SCHALE.GameServer/Mitmproxy_Readme_EN.md

## Mitmproxy Usage Guide  
(By 北野樱奈)  

## Prerequisites  
 1. [Download mitmproxy](https://mitmproxy.org/) and install it.  
 2. Basic knowledge of WireGuard and Python scripting.  
 3. A client device (e.g., Android emulator or smartphone) and a host machine running `mitmproxy`.  

### Installation Steps  
- **Linux/Mac**  
```markdown
# Ubuntu/Debian  

sudo apt update  
sudo apt install mitmproxy  

# macOS  
brew install mitmproxy  
```  
- **Windows**: Download the `.exe` installer from [mitmproxy.org](https://mitmproxy.org/) and follow the instructions to complete the installation.  

### Verify Installation  
Run the following command to verify the installation:  
```bash  
mitmproxy --version  
```  

---

## Step 2: Install CA Certificates on Client and Server  

To decrypt HTTPS traffic, the client needs to trust the `mitmproxy` CA certificate.  

### Steps  
 1. Start `mitmproxy` to generate the certificate:  
   ```bash  
   mitmdump  
   ```  
 2. On the PC, navigate to `C:\Users\YourUser\.mitmproxy` to locate the certificate file (mitmproxy-ca.p12).  
 3. In the `mitmproxy` directory, locate `mitmproxy-ca-cert.crt`.  
 4. Rename `mitmproxy-ca-cert.crt` to `c8750f0d.0`.  
 5. Install the certificate as a system CA.  

---  

### For Android Devices  
 1. Move the certificate to the system CA directory:  
   ```bash  
   adb root  
   adb remount  
   adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/  
   ```  
 2. Set the correct permissions:  
   ```bash  
   adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0  
   ```  
 3. Reboot the device:  
   ```bash  
   adb reboot  
   ```  

---

## Step 3: Download the Redirect Script  

Download the script from the repository.  

### Note: **Make sure to modify the IP address in `redirect_server.py`.**  
```python  
import gzip  
import json  
from mitmproxy import http  

SERVER_HOST = 'Replace this with your IP'  
SERVER_PORT = 80  

REWRITE_HOST_LIST = [  
    'ba-jp-sdk.bluearchive.jp',  
    'prod-gateway.bluearchiveyostar.com',  
    'prod-game.bluearchiveyostar.com',  
    # 'prod-notice.bluearchiveyostar.com',  
    # 'prod-logcollector.bluearchiveyostar.com',  
]  
```  

---

## Step 4: Launch mitmproxy and Load the Script  

Run the following command to start `mitmproxy` with the redirect script:  
```bash  
mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn --ignore Your IP 
```  

### Parameter Explanation:  
- `-m wireguard`: Use WireGuard as the network layer.  
- `--no-http2`: Disable HTTP/2 to improve compatibility.  
- `-s redirect_server.py`: Load the redirect script.  
- `--set termlog_verbosity=warn`: Set log level to warnings only.  

You can monitor traffic through the `mitmweb` interface at `http://localhost:8081`.  

---

## Step 5: Install and Configure WireGuard  

Use WireGuard to route client traffic to `mitmproxy`.  

### Installation Steps  
- **Android**: [Download WireGuard](https://play.google.com/store/apps/details?id=com.wireguard.android).  
- **Other Platforms**: Refer to the [official WireGuard installation guide](https://www.wireguard.com/install/).  

### Configuration Steps  
 1. Open the WireGuard client, click the `+` button in the bottom left corner, and select **Scan QR Code**.  
 2. The emulator will display a scanner window. Select **Real-time Screenshot**.  
 3. Position the screenshot over the QR code in the Mitmproxy browser page (accessible via settings).  
 4. Enable the configuration.  

---

## Troubleshooting  

### Error: Client TLS handshake failed. The client does not trust the proxy's certificate for yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))  
- Ensure that both the PC and client have the same Mitmproxy certificate installed.  
- Verify that the Mitmproxy certificate is properly installed on both ends.  

### Android Certificate Disappears After Installation  
- Use the MT Manager to grant SU (superuser) permissions.  
- Navigate to `/system/etc/security/cacerts/`.  
- Locate `c8750f0d.0` and set the permissions to 664. The user group should be set to root.  

