zu1k / good-mitm Goto Github PK
View Code? Open in Web Editor NEWRule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.
Home Page: https://good-mitm.zu1k.com
License: MIT License
Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.
Home Page: https://good-mitm.zu1k.com
License: MIT License
经测试,目前修改 header 的功能只能替换 header 的值,不能通过在某个值中追加换行和新的header项来达到增加 header 项的目的。
老哥你好,用你的good-mitm genca得到的两个文件可以正常运行,但是Hudsucker例子里面的两个文件(hudsucker.key 和 hudsucker.pem) 貌似运行就会报错。
我用你的生成 的key和crt文件就能用(good-mitm和hudsucker都可以用),你这里生成的和他例子中的 两个文件有什么不同吗?
先谢过了哈,坐等解答。
小白,不会用
大佬能否电报教我一下啊
@iamykm
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
[2022-09-21T08:44:24Z INFO g
latest
No response
- name: "netflix"
mitm: "*.netflix.com"
filters:
url-regex: '^https:\/\/(www\.)?netflix\.com'
actions:
- modify-request:
cookie:
key: NetflixId
value: **********
- modify-request:
cookie:
key: SecureNetflixId
value: **********
- modify-response:
cookie:
key: NetflixId
remove: true
- modify-response:
cookie:
key: SecureNetflixId
remove: true
[2024-05-09T06:50:10Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567
[2024-05-09T06:50:58Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:50:58Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:00Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:00Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:02Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:02Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:08Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:08Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:14Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:14Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:16Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:16Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:17Z INFO good_mitm_rule::handler] [Response] 302 Found www.netflix.com text/html
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/browse
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/browse
[2024-05-09T06:51:17Z INFO good_mitm_rule::handler] [Response] 200 OK www.netflix.com text/html; charset=utf-8
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/service-worker.js
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/service-worker.js
[2024-05-09T06:51:18Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&method=call&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&method=call&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/api/ftl/probe?monotonic=false&device=web&iter=0
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/api/ftl/probe?monotonic=false&device=web&iter=0
[2024-05-09T06:51:20Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:20Z INFO good_mitm_rule::handler] [Response] 200 OK www.netflix.com application/json
NetflixId和SecureNetflixId都填写正确,开启服务后,可以打开netflix.com并且确实可以登录上,但登录过几秒后就显示403无权访问,随后netflix就跳转到clearcookies的网址,log如下
[2024-05-09T06:51:32Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/clearcookies
[2024-05-09T06:51:32Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/clearcookies
应该怎么打印出body呢
很多网站需要通过代理访问,没有以发现 good-mitm 可以配置代理的方式。
如果能加上配置文件监视并重载的功能,这样当通过服务启动时,修改配置文件比较方便,不需要重启服务。
Any examples ?
目前可以通过配置父代理统一都走父代理,如果想不同的网址访问不同的代理,目前只能通过使用可以定义域名的父代理(如:clash、3proxy、privoxy等),但想根据网址路径访问不同的代理,就需要父代理也能自签证书,目前支持自签证书的代理不多,常见于调试工具,如:whistle。
如果 good-mitm
的 'action' 可以支持指向不同代理,就可以不需要额外的父代理软件了。
good-mitm.exe run -r rules 运行之后可以直接使用了么
0.4.1
Linux
- name: "disneyplus"
mitm:
- "*.disneyplus.com"
actions:
- modify-request:
xxxxxxxx.....
[2022-12-09T09:49:02Z ERROR good_mitm_core::mitm] Tls accept failed: received fatal alert: CertificateUnknown
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:05Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:06Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:08Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
手机开小火箭代理,后端使用官网上面的透明代理
手机没有安装证书
打开disneyplus.com 正常提示证书不受信任
但是使用其他网站(例如google.com)报tls错误,Google浏览器直接说页面错误。
按道理我只拦截disneyplus.com,只是这个网站需要证书,其他网站不需要才对吧?
(上述情况电脑上测试却是正常的,Google搜索正常,disneyplus提示证书不安全,只是手机上谷歌浏览器有问题,其他浏览器没测试)
With transparent proxy it can be installed on openwrt 🙇
尝试安装了GLIBC_2.18'后依然报错
0.42
macOS
- name: "redirect"
filter:
domain-suffix: 'google.cn'
action:
redirect: "https://hao123.com"
- name: "reject CSDN"
filter:
domain-keyword: 'csdn'
action: reject
- name: "modify response body plain"
filter:
domain: '126.com'
action:
modify-response:
body: "Hello 126.com, from Good-MITM"
...
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
...
good-mitm 部署在openwrt中 (mac部署有同样的错误)
客户端设备为:mac 、ios
操作步骤:系统设置 --> 点击头像
结论:
通过Proxyman 抓包发现会大量请求 https://gateway.icloud.com 域名
使用的配置文件中并未对gateway.icloud.com做HTTPS解密处理
(通过测试小火箭、Proxyman也无法对gateway.icloud.com进行HTTPS解密 )
good-mitm能否跳过指定域名?
0.4.2
Windows
- name: "js_modify_request"
mitm: "*"
filters:
url-regex: '^https?:\/\/www\.baidu\.com'
actions:
js: |
function process() {
console.log("from quick_js");
if (data.request != undefined) {
let req = data.request;
console.log(req.headers["user-agent"]);
return req;
}
if (data.response != undefined) {
let res = data.response;
if (res.body != undefined) {
res.body = res.body.replaceAll("百度", "百毒");
}
return res;
}
}
process()
D:/goodmitm> ./good-mitm.exe run -r rules 10/08/23 14:59:01 PM
[2023-10-08T06:59:19Z INFO good_mitm] CA Private key use: ca/private.key
[2023-10-08T06:59:19Z INFO good_mitm] CA Certificate use: ca/cert.crt
[2023-10-08T06:59:19Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567
[2023-10-08T06:59:19Z ERROR good_mitm::file] load rule (rules\js.yaml) failed: .[0]: data did not match any variant of untagged enum SingleOrMulti at line 1 column 3
[Bug] 用rules/js.yaml的例子启动报错!
我是用的例子跑的,跑起来就报错,我看下代码,问题在这里:
impl<T> From<SingleOrMulti<T>> for Vec<T> {
fn from(sm: SingleOrMulti<T>) -> Vec<T> {
match sm {
SingleOrMulti::Single(v) => vec![v],
SingleOrMulti::Multi(mv) => mv,
**_ => vec![],**
}
}
}
是不是要做下兜底捕获,请尽快修复下BUG,谢谢!
I found your project from your issues in https://github.com/omjadas/hudsucker. My project requires to implement selective mitm which unfortunately not implemented in hudsucker. But from what I read from good-mitm source code, you already implement it using tunnel mechanism, which surprisingly also solution that I want to implement. Because I am new to Rust and especially TCP level coding, it is very difficult until I found your code.
I just want to say thanks to make it open source and really helps me and hope to the programming community too.
能否增加命令行参数开启在console打印更详细的log,显示request的url,headers和response的headers,帮助测试规则
当使用了父代理 -p http://127.0.0.1:8080
,访问 http 链接可以,https:// 报错。
尝试修改 cargo.toml 里的 hyper-proxy ,加上 features = ["rustls"]
也没有效果。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.