Update Mitrproxy solution #2
|
|
@ -1,132 +1,132 @@
|
||||||
## Mitmproxy Usage Guide
|
## Mitmproxy Usage Guide
|
||||||
(By 北野樱奈)
|
(By 北野樱奈)
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
1. [Download mitmproxy](https://mitmproxy.org/) and install it.
|
1. [Download mitmproxy](https://mitmproxy.org/) and install it.
|
||||||
2. Basic knowledge of WireGuard and Python scripting.
|
2. Basic knowledge of WireGuard and Python scripting.
|
||||||
3. A client device (e.g., Android emulator or smartphone) and a host machine running `mitmproxy`.
|
3. A client device (e.g., Android emulator or smartphone) and a host machine running `mitmproxy`.
|
||||||
|
|
||||||
### Installation Steps
|
### Installation Steps
|
||||||
- **Linux/Mac**
|
- **Linux/Mac**
|
||||||
```markdown
|
```markdown
|
||||||
# Ubuntu/Debian
|
# Ubuntu/Debian
|
||||||
|
|
||||||
sudo apt update
|
sudo apt update
|
||||||
sudo apt install mitmproxy
|
sudo apt install mitmproxy
|
||||||
|
|
||||||
# macOS
|
# macOS
|
||||||
brew install mitmproxy
|
brew install mitmproxy
|
||||||
```
|
```
|
||||||
- **Windows**: Download the `.exe` installer from [mitmproxy.org](https://mitmproxy.org/) and follow the instructions to complete the installation.
|
- **Windows**: Download the `.exe` installer from [mitmproxy.org](https://mitmproxy.org/) and follow the instructions to complete the installation.
|
||||||
|
|
||||||
### Verify Installation
|
### Verify Installation
|
||||||
Run the following command to verify the installation:
|
Run the following command to verify the installation:
|
||||||
```bash
|
```bash
|
||||||
mitmproxy --version
|
mitmproxy --version
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Step 2: Install CA Certificates on Client and Server
|
## Step 2: Install CA Certificates on Client and Server
|
||||||
|
|
||||||
To decrypt HTTPS traffic, the client needs to trust the `mitmproxy` CA certificate.
|
To decrypt HTTPS traffic, the client needs to trust the `mitmproxy` CA certificate.
|
||||||
|
|
||||||
### Steps
|
### Steps
|
||||||
1. Start `mitmproxy` to generate the certificate:
|
1. Start `mitmproxy` to generate the certificate:
|
||||||
```bash
|
```bash
|
||||||
mitmdump
|
mitmdump
|
||||||
```
|
```
|
||||||
2. On the PC, navigate to `C:\Users\YourUser\.mitmproxy` to locate the certificate file (mitmproxy-ca.p12).
|
2. On the PC, navigate to `C:\Users\YourUser\.mitmproxy` to locate the certificate file (mitmproxy-ca.p12).
|
||||||
3. In the `mitmproxy` directory, locate `mitmproxy-ca-cert.crt`.
|
3. In the `mitmproxy` directory, locate `mitmproxy-ca-cert.crt`.
|
||||||
4. Rename `mitmproxy-ca-cert.crt` to `c8750f0d.0`.
|
4. Rename `mitmproxy-ca-cert.crt` to `c8750f0d.0`.
|
||||||
5. Install the certificate as a system CA.
|
5. Install the certificate as a system CA.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### For Android Devices
|
### For Android Devices
|
||||||
1. Move the certificate to the system CA directory:
|
1. Move the certificate to the system CA directory:
|
||||||
```bash
|
```bash
|
||||||
adb root
|
adb root
|
||||||
adb remount
|
adb remount
|
||||||
adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/
|
adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/
|
||||||
```
|
```
|
||||||
2. Set the correct permissions:
|
2. Set the correct permissions:
|
||||||
```bash
|
```bash
|
||||||
adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0
|
adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0
|
||||||
```
|
```
|
||||||
3. Reboot the device:
|
3. Reboot the device:
|
||||||
```bash
|
```bash
|
||||||
adb reboot
|
adb reboot
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Step 3: Download the Redirect Script
|
## Step 3: Download the Redirect Script
|
||||||
|
|
||||||
Download the script from the repository.
|
Download the script from the repository.
