## Mitmproxy Usage Guide (By 北野樱奈) ## Prerequisites - 1. [Download mitmproxy](https://mitmproxy.org/) and install it. - 2. Basic knowledge of WireGuard and Python scripting. - 3. A client device (e.g., Android emulator or smartphone) and a host machine running `mitmproxy`. ### Installation Steps - **Linux/Mac** ```markdown # Ubuntu/Debian sudo apt update sudo apt install mitmproxy # macOS brew install mitmproxy ``` - **Windows**: Download the `.exe` installer from [mitmproxy.org](https://mitmproxy.org/) and follow the instructions to complete the installation. ### Verify Installation Run the following command to verify the installation: ```bash mitmproxy --version ``` --- ## Step 2: Install CA Certificates on Client and Server To decrypt HTTPS traffic, the client needs to trust the `mitmproxy` CA certificate. ### Steps - 1. Start `mitmproxy` to generate the certificate: ```bash mitmdump ``` - 2. On the PC, navigate to `C:\Users\YourUser\.mitmproxy` to locate the certificate file (mitmproxy-ca.p12). - 3. In the `mitmproxy` directory, locate `mitmproxy-ca-cert.crt`. - 4. Rename `mitmproxy-ca-cert.crt` to `c8750f0d.0`. - 5. Install the certificate as a system CA. --- ### For Android Devices - 1. Move the certificate to the system CA directory: ```bash adb root adb remount adb shell mv /sdcard/c8750f0d.0 /system/etc/security/cacerts/ ``` - 2. Set the correct permissions: ```bash adb shell chmod 644 /system/etc/security/cacerts/c8750f0d.0 ``` - 3. Reboot the device: ```bash adb reboot ``` --- ## Step 3: Download the Redirect Script Download the script from the repository. ### Note: **Make sure to modify the IP address in `redirect_server.py`.** ```python import gzip import json from mitmproxy import http SERVER_HOST = 'Replace this with your IP' SERVER_PORT = 80 REWRITE_HOST_LIST = [ 'ba-jp-sdk.bluearchive.jp', 'prod-gateway.bluearchiveyostar.com', 'prod-game.bluearchiveyostar.com', # 'prod-notice.bluearchiveyostar.com', # 'prod-logcollector.bluearchiveyostar.com', ] ``` --- ## Step 4: Launch mitmproxy and Load the Script Run the following command to start `mitmproxy` with the redirect script: ```bash mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn ``` ### Parameter Explanation: - `-m wireguard`: Use WireGuard as the network layer. - `--no-http2`: Disable HTTP/2 to improve compatibility. - `-s redirect_server.py`: Load the redirect script. - `--set termlog_verbosity=warn`: Set log level to warnings only. You can monitor traffic through the `mitmweb` interface at `http://localhost:8081`. --- ## Step 5: Install and Configure WireGuard Use WireGuard to route client traffic to `mitmproxy`. ### Installation Steps - **Android**: [Download WireGuard](https://play.google.com/store/apps/details?id=com.wireguard.android). - **Other Platforms**: Refer to the [official WireGuard installation guide](https://www.wireguard.com/install/). ### Configuration Steps - 1. Open the WireGuard client, click the `+` button in the bottom left corner, and select **Scan QR Code**. - 2. The emulator will display a scanner window. Select **Real-time Screenshot**. - 3. Position the screenshot over the QR code in the Mitmproxy browser page (accessible via settings). - 4. Enable the configuration. --- ## Troubleshooting ### Error: Client TLS handshake failed. The client does not trust the proxy's certificate for yostar-oversea-netsdk-logging.ap-southeast-1.log.aliyuncs.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) - Ensure that both the PC and client have the same Mitmproxy certificate installed. - Verify that the Mitmproxy certificate is properly installed on both ends. ### Android Certificate Disappears After Installation - Use the MT Manager to grant SU (superuser) permissions. - Navigate to `/system/etc/security/cacerts/`. - Locate `c8750f0d.0` and set the permissions to 664. The user group should be set to root. ---