zu1k / good-mitm Goto Github PK
View Code? Open in Web Editor NEWRule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.
Home Page: https://good-mitm.zu1k.com
License: MIT License
good-mitm's Issues
增加 add header 和 remove header 的功能
经测试,目前修改 header 的功能只能替换 header 的值,不能通过在某个值中追加换行和新的header项来达到增加 header 项的目的。
请问为什么Hudsucker里面的example中的ca文件用不了?
老哥你好,用你的good-mitm genca得到的两个文件可以正常运行,但是Hudsucker例子里面的两个文件(hudsucker.key 和 hudsucker.pem) 貌似运行就会报错。
我用你的生成 的key和crt文件就能用(good-mitm和hudsucker都可以用),你这里生成的和他例子中的 两个文件有什么不同吗?
先谢过了哈,坐等解答。
如何安装
小白,不会用
大佬能否电报教我一下啊
@iamykm
Failed to establish TLS connection with client
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
[2022-09-21T08:44:24Z INFO g
[Bug] 是否已经失效了?
Verify steps
- 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
Version
latest
What OS are you seeing the problem on?
No response
Rule file
- name: "netflix"
mitm: "*.netflix.com"
filters:
url-regex: '^https:\/\/(www\.)?netflix\.com'
actions:
- modify-request:
cookie:
key: NetflixId
value: **********
- modify-request:
cookie:
key: SecureNetflixId
value: **********
- modify-response:
cookie:
key: NetflixId
remove: true
- modify-response:
cookie:
key: SecureNetflixId
remove: truelog
[2024-05-09T06:50:10Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567
[2024-05-09T06:50:58Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:50:58Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:00Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:00Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:02Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:02Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:08Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:08Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:12Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:14Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:14Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:16Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:16Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/
[2024-05-09T06:51:17Z INFO good_mitm_rule::handler] [Response] 302 Found www.netflix.com text/html
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/browse
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/browse
[2024-05-09T06:51:17Z INFO good_mitm_rule::handler] [Response] 200 OK www.netflix.com text/html; charset=utf-8
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:17Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/service-worker.js
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/service-worker.js
[2024-05-09T06:51:18Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:18Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&method=call&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:19Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/nq/website/memberapi/v5133bbf4/pathEvaluator?webp=true&drmSystem=widevine&isVolatileBillboardsEnabled=true&isTop10Supported=true&isTop10KidsSupported=true&hasVideoMerchInBob=true&hasVideoMerchInJaw=true&method=call&falcor_server=0.1.0&withSize=true&materialize=true&original_path=%2Fshakti%2Fmre%2FpathEvaluator
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/api/ftl/probe?monotonic=false&device=web&iter=0
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/api/ftl/probe?monotonic=false&device=web&iter=0
[2024-05-09T06:51:20Z INFO good_mitm_rule::handler] [Response] 403 Forbidden www.netflix.com unknown
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:20Z INFO good_mitm_rule] [ModifyResponse]
[2024-05-09T06:51:20Z INFO good_mitm_rule::handler] [Response] 200 OK www.netflix.com application/jsonDescription
NetflixId和SecureNetflixId都填写正确,开启服务后,可以打开netflix.com并且确实可以登录上,但登录过几秒后就显示403无权访问,随后netflix就跳转到clearcookies的网址,log如下
[2024-05-09T06:51:32Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/clearcookies
[2024-05-09T06:51:32Z INFO good_mitm_rule] [ModifyRequest] https://www.netflix.com/clearcookies
应该怎么打印出body呢
应该怎么打印出body呢
增加上级代理功能
很多网站需要通过代理访问,没有以发现 good-mitm 可以配置代理的方式。
配置文件重载的功能
如果能加上配置文件监视并重载的功能,这样当通过服务启动时,修改配置文件比较方便,不需要重启服务。
Can I use go lang or python for action instead of JavaScript
Any examples ?
支持代理规则
目前可以通过配置父代理统一都走父代理,如果想不同的网址访问不同的代理,目前只能通过使用可以定义域名的父代理(如:clash、3proxy、privoxy等),但想根据网址路径访问不同的代理,就需要父代理也能自签证书,目前支持自签证书的代理不多,常见于调试工具,如:whistle。
如果 good-mitm 的 'action' 可以支持指向不同代理,就可以不需要额外的父代理软件了。
您好,请教一下
good-mitm.exe run -r rules 运行之后可以直接使用了么
手机浏览器上没有拦截的网页提示tls错误,不能访问
Verify steps
- 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
Version
0.4.1
What OS are you seeing the problem on?
