Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.
Home Page: https://good-mitm.zu1k.com
License: MIT License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
很多网站需要通过代理访问,没有以发现 good-mitm 可以配置代理的方式。
如果能加上配置文件监视并重载的功能,这样当通过服务启动时,修改配置文件比较方便,不需要重启服务。
0.4.1
Linux
- name: "disneyplus"
mitm:
- "*.disneyplus.com"
actions:
- modify-request:
xxxxxxxx.....[2022-12-09T09:49:02Z ERROR good_mitm_core::mitm] Tls accept failed: received fatal alert: CertificateUnknown
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:05Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:06Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:08Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message手机开小火箭代理,后端使用官网上面的透明代理
手机没有安装证书
打开disneyplus.com 正常提示证书不受信任
但是使用其他网站(例如google.com)报tls错误,Google浏览器直接说页面错误。
按道理我只拦截disneyplus.com,只是这个网站需要证书,其他网站不需要才对吧?
(上述情况电脑上测试却是正常的,Google搜索正常,disneyplus提示证书不安全,只是手机上谷歌浏览器有问题,其他浏览器没测试)
目前可以通过配置父代理统一都走父代理,如果想不同的网址访问不同的代理,目前只能通过使用可以定义域名的父代理(如:clash、3proxy、privoxy等),但想根据网址路径访问不同的代理,就需要父代理也能自签证书,目前支持自签证书的代理不多,常见于调试工具,如:whistle。
如果 good-mitm 的 'action' 可以支持指向不同代理,就可以不需要额外的父代理软件了。
应该怎么打印出body呢
小白,不会用
大佬能否电报教我一下啊
@iamykm
当使用了父代理 -p http://127.0.0.1:8080 ,访问 http 链接可以,https:// 报错。
尝试修改 cargo.toml 里的 hyper-proxy ,加上 features = ["rustls"] 也没有效果。
With transparent proxy it can be installed on openwrt 🙇
Any examples ?
good-mitm.exe run -r rules 运行之后可以直接使用了么
I found your project from your issues in https://github.com/omjadas/hudsucker. My project requires to implement selective mitm which unfortunately not implemented in hudsucker. But from what I read from good-mitm source code, you already implement it using tunnel mechanism, which surprisingly also solution that I want to implement. Because I am new to Rust and especially TCP level coding, it is very difficult until I found your code.
I just want to say thanks to make it open source and really helps me and hope to the programming community too.
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
[2022-09-21T08:44:24Z INFO g
0.4.2
Windows
- name: "js_modify_request"
mitm: "*"
filters:
url-regex: '^https?:\/\/www\.baidu\.com'
actions:
js: |
function process() {
console.log("from quick_js");
if (data.request != undefined) {
let req = data.request;
console.log(req.headers["user-agent"]);
return req;
}
if (data.response != undefined) {
let res = data.response;
if (res.body != undefined) {
res.body = res.body.replaceAll("百度", "百毒");
}
return res;
}
}
process()D:/goodmitm> ./good-mitm.exe run -r rules 10/08/23 14:59:01 PM
[2023-10-08T06:59:19Z INFO good_mitm] CA Private key use: ca/private.key
[2023-10-08T06:59:19Z INFO good_mitm] CA Certificate use: ca/cert.crt
[2023-10-08T06:59:19Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567
[2023-10-08T06:59:19Z ERROR good_mitm::file] load rule (rules\js.yaml) failed: .[0]: data did not match any variant of untagged enum SingleOrMulti at line 1 column 3
[Bug] 用rules/js.yaml的例子启动报错!
我是用的例子跑的,跑起来就报错,我看下代码,问题在这里:
impl<T> From<SingleOrMulti<T>> for Vec<T> {
fn from(sm: SingleOrMulti<T>) -> Vec<T> {
match sm {
SingleOrMulti::Single(v) => vec![v],
SingleOrMulti::Multi(mv) => mv,
**_ => vec![],**
}
}
}
是不是要做下兜底捕获,请尽快修复下BUG,谢谢!
0.42
macOS
- name: "redirect"
filter:
domain-suffix: 'google.cn'
action:
redirect: "https://hao123.com"
- name: "reject CSDN"
filter:
domain-keyword: 'csdn'
action: reject
- name: "modify response body plain"
filter:
domain: '126.com'
action:
modify-response:
body: "Hello 126.com, from Good-MITM"...
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
...good-mitm 部署在openwrt中 (mac部署有同样的错误)
客户端设备为:mac 、ios
操作步骤:系统设置 --> 点击头像
结论:
通过Proxyman 抓包发现会大量请求 https://gateway.icloud.com 域名
使用的配置文件中并未对gateway.icloud.com做HTTPS解密处理
(通过测试小火箭、Proxyman也无法对gateway.icloud.com进行HTTPS解密 )
good-mitm能否跳过指定域名?
老哥你好,用你的good-mitm genca得到的两个文件可以正常运行,但是Hudsucker例子里面的两个文件(hudsucker.key 和 hudsucker.pem) 貌似运行就会报错。
我用你的生成 的key和crt文件就能用(good-mitm和hudsucker都可以用),你这里生成的和他例子中的 两个文件有什么不同吗?
先谢过了哈,坐等解答。
能否增加命令行参数开启在console打印更详细的log,显示request的url,headers和response的headers,帮助测试规则
尝试安装了GLIBC_2.18'后依然报错
经测试,目前修改 header 的功能只能替换 header 的值,不能通过在某个值中追加换行和新的header项来达到增加 header 项的目的。
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.