一.原来的基础上添加代码

"""
This inline script allows conditional TLS Interception based
on a user-defined strategy.
Example:
> mitmdump -s tls_passthrough.py
1. curl --proxy http://localhost:8080 https://example.com --insecure
// works - we'll also see the contents in mitmproxy
2. curl --proxy http://localhost:8080 https://example.com --insecure
// still works - we'll also see the contents in mitmproxy
3. curl --proxy http://localhost:8080 https://example.com
// fails with a certificate error, which we will also see in mitmproxy
4. curl --proxy http://localhost:8080 https://example.com
// works again, but mitmproxy does not intercept and we do *not* see the contents
Authors: Maximilian Hils, Matthew Tuusberg
"""
import collections
import random from enum import Enum import mitmproxy
from mitmproxy import ctx
from mitmproxy.exceptions import TlsProtocolException
from mitmproxy.proxy.protocol import TlsLayer, RawTCPLayer class InterceptionResult(Enum):
success = True
failure = False
skipped = None class _TlsStrategy:
"""
Abstract base class for interception strategies.
""" def __init__(self):
# A server_address -> interception results mapping
self.history = collections.defaultdict(lambda: collections.deque(maxlen=200)) def should_intercept(self, server_address):
"""
Returns:
True, if we should attempt to intercept the connection.
False, if we want to employ pass-through instead.
"""
raise NotImplementedError() def record_success(self, server_address):
self.history[server_address].append(InterceptionResult.success) def record_failure(self, server_address):
self.history[server_address].append(InterceptionResult.failure) def record_skipped(self, server_address):
self.history[server_address].append(InterceptionResult.skipped) class ConservativeStrategy(_TlsStrategy):
"""
Conservative Interception Strategy - only intercept if there haven't been any failed attempts
in the history.
""" def should_intercept(self, server_address):
if InterceptionResult.failure in self.history[server_address]:
return False
return True class ProbabilisticStrategy(_TlsStrategy):
"""
Fixed probability that we intercept a given connection.
""" def __init__(self, p):
self.p = p
super(ProbabilisticStrategy, self).__init__() def should_intercept(self, server_address):
return random.uniform(0, 1) < self.p class TlsFeedback(TlsLayer):
"""
Monkey-patch _establish_tls_with_client to get feedback if TLS could be established
successfully on the client connection (which may fail due to cert pinning).
""" def _establish_tls_with_client(self):
server_address = self.server_conn.address try:
super(TlsFeedback, self)._establish_tls_with_client()
except TlsProtocolException as e:
tls_strategy.record_failure(server_address)
raise e
else:
tls_strategy.record_success(server_address) # inline script hooks below. tls_strategy = None def load(l):
l.add_option(
"tlsstrat", int, 0, "TLS passthrough strategy (0-100)",
) def configure(updated):
global tls_strategy
if ctx.options.tlsstrat > 0:
tls_strategy = ProbabilisticStrategy(float(ctx.options.tlsstrat) / 100.0)
else:
tls_strategy = ConservativeStrategy() def next_layer(next_layer):
"""
This hook does the actual magic - if the next layer is planned to be a TLS layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address if tls_strategy.should_intercept(server_address):
# We try to intercept.
# Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.
next_layer.__class__ = TlsFeedback
else:
# We don't intercept - reply with a pass-through layer and add a "skipped" entry.
mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info")
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
tls_strategy.record_skipped(server_address)

mitmproxy(TLS错误)的更多相关文章

  1. ubuntu 安装pip3 遇到Ignoring ensurepip failure: pip 8.1.1 requires SSL/TLS错误

    3.5版本之后的会自动安装pip,所以我们直接从官网下载3.5.2,下载地址:https://www.python.org/ftp/python/ 下载以后,可以用命令解压,也可以右键进行解压, ta ...

  2. osx mitmproxy ssl 错误

    记录一下,总是在这里折腾. cd ~ cd .mitmproxy cp mitmproxy-ca-cert.pem ~/ 然后到目录下双击mitmproxy-ca-cert.pem ,在钥匙串中的登录 ...

