmproxy.exceptions import TlsProtocolException
from mitmproxy.proxy.protocol import TlsLayer, RawTCPLayer
class InterceptionResult(Enum):
success = True
failure = False
skipped = None
class _TlsStrategy:
"""
Abstract base class for interception strategies.
"""
def __init__(self):
# A server_address -> interception results mapping
self.history = collections.defaultdict(lambda: collections.deque(maxlen=200))
def should_intercept(self, server_address):
"""
Returns:
True, if we should attempt to intercept the connection.
False, if we want to employ pass-through instead.
"""
raise NotImplementedError()
def record_success(self, server_address):
self.history[server_address].append(InterceptionResult.success)
def record_failure(self, server_address):
self.history[server_address].append(InterceptionResult.failure)
def record_skipped(self, server_address):
self.history[server_address].append(InterceptionResult.skipped)
class ConservativeStrategy(_TlsStrategy):
"""
Conservative Interception Strategy - only intercept if there haven't been any failed attempts
in the history.
"""
def should_intercept(self, server_address):
if InterceptionResult.failure in self.history[server_address]:
return False
return True
class ProbabilisticStrategy(_TlsStrategy):
"""
Fixed probability that we intercept a given connection.
"""
def __init__(self, p):
self.p = p
super(ProbabilisticStrategy, self).__init__()
def should_intercept(self, server_address):
return random.uniform(0, 1) < self.p
class TlsFeedback(TlsLayer):
"""
Monkey-patch _establish_tls_with_client to get feedback if TLS could be established
successfully on the client connection (which may fail due to cert pinning).
"""
def _establish_tls_with_client(self):
server_address = self.server_conn.address
try:
super(TlsFeedback, self)._establish_tls_with_client()
except TlsProtocolException as e:
tls_strategy.record_failure(server_address)
raise e
else:
tls_strategy.record_success(server_address)
# inline script hooks below.
tls_strategy = None
def load(l):
l.add_option(
"tlsstrat", int, 0, "TLS passthrough strategy (0-100)",
)
def configure(updated):
global tls_strategy
if ctx.options.tlsstrat > 0:
tls_strategy = ProbabilisticStrategy(float(ctx.options.tlsstrat) / 100.0)
else:
tls_strategy = ConservativeStrategy()
def next_layer(next_layer):
"""
This hook does the actual magic - if the next layer is planned to be a TLS layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
if tls_strategy.should_intercept(server_address):
# We try to intercept.
# Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.
next_layer.__class__ = TlsFeedback
else:
# We don't intercept - reply with a pass-through layer and add a "skipped" entry.
mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info")
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
tls_strategy.record_skipped(server_address)
mitmproxy(TLS错误)的更多相关文章
- ubuntu 安装pip3 遇到Ignoring ensurepip failure: pip 8.1.1 requires SSL/TLS错误
3.5版本之后的会自动安装pip,所以我们直接从官网下载3.5.2,下载地址:https://www.python.org/ftp/python/ 下载以后,可以用命令解压,也可以右键进行解压, ta ...
- osx mitmproxy ssl 错误
记录一下,总是在这里折腾. cd ~ cd .mitmproxy cp mitmproxy-ca-cert.pem ~/ 然后到目录下双击mitmproxy-ca-cert.pem ,在钥匙串中的登录 ...
- Markdown使用github风格时报TLS错误解决办法
https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-onl ...
- win7、linux安装使用pip、mitmproxy
安装pip https://pip.pypa.io/en/latest/installing.html 步骤: 下载 https://bootstrap.pypa.io/get-pip.py pyth ...
- FTP软件发送"AUTH TLS"提示 无法连接到服务器
响应: 220-FileZilla Server version 0.9.24 beta 响应: 220-written by Tim Kosse (Tim.Kosse@gmx.de) 响应: 220 ...
- Filezilla 错误
一般来说,只要网站能访问,FTP就应该能连接的,之前好长一段时间一直遇到连接不上香港主机的问题,还以为是宽带出口线路不好,原来是自己学识浅薄,在同事的指点下才明白所以然,下面总结一下FTP连接中的常见 ...
- 简介TLS 1.3
0x00 前言 最近在阅读论文,其中阅读了 WWW2021的一篇文章"TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet ...
- 一个上好的C# http/https类
直接Copy拿去用吧: 新的 tls 协议需要新的.net版本, tls 至少更新到.net4吧,尽量用最新的.net! 不然出错了就折腾... using System; using System. ...
- filezilla无法连接linux服务器
问题描述: 响应: 220 (vsFTPd 2.2.2)命令: AUTH TLS错误: 无法连接到服务器状态: 已从服务器断开 排查步骤: 1 检查服务器IP地址.用户名.密码是否正确 2 在控制面板 ...
随机推荐
- NXP TJA1040, TJA1042, TJA1050 TJA1051, TJA1057, TJA1044, TJA1055区别
历史关系 PCA82C250和PCA82C251是属于NXP第一代 CAN PHY(CAN物理层收发器): TJA1050, TJA1040和TJA1041是属于NXP第二代CAN PHY: TJA1 ...
- leetcode209 Minimum Size Subarray Sum
""" Given an array of n positive integers and a positive integer s, find the minimal ...
- redis的并发set
1.Redis高并发的问题 Redis缓存的高性能有目共睹,应用的场景也是非常广泛,但是在高并发的场景下,也会出现问题:缓存击穿.缓存雪崩.缓存和数据一致性,以及今天要谈到的缓存并发竞争. 这里的并发 ...
- 小程序本地存储之wx.getStorageSync
这个主要可以解决微信小程序的记录缓存,入输入框的搜索历史记录 直接上代码 setsearchMsg:function(){ var that=this if (this.data.inputValue ...
- 联想电脑硬盘保护系统EDU8.0.1iso安装
管理306机房4年了,15年我带领的第一批学生参加吉林省职业院校技能大赛的时候,领导把这个机房交给我负责.那个时候这个机房的机器是全校的顶配,30台DELL16G内存,2T硬盘,I7处理器,后面是6组 ...
- CH9 顺序容器
本章主要介绍了标准库顺序容器,包括 顺序容器的公共接口,如构造函数,添加/删除操作等 利用迭代器访问容器 不同顺序容器的差异 string的特殊操作 容器适配器,如栈,队列等 9.1 “按字典序插入到 ...
- Celery的常用知识
什么是Clelery Celery是一个简单.灵活且可靠的,处理大量消息的分布式系统.专注于实时处理的异步任务队列.同时也支持任务调度. Celery的架构由三部分组成,消息中间件(message ...
- 5.7 Nginx 其他模块
- 如何使用Nexus搭建Maven私服
如何使用Nexus搭建Maven私服 听语音 | 浏览:47 | 更新:2016-09-29 10:22 1 2 3 4 5 6 7 分步阅读 一键约师傅 百度师傅最快的到家服务,最优质的电脑清灰! ...
- scikit_learn (sklearn)库中NearestNeighbors(最近邻)函数的各参数说明
NearestNeighbors(n_neighbors=5, radius=1.0, algorithm='auto', leaf_size=30, metric='minkowski', p=2, ...