|
||||||
|
|
||||||
### Note: **Make sure to modify the IP address in `redirect_server.py`.**
|
### Note: **Make sure to modify the IP address in `redirect_server.py`.**
|
||||||
```python
|
```python
|
||||||
import gzip
|
import gzip
|
||||||
import json
|
import json
|
||||||
from mitmproxy import http
|
from mitmproxy import http
|
||||||
|
|
||||||
SERVER_HOST = 'Replace this with your IP'
|
SERVER_HOST = 'Replace this with your IP'
|
||||||
SERVER_PORT = 80
|
SERVER_PORT = 80
|
||||||
|
|
||||||
REWRITE_HOST_LIST = [
|
REWRITE_HOST_LIST = [
|
||||||
'ba-jp-sdk.bluearchive.jp',
|
'ba-jp-sdk.bluearchive.jp',
|
||||||
'prod-gateway.bluearchiveyostar.com',
|
'prod-gateway.bluearchiveyostar.com',
|
||||||
'prod-game.bluearchiveyostar.com',
|
'prod-game.bluearchiveyostar.com',
|
||||||
# 'prod-notice.bluearchiveyostar.com',
|
# 'prod-notice.bluearchiveyostar.com',
|
||||||
# 'prod-logcollector.bluearchiveyostar.com',
|
# 'prod-logcollector.bluearchiveyostar.com',
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Step 4: Launch mitmproxy and Load the Script
|
## Step 4: Launch mitmproxy and Load the Script
|
||||||
|
|
||||||
Run the following command to start `mitmproxy` with the redirect script:
|
Run the following command to start `mitmproxy` with the redirect script:
|
||||||
```bash
|
```bash
|
||||||
mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn
|
mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn --ignore Your IP
|
||||||
```
|
```
|
||||||
|
|
||||||
### Parameter Explanation:
|
### Parameter Explanation:
|
||||||
- `-m wireguard`: Use WireGuard as the network layer.
|
- `-m wireguard`: Use WireGuard as the network layer.
|
||||||
- `--no-http2`: Disable HTTP/2 to improve compatibility.
|
- `--no-http2`: Disable HTTP/2 to improve compatibility.
|
||||||
- `-s redirect_server.py`: Load the redirect script.
|
- `-s redirect_server.py`: Load the redirect script.
|
||||||
- `--set termlog_verbosity=warn`: Set log level to warnings only.
|
- `--set termlog_verbosity=warn`: Set log level to warnings only.
|
||||||
|
|
||||||
You can monitor traffic through the `mitmweb` interface at `http://localhost:8081`.
|
You can monitor traffic through the `mitmweb` interface at `http://localhost:8081`.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Step 5: Install and Configure WireGuard
|
## Step 5: Install and Configure WireGuard
|
||||||
|
|
||||||
Use WireGuard to route client traffic to `mitmproxy`.
|
Use WireGuard to route client traffic to `mitmproxy`.
|
||||||
|
|
||||||
### Installation Steps
|
### Installation Steps
|
||||||
- **Android**: [Download WireGuard](https://play.google.com/store/apps/details?id=com.wireguard.android).
|
- **Android**: [Download WireGuard](https://play.google.com/store/apps/details?id=com.wireguard.android).
|
||||||
- **Other Platforms**: Refer to the [official WireGuard installation guide](https://www.wireguard.com/install/).
|
- **Other Platforms**: Refer to the [official WireGuard installation guide](https://www.wireguard.com/install/).
|
||||||
|
|
||||||
### Configuration Steps
|
### Configuration Steps
|
||||||
1. Open the WireGuard client, click the `+` button in the bottom left corner, and select **Scan QR Code**.
|
1. Open the WireGuard client, click the `+` button in the bottom left corner, and select **Scan QR Code**.
|
||||||
2. The emulator will display a scanner window. Select **Real-time Screenshot**.
|
2. The emulator will display a scanner window. Select **Real-time Screenshot**.
|
||||||
3. Position the screenshot over the QR code in the Mitmproxy browser page (accessible via settings).
|
3. Position the screenshot over the QR code in the Mitmproxy browser page (accessible via settings).
|
||||||
4. Enable the configuration.
|
4. Enable the configuration.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
### Error: Client TLS handshake failed. The client does not trust the proxy's certificate for yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
|
### Error: Client TLS handshake failed. The client does not trust the proxy's certificate for yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
|
||||||
- Ensure that both the PC and client have the same Mitmproxy certificate installed.
|
- Ensure that both the PC and client have the same Mitmproxy certificate installed.
|
||||||
- Verify that the Mitmproxy certificate is properly installed on both ends.
|
- Verify that the Mitmproxy certificate is properly installed on both ends.
|
||||||
|
|
||||||
### Android Certificate Disappears After Installation
|
### Android Certificate Disappears After Installation
|
||||||
- Use the MT Manager to grant SU (superuser) permissions.
|
- Use the MT Manager to grant SU (superuser) permissions.
|
||||||
- Navigate to `/system/etc/security/cacerts/`.
|
- Navigate to `/system/etc/security/cacerts/`.
|
||||||
- Locate `c8750f0d.0` and set the permissions to 664. The user group should be set to root.
