Mitmproxy在一个脚本中篡改GET和POST请求/响应 [英] Mitmproxy tampering GET and POST request/response in one script

问题描述

对某个网址( http://test.com )的POST请求类似于:

A POST request to a certain url(http://test.com) is like:

{

"messageType": "OK",
"city": {
    "Name": "Paris",
    "Views": {
        "1231": {
            "id": 4234,
             "enableView": false
        },
    },
    "Views": [5447, 8457],
    "messages": [{
        "id": "message_6443",
        "eTag": 756754338
    }]
},
"client": {
    "Id": 53,
    "email": "test@test.us",
    "firstName": "test",
    "lastName": "test",
    "id": 52352352,
    "uuid": "5631f-grdeh4",
    "isAdmin": false,

我需要拦截它，并将"isAdmin"更改为true.

I need to intercept that and change "isAdmin" to true.

以及对某个网址的GET请求( https://test.com/profiles/ {Random_Numbers }/ID}) 有一个回应" [解码的gzip] JSON

And a GET request to a certain url (https://test.com/profiles/{Random_Numbers}/id}) has a 'response' [decoded gzip] JSON

{
"id": 0, 
"Code": "Admin", 
"display": "RRRR"
}

我需要将"id"值更改为5.

I need to change "id" value to 5.

所以基本上，我需要编写一个脚本来完成这两个任务.

So Basically I need to write one script that will do these two.

到目前为止，我已经尝试在Github中使用示例代码，但是没有得到预期的结果. (我是一个完整的菜鸟:\)，希望这里有人可以帮助我入门. 预先感谢！

So far I have tried to take help of the example codes in Github, but I have had no expected result. (I'm a complete noob :\ ) and hoping someone here can help me get started. Thanks in advance!

按照Github中的示例代码，modify_response_body.py:

As per the example codes in Github, modify_response_body.py :

from libmproxy.protocol.http import decoded

def start(context, argv):
  if len(argv) != 3:
   raise ValueError('Usage: -s "modify-response-body.py old new"')
    context.old, context.new = argv[1], argv[2]


def response(context, flow):
    with decoded(flow.response):  # automatically decode gzipped responses.
      flow.response.content = flow.response.content.replace(context.old, context.new)`

如何为我的senario实现此功能?

How do I implement this for my senario?

也许使用libmproxy来获取http请求和响应将是一个更好的主意.

Probably using the libmproxy to get http-request and response would be a better idea, maybe.

推荐答案

您发布的脚本和Python的JSON模块应该可以使您走得很远:

The script you posted and Python's JSON module should get you pretty far:

def response(context, flow):
    if flow.request.url == "...": # optionally filter based on some criteria...
        with decoded(flow.response):  # automatically decode gzipped responses.
            data = json.loads(flow.response.content)
            data["foo"] = "bar"
            flow.response.content = json.dumps(data)

这篇关于Mitmproxy在一个脚本中篡改GET和POST请求/响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！