mitmproxy是一个代理工具(软件安装 或 Python模块安装),实现代理请求(拦截请求或修改请求)
这里介绍python的模块使用
pip install mitmproxy
基本就没有报错了。
启动
启动mitmproxy,去本地用户目录中寻找证书。
mitmdump -q -p 8888 -s v1.py
from mitmproxy import http
from mitmproxy.http import Request
def request(flow: http.HTTPFlow):
print("请求->", flow.request.url)
def response(flow: http.HTTPFlow):
pass
效果:
获取证书
在电脑 C:\Users\admin\.mitmproxy
中去获取。admin是我的账户名
配置代理
请求
读取
from mitmproxy import http
from mitmproxy.http import Request
def request(flow):
print("请求-->", flow.request.url)
print("请求-->", flow.request.host)
print("请求-->", flow.request.path)
print("请求-->", flow.request.query)
print("请求-->", flow.request.cookies)
print("请求-->", flow.request.headers)
print("请求-->", flow.request.method)
print("请求-->", flow.request.content)
def response(flow: http.HTTPFlow):
pass
修改:
from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
def request(flow: HTTPFlow):
flow.request.type=movie&tag=%E7%83%AD%E9%97%A8&sort=recommend&page_limit=20&page_start=20"
def response(flow: http.HTTPFlow):
pass
mitmdump -q -p 8888 -s v2.py
返回结果:
from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
from mitmproxy.http import Response
def request(flow: HTTPFlow):
if flow.request.url.startswith
flow.response = Response.make(
200, # (optional) status code
b"Hello World", # (optional) content
{"Content-Type": "text/html"} # (optional) headers
)
def response(flow: http.HTTPFlow):
pass
# mitmdump -q -p 8888 -s v1.py
共享vip的原理
获取已经登录的用户cookie,利用这个软件,把cookie复制给其他用户使用。
可能还会校验其他字段,我这里没测试。辛辛苦苦改了这么多字段。
这里我随便找了个网站登录:
from mitmproxy import http
from mitmproxy.http import Request
from mitmproxy.http import HTTPFlow
def request(flow: HTTPFlow):
print(flow.request.url)
flow.request.cookies = [
('bt_guid', '%223fdd01a4efcf1d5689d0c42087a10669%22'),
('from_url', '360'),
('is_sem_chan', '1'),
('26526d84a1514f6a4bf6aab55685074d', '%220a35a8a8059a99fb4f9570dd8c0a57c7%22'),
('issem', '1'),
('semword', '%E6%9C%AA%E6%A0%87%E8%AE%B0'),
('host', ''),
('source_url', '360_tuiguang'),
('no_login_pv', '1'),
('588KUSSID', '2ekpob3v2pl9l7g1cffgoeh7k2'),
('ocpc', 'https%3A%2F%%2Fso%2F%3Fh%3D360%26sem%3D1%26kw%3Dqs0009503%26guanggao%26qhclickid%3D179762ef0361158b'),
('_k_iprec_1', '218.89.183.7'),
('_k_iprec_wd_1', '%7C-'),
('_k_iprec_kw_1', 'qs0009503'),
('_k_ut_v1', '%22%7B%5C%22ip%5C%22%3A%5C%22218.89.183.7%5C%22%2C%5C%22d%5C%22%3A%5C%222024-01-12%5C%22%2C%5C%22h%5C%22%3A%5C%22360%5C%22%2C%5C%22hd%5C%22%3A%5C%22%5C%22%2C%5C%22sem%5C%22%3A%5C%221%5C%22%2C%5C%22host%5C%22%3A%5C%22%5C%22%2C%5C%22bm%5C%22%3A8258%2C%5C%22kw%5C%22%3A%5C%22qs0009503%5C%22%7D%22'),
('Hm_lvt_3e90322e8debb1d06c9c463f41ea984b', '1705051593'),
('user_sem_source', '1'),
('699pic_popup_lock', '1'),
('user_source', 'sem'),
('Hm_lvt_8226f7457e3273fa68c31fdc4ebf62ff', '1705051593'),
('referer', '%22http%3A%5C%2F%5C%%5C%2F%3Fm%3DAdvertising%26a%3DgetAdvertising%22'),
('FIRSTVISITED', '1705051593.283'),
('qka.ref-qkm', '{%22r_qkm%22:%220.0.0.0.0%22%2C%22r_url%22:%22https:///so/?h=360&sem=1&kw=qs0009503&guanggao&qhclickid=179762ef0361158b%22%2C%22r_ref%22:%22https:///%22%2C%22r_ref_kw%22:%22%22%2C%22r_bd_vid%22:%22%22}'),
('qka.session-id', 'e949a82d-127d-46b8-a67e-605b393badbd'),
('qka.session-is-day', '1'),
('588ku_login_refer_url', 'https%3A///so/%3Fh%3D360%26sem%3D1%26kw%3Dqs0009503%26guanggao%26qhclickid%3D179762ef0361158b'),
('temp_login_uid', '42851994'),
('temp_login_avator', '%22https%3A%5C%2F%5C%%5C%2Fmmopen%5C%2Fvi_32%5C%2F7KbDZ2Y8Nc0xNiadHnQQw0xuibmqQUulzAj4RmhV5OHFDW4Hlyk8DePN2gC5fO2kfjic9RYr7CxpuoVVfQOMGQxtO8sDXicqhMkCc9Y52175mwI%5C%2F132%22'),
('temp_login_flag2', '1'),
('auth_id', '%2242851994%7C%5Cu6c99%5Cu6f20%5Cu91cc%5Cu7684%5Cu6708%5Cu4eae%7C1705915618%7Cb9e5966cf0446ca56d3bae32857471c8%22'),
('sns', '%7B%22token%22%3A%7B%22access_token%22%3A%2276_Dlng_R3DOoRIsboQttgWg_O8rX_wu0_4HfbqA44Uj-23-gJ91j9WkzCZx9U705tarrNQQOrVj-iaD5u3yXK79mlVKZsHsmSsFyOtoF0TCEI%22%2C%22expires_in%22%3A7200%2C%22refresh_token%22%3A%2276_KSJsKagOTgFzR35Jihwxn_Zd6NLC4lGruloHuqBJevmaBz2nFPJrI5t5Q4H8W3iMLsg9adRt27ouV5egxNufdmNwkn7gDmKdqNDk6zIssiQ%22%2C%22openid%22%3A%22oH595wO-cTXAdunrY35QdYPmvYVY%22%2C%22scope%22%3A%22snsapi_login%22%2C%22unionid%22%3A%22oe6yuwzppL8fiafQUbocJ9IUaSGA%22%7D%2C%22type%22%3A%22weixin%22%7D'),
('last_login_type', '2'),
('qka.last-from', '{%22url%22:%22https:///so/?h=360&sem=1&kw=qs0009503&guanggao&qhclickid=179762ef0361158b%22%2C%22ref%22:%22https:///%22%2C%22bd_vid%22:%22%22}'),
('ISREQUEST', '1'),
('WEBPARAMS', 'is_pay=0'),
('adIssem', '0'),
('qk_host', ''),
('location', '6'),
('_qkm_841a5ea6b26b6b62b7102bfdc907164b', '0.0.0.0.51192dcbEVY3vl'),
('login_pv', '3'),
('write_phone_pv', '3'),
( 'Hm_lpvt_3e90322e8debb1d06c9c463f41ea984b', '1705051628'),
('Hm_lpvt_8226f7457e3273fa68c31fdc4ebf62ff', '1705051628'),
]
def response(flow: http.HTTPFlow):
pass
# mitmdump -q -p 8888 -s v1.py