|
- Locate `c8750f0d.0` and set the permissions to 664. The user group should be set to root.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
(By 北野樱奈)
|
(By 北野樱奈)
|
||||||
|
|
||||||
## 前置要求
|
## 前置要求
|
||||||
- 1. [下载 mitmproxy](https://mitmproxy.org/) 并安装。
|
1. [下载 mitmproxy](https://mitmproxy.org/) 并安装。
|
||||||
- 2. 具备 WireGuard 和 Python 脚本的基本知识。
|
2. 具备 WireGuard 和 Python 脚本的基本知识。
|
||||||
- 3. 一台客户端设备(例如 Android 模拟器或手机)以及运行 `mitmproxy` 的主机。
|
3. 一台客户端设备(例如 Android 模拟器或手机)以及运行 `mitmproxy` 的主机。
|
||||||
### 安装步骤
|
### 安装步骤
|
||||||
- Linux/Mac
|
- Linux/Mac
|
||||||
```markdown
|
```markdown
|
||||||
|
|
@ -31,26 +31,26 @@ mitmproxy --version
|
||||||
为了解密 HTTPS 流量,客户端需要信任 `mitmproxy` 的 CA 证书。
|
为了解密 HTTPS 流量,客户端需要信任 `mitmproxy` 的 CA 证书。
|
||||||
|
|
||||||
### 操作步骤
|
### 操作步骤
|
||||||
- 1. 启动 `mitmproxy`生成证书:
|
1. 启动 `mitmproxy`生成证书:
|
||||||
```bash
|
```bash
|
||||||
mitmdump
|
mitmdump
|
||||||
```
|
```
|
||||||
- 2. 在电脑端的C:\Users\用户\ .mitmproxy安装电脑证书(mitmproxy-ca.p12)
|
2. 在电脑端的C:\Users\用户\ .mitmproxy安装电脑证书(mitmproxy-ca.p12)
|
||||||
- 3. mitmproxy的目录下会有mitmproxy-ca-cert.crt
|
3. mitmproxy的目录下会有mitmproxy-ca-cert.crt
|
||||||
- 4. 将 mitmproxy-ca-cert.crt 重命名为 c8750f0d.0
|
4. 将 mitmproxy-ca-cert.crt 重命名为 c8750f0d.0
|
||||||
- 5. 将证书安装为系统 CA
|
5. 将证书安装为系统 CA
|
||||||
---
|
---
|
||||||
- 1. 将证书移动到系统 CA 目录:
|
1. 将证书移动到系统 CA 目录:
|
||||||
```bash
|
```bash
|
||||||
adb root
|
adb root
|
||||||
adb remount
|
adb remount
|
||||||
adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/
|
adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/
|
||||||
```
|
```
|
||||||
- 2. 设置正确的权限:
|
2. 设置正确的权限:
|
||||||
```bash
|
```bash
|
||||||
adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0
|
adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0
|
||||||
```
|
```
|
||||||
- 3. 重启设备:
|
3. 重启设备:
|
||||||
```bash
|
```bash
|
||||||
adb reboot
|
adb reboot
|
||||||
```
|
```
|
||||||
|
|
@ -86,7 +86,7 @@ REWRITE_HOST_LIST = [
|
||||||
|
|
||||||
运行以下命令以使用重定向脚本启动 `mitmproxy`:
|
运行以下命令以使用重定向脚本启动 `mitmproxy`:
|
||||||
```bash
|
```bash
|
||||||
mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn
|
mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn --ignore 这里输入你的IP地址
|
||||||
```
|
```
|
||||||
|
|
||||||
### 参数说明:
|
### 参数说明:
|
||||||
|
|
@ -108,10 +108,10 @@ mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=wa
|
||||||
- **其他平台**: 参考 [WireGuard 官方安装指南](https://www.wireguard.com/install/)。
|
- **其他平台**: 参考 [WireGuard 官方安装指南](https://www.wireguard.com/install/)。
|
||||||
|
|
||||||
### 配置步骤
|
### 配置步骤
|
||||||
- 1. 打开 WireGuard 客户端,点击左下角+号,选择扫描二维码
|
1. 打开 WireGuard 客户端,点击左下角+号,选择扫描二维码
|
||||||
- 2. 选择后模拟器会弹出扫一扫窗口,选择实时截屏
|
2. 选择后模拟器会弹出扫一扫窗口,选择实时截屏
|
||||||
- 3. 选择截屏后,会有获取图像窗口,移动到Mitmproxy浏览器页面上的二维码(没有的话在设置里面)
|
3. 选择截屏后,会有获取图像窗口,移动到Mitmproxy浏览器页面上的二维码(没有的话在设置里面)
|
||||||
- 4. 启用该配置。
|
4. 启用该配置。
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
@ -126,5 +126,4 @@ mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=wa
|
||||||
- 然后前往/system/etc/security/cacerts/
|
- 然后前往/system/etc/security/cacerts/
|
||||||
- 找到 c8750f0d.0 给予 664 权限。用户组为 root
|
- 找到 c8750f0d.0 给予 664 权限。用户组为 root
|
||||||
|
|
||||||
---
|
---
|
||||||
```
|
|
||||||
Loading…
Reference in New Issue