一.原来的基础上添加代码

"""

This inline script allows conditional TLS Interception based

on a user-defined strategy.

Example:

    > mitmdump -s tls_passthrough.py

    1. curl --proxy http://localhost:8080 https://example.com --insecure

    // works - we'll also see the contents in mitmproxy

    2. curl --proxy http://localhost:8080 https://example.com --insecure

    // still works - we'll also see the contents in mitmproxy

    3. curl --proxy http://localhost:8080 https://example.com

    // fails with a certificate error, which we will also see in mitmproxy

    4. curl --proxy http://localhost:8080 https://example.com

    // works again, but mitmproxy does not intercept and we do *not* see the contents

Authors: Maximilian Hils, Matthew Tuusberg

"""

import collections

import random

from enum import Enum

import mitmproxy

from mitmproxy import ctx

from mitmproxy.exceptions import TlsProtocolException

from mitmproxy.proxy.protocol import TlsLayer, RawTCPLayer

class InterceptionResult(Enum):

    success = True

    failure = False

    skipped = None

class _TlsStrategy:

    """

    Abstract base class for interception strategies.

    """

    def __init__(self):

        # A server_address -> interception results mapping

        self.history = collections.defaultdict(lambda: collections.deque(maxlen=200))

    def should_intercept(self, server_address):

        """

        Returns:

            True, if we should attempt to intercept the connection.

            False, if we want to employ pass-through instead.

        """

        raise NotImplementedError()

    def record_success(self, server_address):

        self.history[server_address].append(InterceptionResult.success)

    def record_failure(self, server_address):

        self.history[server_address].append(InterceptionResult.failure)

    def record_skipped(self, server_address):

        self.history[server_address].append(InterceptionResult.skipped)

class ConservativeStrategy(_TlsStrategy):

    """

    Conservative Interception Strategy - only intercept if there haven't been any failed attempts

    in the history.

    """

    def should_intercept(self, server_address):

        if InterceptionResult.failure in self.history[server_address]:

            return False

        return True

class ProbabilisticStrategy(_TlsStrategy):

    """

    Fixed probability that we intercept a given connection.

    """

    def __init__(self, p):

        self.p = p

        super(ProbabilisticStrategy, self).__init__()

    def should_intercept(self, server_address):

        return random.uniform(0, 1) < self.p

class TlsFeedback(TlsLayer):

    """

    Monkey-patch _establish_tls_with_client to get feedback if TLS could be established

    successfully on the client connection (which may fail due to cert pinning).

    """

    def _establish_tls_with_client(self):

        server_address = self.server_conn.address

        try:

            super(TlsFeedback, self)._establish_tls_with_client()

        except TlsProtocolException as e:

            tls_strategy.record_failure(server_address)

            raise e

        else:

            tls_strategy.record_success(server_address)

# inline script hooks below.

tls_strategy = None

def load(l):

    l.add_option(

        "tlsstrat", int, 0, "TLS passthrough strategy (0-100)",

    )

def configure(updated):

    global tls_strategy

    if ctx.options.tlsstrat > 0:

        tls_strategy = ProbabilisticStrategy(float(ctx.options.tlsstrat) / 100.0)

    else:

        tls_strategy = ConservativeStrategy()

def next_layer(next_layer):

    """

    This hook does the actual magic - if the next layer is planned to be a TLS layer,

    we check if we want to enter pass-through mode instead.

    """

    if isinstance(next_layer, TlsLayer) and next_layer._client_tls:

        server_address = next_layer.server_conn.address

        if tls_strategy.should_intercept(server_address):

            # We try to intercept.

            # Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.

            next_layer.__class__ = TlsFeedback

        else:

            # We don't intercept - reply with a pass-through layer and add a "skipped" entry.

            mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info")

            next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)

            next_layer.reply.send(next_layer_replacement)

            tls_strategy.record_skipped(server_address)

mitmproxy(TLS错误)的更多相关文章

  1. ubuntu 安装pip3 遇到Ignoring ensurepip failure: pip 8.1.1 requires SSL/TLS错误

    3.5版本之后的会自动安装pip,所以我们直接从官网下载3.5.2,下载地址:https://www.python.org/ftp/python/ 下载以后,可以用命令解压,也可以右键进行解压, ta ...

  2. osx mitmproxy ssl 错误

    记录一下,总是在这里折腾. cd ~ cd .mitmproxy cp mitmproxy-ca-cert.pem ~/ 然后到目录下双击mitmproxy-ca-cert.pem ,在钥匙串中的登录 ...

