mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-24 00:31:33 +00:00
75 lines
2.9 KiB
HTML
75 lines
2.9 KiB
HTML
|
Mitmproxy lets you specify an arbitrary number of patterns that define text
|
||
|
replacements within flows. Each pattern has 3 components: a filter that defines
|
||
|
which flows a replacement applies to, a regular expression that defines what
|
||
|
gets replaced, and a target value that defines what is substituted in.
|
||
|
|
||
|
Replace hooks fire when either a client request or a server response is
|
||
|
received. Only the matching flow component is affected: so, for example, if a
|
||
|
replace hook is triggered on server response, the replacement is only run on
|
||
|
the Response object leaving the Request intact. You control whether the hook
|
||
|
triggers on the request, response or both using the filter pattern. If you need
|
||
|
finer-grained control than this, it's simple to create a script using the
|
||
|
replacement API on Flow components.
|
||
|
|
||
|
Replacement hooks are extremely handy in interactive testing of applications.
|
||
|
For instance you can use a replace hook to replace the text "XSS" with a
|
||
|
complicated XSS exploit, and then "inject" the exploit simply by interacting
|
||
|
with the application through the browser. When used with tools like Firebug and
|
||
|
mitmproxy's own interception abilities, replacement hooks can be an amazingly
|
||
|
flexible and powerful feature.
|
||
|
|
||
|
|
||
|
## On the command-line
|
||
|
|
||
|
The replacement hook command-line options use a compact syntax to make it easy
|
||
|
to specify all three components at once. The general form is as follows:
|
||
|
|
||
|
/patt/regex/replacement
|
||
|
|
||
|
Here, __patt__ is a mitmproxy filter expression, __regex__ is a valid Python
|
||
|
regular expression, and __replacement__ is a string literal. The first
|
||
|
character in the expression (__/__ in this case) defines what the separation
|
||
|
character is. Here's an example of a valid expression that replaces "foo" with
|
||
|
"bar" in all requests:
|
||
|
|
||
|
:~q:foo:bar
|
||
|
|
||
|
In practice, it's pretty common for the replacement literal to be long and
|
||
|
complex. For instance, it might be an XSS exploit that weighs in at hundreds or
|
||
|
thousands of characters. To cope with this, there's a variation of the
|
||
|
replacement hook specifier that lets you load the replacement text from a file.
|
||
|
So, you might start __mitmdump__ as follows:
|
||
|
|
||
|
<pre class="terminal">
|
||
|
mitmdump --replace-from-file :~q:foo:~/xss-exploit
|
||
|
</pre>
|
||
|
|
||
|
This will load the replacement text from the file __~/xss-exploit__.
|
||
|
|
||
|
Both the _--replace_ and _--replace-from-file_ flags can be passed multiple
|
||
|
times.
|
||
|
|
||
|
|
||
|
## Interactively
|
||
|
|
||
|
The _R_ shortcut key in mitmproxy lets you add and edit replacement hooks using
|
||
|
a built-in editor. The context-sensitive help (_h_) has complete usage
|
||
|
information.
|
||
|
|
||
|
<table class="table">
|
||
|
<tbody>
|
||
|
<tr>
|
||
|
<th width="20%">command-line</th>
|
||
|
<td>
|
||
|
<ul>
|
||
|
<li>--replace</li>
|
||
|
<li>--replace-from-file</li>
|
||
|
</ul>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th>mitmproxy shortcut</th> <td><b>R</b></td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|