  3. Markdown使用github风格时报TLS错误解决办法

    https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-onl ...

  4. win7、linux安装使用pip、mitmproxy

    安装pip https://pip.pypa.io/en/latest/installing.html 步骤: 下载 https://bootstrap.pypa.io/get-pip.py pyth ...

  5. FTP软件发送"AUTH TLS"提示 无法连接到服务器

    响应: 220-FileZilla Server version 0.9.24 beta 响应: 220-written by Tim Kosse (Tim.Kosse@gmx.de) 响应: 220 ...

  6. Filezilla 错误

    一般来说,只要网站能访问,FTP就应该能连接的,之前好长一段时间一直遇到连接不上香港主机的问题,还以为是宽带出口线路不好,原来是自己学识浅薄,在同事的指点下才明白所以然,下面总结一下FTP连接中的常见 ...

  7. 简介TLS 1.3

    0x00 前言 最近在阅读论文,其中阅读了 WWW2021的一篇文章"TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet ...

  8. 一个上好的C# http/https类

    直接Copy拿去用吧: 新的 tls 协议需要新的.net版本, tls 至少更新到.net4吧,尽量用最新的.net! 不然出错了就折腾... using System; using System. ...

  9. filezilla无法连接linux服务器

    问题描述: 响应: 220 (vsFTPd 2.2.2)命令: AUTH TLS错误: 无法连接到服务器状态: 已从服务器断开 排查步骤: 1 检查服务器IP地址.用户名.密码是否正确 2 在控制面板 ...

随机推荐

  1. vh搭配vw进行响应式布局

    1.浏览器兼容性: IE8-不支持,IOS7.1-不支持,android4.3-不支持 2. vh代表浏览器视口高度(100vh等于当前浏览器的整个高度) 3.vw代表浏览器视口的宽度 (100vw等 ...

  2. BUU re xor

    从13行和18行的0x21(c规定十六进制必须用0x**表示)可以知道这个字符串就是33个字符 shift+e来提取出数组中的字符: 设这个数组是global数组 global[] = { 102, ...

  3. 【转载】将Centos的yum源更换为国内的阿里云源

    自己的yum源不知道什么时候给改毁了--搜到了个超简单的方法将yum源更换为阿里的源 完全参考 http://mirrors.aliyun.com/help/centos?spm=5176.bbsr1 ...

  4. json object string互转

    参考: https://www.cnblogs.com/guangshan/p/4459436.html JsonArray和JsonObject遍历方法 参考:https://blog.csdn.n ...

  5. [Android]ListView中分割线的设置

    1.在布局文件中ListView元素中通过属性设置 android:divider="#fffff"  分割线颜色 android:dividerHeight="1px& ...

  6. 「NOIP2011」Mayan游戏

    传送门 Luogu 解题思路 爆搜,并考虑几个剪枝. 不交换颜色相同的方块(有争议,但是可以过联赛数据 \(Q \omega Q\)) 左边为空才往左换 右边不为空才往右换 因为对于两个相邻方块,右边 ...

  7. 「HNOI/AHOI2018」道路

    传送门 Luogu 解题思路 考虑树形 \(\text{DP}\) 设状态 \(dp[u][i][j]\) 表示从首都走到点 \(u\) ,经过 \(i\) 条公路,\(j\) 条铁路的最小不方便值. ...

  8. 1-3SpringBoot之Controller使用

    Controller的使用 @Controller 处理http请求 @RestController Spring4之后新加的注解,原来返回json需要@ResponseBody配合@Controll ...

  9. 可旋转Treap(树堆)总结

    树堆,在数据结构中也称Treap,是指有一个随机附加域满足堆的性质的二叉搜索树,其结构相当于以随机数据插入的二叉搜索树.其基本操作的期望时间复杂度为O(logn).相对于其他的平衡二叉搜索树,Trea ...

  10. loadrunner controller查看参数日志

    1.在generator,我们用这个语句来输出参数:lr_output_message("目录为%s", lr_eval_string("{NewParam}" ...