  3. Markdown使用github风格时报TLS错误解决办法

    https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-onl ...

  4. win7、linux安装使用pip、mitmproxy

    安装pip https://pip.pypa.io/en/latest/installing.html 步骤: 下载 https://bootstrap.pypa.io/get-pip.py pyth ...

  5. FTP软件发送"AUTH TLS"提示 无法连接到服务器

    响应: 220-FileZilla Server version 0.9.24 beta 响应: 220-written by Tim Kosse (Tim.Kosse@gmx.de) 响应: 220 ...

  6. Filezilla 错误

    一般来说,只要网站能访问,FTP就应该能连接的,之前好长一段时间一直遇到连接不上香港主机的问题,还以为是宽带出口线路不好,原来是自己学识浅薄,在同事的指点下才明白所以然,下面总结一下FTP连接中的常见 ...

  7. 简介TLS 1.3

    0x00 前言 最近在阅读论文,其中阅读了 WWW2021的一篇文章"TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet ...

  8. 一个上好的C# http/https类

    直接Copy拿去用吧: 新的 tls 协议需要新的.net版本, tls 至少更新到.net4吧,尽量用最新的.net! 不然出错了就折腾... using System; using System. ...

  9. filezilla无法连接linux服务器

    问题描述: 响应: 220 (vsFTPd 2.2.2)命令: AUTH TLS错误: 无法连接到服务器状态: 已从服务器断开 排查步骤: 1 检查服务器IP地址.用户名.密码是否正确 2 在控制面板 ...

随机推荐

  1. HTML中元素 标签 属性

    HTNL中元素是以开始标签开始 结束标签结尾的 如:<p>this is a paragraph </p> <p>是开始标签   </p>是结束标签  ...

  2. 按钮UIButton的使用

    一.使用概要 当添加一个按钮到你的界面,执行以下步骤: 1.在创建时设置按钮的类型. 2.提供一个标题字符串或图像,为您的内容适当调整按钮的大小. 3.连接一个或多个操作按钮的方法. 4.设置自动布局 ...

  3. 学习进度-11 RDD 编程初级实践

    一. 请到本教程官网的“下载专区”的“数据集”中下载 chapter5-data1.txt,该数据集包含 了某大学计算机系的成绩,数据格式如下所示: Tom,DataBase,80 Tom,Algor ...

  4. 页面的五种布局以及嵌套『Android系列八』

    转自:http://blog.csdn.net/dazlly/article/details/7860125 因为学习比较晚,我用的相关版本为SDK4.1.eclipse4.2,而自己看的教材都是低版 ...

  5. SpringBoot Date类型插入数据库始终比正确时间早一天问题解决办法

    bug描述 昨天的Date插入不进去问题解决后,一直没发现其实插入的时间一直比正确的时间早一天 输出sql语句,发现insert语句还是对的,不知道为什么插入数据库之后结果就早了一天 https:// ...

  6. python绘制WordCloud词云图

    目录 前言 核心代码 测试 前言 当我们想快速了解书籍.小说.电影剧本中的内容时,可以绘制 WordCloud 词云图,显示主要的关键词(高频词),可以非常直观地看到结果 核心代码 from word ...

  7. Ubuntu 16.04非编译安装Zabbix 3.2----服务端和客户端win的配置

    控服务器 - 什么是Zabbix Zabbix是企业级开源分布式监控服务器解决方案. 该软件监控网络的不同参数和服务器的完整性,还允许为任何事件配置基于电子邮件的警报. Zabbix根据存储在数据库( ...

  8. Java提升四:Stream流

    1.Stream流的定义 Stream是Java中的一个接口.它的作用类似于迭代器,但其功能比迭代器强大,主要用于对数组和集合的操作. Stream中的流式思想:每一步只操作,不存储. 2.Strea ...

  9. 027、MySQL字符串替换函数,文本替换函数,字符串填充函数

    #文本填充 ,'); #ABC12121212121212121 #文本替换 SELECT REPLACE('田攀520','攀','ABC'); #田ABC520 不忘初心,如果您认为这篇文章有价值 ...

  10. 七、Vue组件库:Element、Swiper(轮播专用组件)

    一.vue的Element组件库 官网:https://element.eleme.cn/#/zh-CN 1.1安装 推荐安装方法: 首先要进入项目目录 cnpm i element-ui -S 或 ...