Created
April 18, 2023 12:31
-
-
Save h43z/62e012c144be8b7aa5acb497bc946cfd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| import mitmproxy.types | |
| from mitmproxy import ctx | |
| from mitmproxy import command | |
| from mitmproxy import flow | |
| from mitmproxy import http | |
| from mitmproxy.log import ALERT | |
| class Intruder: | |
| @command.command("intruder.run") | |
| def run(self, flow: flow.Flow, payloads: mitmproxy.types.Path) -> None: | |
| with open(payloads) as file: | |
| for line in file: | |
| payload = line.rstrip() | |
| f = flow.copy() | |
| f.request.is_intruder = payload | |
| f.request.path = f.request.path.replace("_PAYLOAD_", payload) | |
| f.request.content = f.request.content.replace(b"_PAYLOAD_", str.encode(payload)) | |
| for key, value in f.request.query.items(multi=True): | |
| if "_PAYLOAD_" in key: | |
| del f.request.query[key] | |
| key = key.replace("_PAYLOAD_", payload) | |
| f.request.query[key] = value | |
| if "_PAYLOAD_" in value: | |
| f.request.query[key] = value.replace("_PAYLOAD_", payload) | |
| for key, value in f.request.cookies.items(multi=True): | |
| if "_PAYLOAD_" in key: | |
| del f.request.cookies[key] | |
| key = key.replace("_PAYLOAD_", payload) | |
| f.request.cookies[key] = value | |
| if "_PAYLOAD_" in value: | |
| f.request.cookies[key] = value.replace("_PAYLOAD_", payload) | |
| ctx.master.commands.call('replay.client', [f]) | |
| def request(self, flow: flow.Flow): | |
| logging.info(f"intruder with payload {flow.request.is_intruder}") | |
| addons = [Intruder()] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment