Mitmproxy在一个脚本中篡改GET和POST请求/响应 [英] Mitmproxy tampering GET and POST request/response in one script
问题描述
对某个网址( http://test.com )的POST请求类似于:
A POST request to a certain url(http://test.com) is like:
{
"messageType": "OK",
"city": {
"Name": "Paris",
"Views": {
"1231": {
"id": 4234,
"enableView": false
},
},
"Views": [5447, 8457],
"messages": [{
"id": "message_6443",
"eTag": 756754338
}]
},
"client": {
"Id": 53,
"email": "test@test.us",
"firstName": "test",
"lastName": "test",
"id": 52352352,
"uuid": "5631f-grdeh4",
"isAdmin": false,
我需要拦截它,并将"isAdmin"更改为true.
I need to intercept that and change "isAdmin" to true.
以及对某个网址的GET请求( https://test.com/profiles/ {Random_Numbers }/ID}) 有一个回应" [解码的gzip] JSON
And a GET request to a certain url (https://test.com/profiles/{Random_Numbers}/id}) has a 'response' [decoded gzip] JSON
{
"id": 0,
"Code": "Admin",
"display": "RRRR"
}
我需要将"id"值更改为5.
I need to change "id" value to 5.
所以基本上,我需要编写一个脚本来完成这两个任务.
So Basically I need to write one script that will do these two.
到目前为止,我已经尝试在Github中使用示例代码,但是没有得到预期的结果. (我是一个完整的菜鸟:\),希望这里有人可以帮助我入门. 预先感谢!
So far I have tried to take help of the example codes in Github, but I have had no expected result. (I'm a complete noob :\ ) and hoping someone here can help me get started. Thanks in advance!
按照Github中的示例代码,modify_response_body.py:
As per the example codes in Github, modify_response_body.py :
from libmproxy.protocol.http import decoded
def start(context, argv):
if len(argv) != 3:
raise ValueError('Usage: -s "modify-response-body.py old new"')
context.old, context.new = argv[1], argv[2]
def response(context, flow):
with decoded(flow.response): # automatically decode gzipped responses.
flow.response.content = flow.response.content.replace(context.old, context.new)`
如何为我的senario实现此功能?
How do I implement this for my senario?
也许使用libmproxy来获取http请求和响应将是一个更好的主意.
Probably using the libmproxy to get http-request and response would be a better idea, maybe.
推荐答案
您发布的脚本和Python的JSON模块应该可以使您走得很远:
The script you posted and Python's JSON module should get you pretty far:
def response(context, flow):
if flow.request.url == "...": # optionally filter based on some criteria...
with decoded(flow.response): # automatically decode gzipped responses.
data = json.loads(flow.response.content)
data["foo"] = "bar"
flow.response.content = json.dumps(data)
这篇关于Mitmproxy在一个脚本中篡改GET和POST请求/响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!