---
Update Mitrproxy solution (#2) Update Mitrproxy solution Reviewed-on: https://git.lewd.wtf/Raphael/SCHALE.GameServer/pulls/2 Co-authored-by: 挽歌歌吖 <wangeyun@outlook.com> Co-committed-by: 挽歌歌吖 <wangeyun@outlook.com> 2025-01-01 06:10:56 +00:00			`## Mitmproxy Usage Guide`
			`(By 北野樱奈)`

			`## Prerequisites`
			`1. [Download mitmproxy](https://mitmproxy.org/) and install it.`
			`2. Basic knowledge of WireGuard and Python scripting.`
			3. A client device (e.g., Android emulator or smartphone) and a host machine running `mitmproxy`.

			`### Installation Steps`
			`- Linux/Mac`
			```markdown
			`# Ubuntu/Debian`

			`sudo apt update`
			`sudo apt install mitmproxy`

			`# macOS`
			`brew install mitmproxy`
			```
			- Windows: Download the `.exe` installer from [mitmproxy.org](https://mitmproxy.org/) and follow the instructions to complete the installation.

			`### Verify Installation`
			`Run the following command to verify the installation:`
			```bash
			`mitmproxy --version`
			```

			`---`

			`## Step 2: Install CA Certificates on Client and Server`

			To decrypt HTTPS traffic, the client needs to trust the `mitmproxy` CA certificate.

			`### Steps`
			1. Start `mitmproxy` to generate the certificate:
			```bash
			`mitmdump`
			```
			2. On the PC, navigate to `C:\Users\YourUser\.mitmproxy` to locate the certificate file (mitmproxy-ca.p12).
			3. In the `mitmproxy` directory, locate `mitmproxy-ca-cert.crt`.
			4. Rename `mitmproxy-ca-cert.crt` to `c8750f0d.0`.
			`5. Install the certificate as a system CA.`

			`---`

			`### For Android Devices`
			`1. Move the certificate to the system CA directory:`
			```bash
			`adb root`
			`adb remount`
			`adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/`
			```
			`2. Set the correct permissions:`
			```bash
			`adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0`
			```
			`3. Reboot the device:`
			```bash
			`adb reboot`
			```

			`---`

			`## Step 3: Download the Redirect Script`

			`Download the script from the repository.`

			### Note: Make sure to modify the IP address in `redirect_server.py`.
			```python
			`import gzip`
			`import json`
			`from mitmproxy import http`

			`SERVER_HOST = 'Replace this with your IP'`
			`SERVER_PORT = 80`

			`REWRITE_HOST_LIST = [`
			`'ba-jp-sdk.bluearchive.jp',`
			`'prod-gateway.bluearchiveyostar.com',`
			`'prod-game.bluearchiveyostar.com',`
			`# 'prod-notice.bluearchiveyostar.com',`
			`# 'prod-logcollector.bluearchiveyostar.com',`
			`]`
			```

			`---`

			`## Step 4: Launch mitmproxy and Load the Script`

			Run the following command to start `mitmproxy` with the redirect script:
			```bash
			`mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn --ignore Your IP`
			```

			`### Parameter Explanation:`
			- `-m wireguard`: Use WireGuard as the network layer.
			- `--no-http2`: Disable HTTP/2 to improve compatibility.
			- `-s redirect_server.py`: Load the redirect script.
			- `--set termlog_verbosity=warn`: Set log level to warnings only.

			You can monitor traffic through the `mitmweb` interface at `http://localhost:8081`.

			`---`

			`## Step 5: Install and Configure WireGuard`

			Use WireGuard to route client traffic to `mitmproxy`.

			`### Installation Steps`
			`- Android: [Download WireGuard](https://play.google.com/store/apps/details?id=com.wireguard.android).`
			`- Other Platforms: Refer to the [official WireGuard installation guide](https://www.wireguard.com/install/).`

			`### Configuration Steps`
			1. Open the WireGuard client, click the `+` button in the bottom left corner, and select Scan QR Code.
			`2. The emulator will display a scanner window. Select Real-time Screenshot.`
			`3. Position the screenshot over the QR code in the Mitmproxy browser page (accessible via settings).`
			`4. Enable the configuration.`

			`---`

			`## Troubleshooting`

			`### Error: Client TLS handshake failed. The client does not trust the proxy's certificate for yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))`
			`- Ensure that both the PC and client have the same Mitmproxy certificate installed.`
			`- Verify that the Mitmproxy certificate is properly installed on both ends.`

			`### Android Certificate Disappears After Installation`
			`- Use the MT Manager to grant SU (superuser) permissions.`
			- Navigate to `/system/etc/security/cacerts/`.
			- Locate `c8750f0d.0` and set the permissions to 664. The user group should be set to root.

			`---`