Linux
Rule file
- name: "disneyplus"
mitm:
- "*.disneyplus.com"
actions:
- modify-request:
xxxxxxxx.....log
[2022-12-09T09:49:02Z ERROR good_mitm_core::mitm] Tls accept failed: received fatal alert: CertificateUnknown
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:03Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:04Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:05Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:06Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:08Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:09Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt message
[2022-12-09T09:49:10Z ERROR good_mitm_core::mitm] Tls accept failed: received corrupt messageDescription
手机开小火箭代理,后端使用官网上面的透明代理
手机没有安装证书
打开disneyplus.com 正常提示证书不受信任
但是使用其他网站(例如google.com)报tls错误,Google浏览器直接说页面错误。
按道理我只拦截disneyplus.com,只是这个网站需要证书,其他网站不需要才对吧?
(上述情况电脑上测试却是正常的,Google搜索正常,disneyplus提示证书不安全,只是手机上谷歌浏览器有问题,其他浏览器没测试)
Wish it support transparent proxy
With transparent proxy it can be installed on openwrt 🙇
安装证书显示./good-mitm: /lib64/libc.so.6: version `GLIBC_2.18' not found (required by ./good-mitm)
尝试安装了GLIBC_2.18'后依然报错
[Bug] ERROR good_mitm_core::mitm
Verify steps
- 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
Version
0.42
What OS are you seeing the problem on?
macOS
Rule file
- name: "redirect"
filter:
domain-suffix: 'google.cn'
action:
redirect: "https://hao123.com"
- name: "reject CSDN"
filter:
domain-keyword: 'csdn'
action: reject
- name: "modify response body plain"
filter:
domain: '126.com'
action:
modify-response:
body: "Hello 126.com, from Good-MITM"log
...
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:53Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: tls handshake eof
[2023-07-20T17:15:54Z ERROR good_mitm_core::mitm] Tls accept failed: peer is incompatible: SignatureAlgorithmsExtensionRequired
...Description
good-mitm 部署在openwrt中 (mac部署有同样的错误)
客户端设备为:mac 、ios
操作步骤:系统设置 --> 点击头像
结论:
- 家庭共享显示为不可用
- 设备列表无法显示
- good-mitm 控制台出现大量的tls错误
通过Proxyman 抓包发现会大量请求 https://gateway.icloud.com 域名
使用的配置文件中并未对gateway.icloud.com做HTTPS解密处理
(通过测试小火箭、Proxyman也无法对gateway.icloud.com进行HTTPS解密 )
good-mitm能否跳过指定域名?
[Bug] 用rules/js.yaml的例子启动报错!
Verify steps
- 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
Version
0.4.2
What OS are you seeing the problem on?
Windows
Rule file
- name: "js_modify_request"
mitm: "*"
filters:
url-regex: '^https?:\/\/www\.baidu\.com'
actions:
js: |
function process() {
console.log("from quick_js");
if (data.request != undefined) {
let req = data.request;
console.log(req.headers["user-agent"]);
return req;
}
if (data.response != undefined) {
let res = data.response;
if (res.body != undefined) {
res.body = res.body.replaceAll("百度", "百毒");
}
return res;
}
}
process()log
D:/goodmitm> ./good-mitm.exe run -r rules 10/08/23 14:59:01 PM
[2023-10-08T06:59:19Z INFO good_mitm] CA Private key use: ca/private.key
[2023-10-08T06:59:19Z INFO good_mitm] CA Certificate use: ca/cert.crt
[2023-10-08T06:59:19Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567
[2023-10-08T06:59:19Z ERROR good_mitm::file] load rule (rules\js.yaml) failed: .[0]: data did not match any variant of untagged enum SingleOrMulti at line 1 column 3
[Bug] 用rules/js.yaml的例子启动报错!
我是用的例子跑的,跑起来就报错,我看下代码,问题在这里:
impl<T> From<SingleOrMulti<T>> for Vec<T> {
fn from(sm: SingleOrMulti<T>) -> Vec<T> {
match sm {
SingleOrMulti::Single(v) => vec![v],
SingleOrMulti::Multi(mv) => mv,
**_ => vec![],**
}
}
}
是不是要做下兜底捕获,请尽快修复下BUG,谢谢!Description
Well I am not raising issue. But say thanks!
I found your project from your issues in https://github.com/omjadas/hudsucker. My project requires to implement selective mitm which unfortunately not implemented in hudsucker. But from what I read from good-mitm source code, you already implement it using tunnel mechanism, which surprisingly also solution that I want to implement. Because I am new to Rust and especially TCP level coding, it is very difficult until I found your code.
I just want to say thanks to make it open source and really helps me and hope to the programming community too.
能否增加命令行参数开启在console打印更详细的log
能否增加命令行参数开启在console打印更详细的log,显示request的url,headers和response的headers,帮助测试规则
父代理不支持 https
当使用了父代理 -p http://127.0.0.1:8080 ,访问 http 链接可以,https:// 报错。
尝试修改 cargo.toml 里的 hyper-proxy ,加上 features = ["rustls"] 也没有效果。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.