得到一个“原始的”请求来自MITM代理的回复 [英] get a "raw" request\response from MITM Proxy

问题描述

我'，脚本mitm代理（ http://mitmproxy.org/index.html ）到根据IP（每个客户端可以访问它自己的请求，响应）对文件写入HTTP和HTTPS请求和响应，以进行移动设备的单元测试。

i', scripting mitm proxy (http://mitmproxy.org/index.html) to write HTTP and HTTPS request and responses to a file according to their IP (each client can then access it's own requests\responses) for unit tests for mobile.

目前为止正如我现在所能看到的，我不能只使用str（Flow.request）或repr（Flow.request）来获得响应的原始打印，就像我进入提琴手一样，我需要从中重建它请求和响应对象的内部数据。

As far as i can see for now i can't just use str(Flow.request) or repr(Flow.request) to get a "raw" print of the response\request like i get in fiddler, i need to reconstruct it from the internal data of the Request and Response objects.

谁知道更好的方法？我正在使用：

anyone knows of a better way ? i'm using :

def response(ScriptContext, Flow):
    Flow.request....
    Flow.response....

要访问被拦截的请求或响应，我是不改变任何东西，只是观察。
现在代理服务器是8080，稍后就是80和443的透明代理服务器。
如果有人这样做，我会很高兴，如果你能分享一些信息。

To access the request or response being intercepted, i'm not changing anything, just observing. For now the proxy is on 8080, later on it's to be transparent proxy on 80 and 443. If anyone has done it before i'll be happy if you can share some info.

推荐答案

几件事。
首先你可以使用str（flow.request.headers）和request.httpversion等自己构建原始响应。
然而似乎_assemble（）和_assemble_headers（）做得很好。

couple of things. first youcan build the raw response yourself using str(flow.request.headers) and request.httpversion and the like. however it seems that _assemble() and _assemble_headers() do the trick just fine.

所以基本上：

def request(context, flow):
req = flow.request;
try:
    print("Request: -----------------");
    print(req._assemble());
    print("--------------------------");
except Exception as ee:
    print(str(ee));

def response(context, flow):
    res = flow.response;
    try:
        print("Response: -----------------");
    print(res._assemble());

    if res.content:
        size = len(res.content);
        size  = min(size, 20);
        if res.content[0:size] != res.get_decoded_content()[0:size]:
            print("\n\n");
            print(res.get_decoded_content());
    print("--------------------------");
except Exception as ee:
    print(str(ee));

您可以看到解码后的身体是否与未解码的身体不相似（我可以检查gzip内容类型虽然我也打印解码的消息。
这应该根据当前日期保存到文件中，每个文件都是从request \ response.client_conn对象中取出客户端ip后命名的。这几乎解决了我的问题。
对fiddler的一些检查显示请求可以在以后重现，这正是我需要的。

as you can see if the decoded body is not similar to the non decoded one (i can check for gzip content type though) i'm printing the decoded message as well. This should be saved to files according to current dates and each file is named after the client ip taken from request\response.client_conn object. This pretty much solved my problem. Some check with fiddler shows that the request are reproducable later on which is just what i needed.

这篇关于得到一个“原始的”请求来自MITM代理的回复的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！