Skip to content

Instantly share code, notes, and snippets.

@c3rb3ru5d3d53c
Created June 19, 2022 11:06
Show Gist options
  • Save c3rb3ru5d3d53c/d9eb9d752882fcc630d338a6b2461777 to your computer and use it in GitHub Desktop.
Save c3rb3ru5d3d53c/d9eb9d752882fcc630d338a6b2461777 to your computer and use it in GitHub Desktop.
MITMPcap - A Script that allows you to capture pcaps with TLS secrets for later analysis in Wireshark
#!/usr/bin/env bash
DARKGREEN=$'\e[00;32m'
GREEN=$'\e[01;32m'
TEAL=$'\e[00;36m'
DARKGREY=$'\e[01;30m'
CYAN=$'\e[01;36m'
LIGHTGREY=$'\e[00;37m'
RED=$'\e[00;31m'
PINK=$'\e[01;31m'
BLACK=$'\e[00;30m'
BLUE=$'\e[01;34m'
DARKBLUE=$'\e[00;34m'
WHITE=$'\e[01;37m'
RESET=$'\e[0m'
YELLOW=$'\e[01;33m'
MAGENTA=$'\e[01;35m'
PURPLE=$'\e[00;35m'
DEFAULT_CONFIG_FOLDER=".mitmproxy"
CAPTURE_FOLDER="$HOME/$CONFIG/pcaps"
DATE=$(date +"%Y-%m-%dT%H%M%S")
PCAP_PATH="$HOME/$DEFAULT_CONFIG_FOLDER/capture-$DATE.pcap"
SECRETS_PATH="$HOME/$DEFAULT_CONFIG_FOLDER/secrets-$DATE.lst"
INTERFACE="eth0"
PROXY_PORT=8080
CAPTURE_FORMAT="libpcap"
HTTP_VERSION="--no-http2"
MODE="transparent"
CAPTURE_ARGS=""
ARGS=""
CAPTURE_PID_PATH="$HOME/$DEFAULT_CONFIG_FOLDER/mitmpcap.pid"
function help_menu(){
echo "mitmpcap - a simple mitmproxy pcap and tls secrets tool"
echo " -h --help Help Menu (optional)"
echo " -i --interface Interface (default=eth0)"
echo " -w --pcap Write PCAP File (default=~/.mitmproxy/capture-date.pcap)"
echo " -m --mode Mode for MITMProxy (default=transparent)"
echo " -p --port Proxy Listen Port (default=8080)"
echo " -s --secrets TLS Secrets Path (default=~/.mitmproxy/secrets-date.lst)"
echo " -v --http-version HTTP Version (default=1)"
echo " -f --capture-format TShark PCAP format (default=libpcap)"
echo " -c --capture-args Custom TShark Capture Args (default=none)"
echo " -a --args Custom MITMProxy Arguments (default=none)"
echo "Author: @c3rb3ru5d3d53c"
}
function logging(){
case "$1" in
info)
echo "[${BLUE}...${RESET}] $2"
;;
warn)
echo "[${YELLOW}!${RESET}] $2"
;;
fail)
echo "[${RED}X${RESET}] $2"
;;
success)
echo "[${GREEN}*${RESET}] $2"
;;
*)
echo "[${RED}X${RESET}] log type incorrect"
exit 1
;;
esac
}
command_exists() {
command -v "$1" >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
logging fail "$1 is required but is not installed"
exit 1
fi
}
command_exists "mitmproxy"
command_exists "tshark"
while test $# -gt 0; do
case "$1" in
-h|--help)
help_menu
exit 0
;;
-p|--port)
shift
if test $# -gt 0; then
PROXY_PORT=$1
else
logging fail "proxy port was not specified"
exit 1
fi
;;
-i|--interface)
shift
if test $# -gt 0; then
INTERFACE=$1
else
logging fail "interface was not specified"
exit 1
fi
;;
-w|--pcap)
shift
if test $# -gt 0; then
PCAP_PATH=$1
else
logging fail "pcap path was not specified"
exit 1
fi
;;
-c|--capture-args)
shift
if test $# -gt 0; then
CAPTURE_ARGS=$1
else
logging fail "capture arguments were not specified"
exit 1
fi
;;
-f|--capture-format)
shift
if test $# -gt 0; then
CAPTURE_FORMAT=$1
else
logging fail "capture format was not specified"
exit 1
fi
;;
-s|--secrets)
shift
if test $# -gt 0; then
SECRETS_PATH=$1
else
logging fail "secrets path was not specified"
exit 1
fi
;;
-m|--mode)
shift
if test $# -gt 0; then
MODE=$1
else
logging fail "mode was not specified"
exit 1
fi
;;
-a|--args)
shift
if test $# -gt 0; then
ARGS=$1
else
logging fail "additional arguments were not specified"
exit 1
fi
;;
-v|--http-version)
shift
if test $# -gt 0; then
if [[ "$1" -eq 1 ]]; then
HTTP_VERSION="--no-http2"
else
if [[ "$1" -eq 2 ]]; then
HTTP_VERSION="--http2"
else
logging fail "only http versions 1 and 2 are supported"
exit 1
fi
fi
else
logging fail "http version was not specified"
exit 1
fi
;;
esac
shift
done
tshark -Q -i $INTERFACE -w $PCAP_PATH -F $CAPTURE_FORMAT $CAPTURE_ARGS &
SSLKEYLOGFILE="$SECRETS_PATH" mitmproxy --mode $MODE -p $PROXY_PORT --showhost $HTTP_VERSION $ARGS
kill -HUP $(pidof tshark)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment