dlenski/jun_ssl_log.py

## jun_ssl_log.py
#!/usr/bin/python3

# Run like this with mitmproxy v4.0.4:
#    mitmdump --script jun_ssl_log.py --tcp-hosts JUNIPER.SERVER.COM
#
# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
# and will replace the MD5 hash of the "real" server certificate with that of the
# MITM'ed server certificate (as provided to the client) anywhere it appears in the
# TCP flows' content.

from time import strftime, time, localtime
from sys import stderr
from binascii import hexlify
#import argparse

#p = argparse.ArgumentParser()
#p.add_argument('path', nargs='?', default='/tmp')
#args = p.parse_args()
logpath = '/tmp'

def hexl(bytes):
    return ' '.join('%02x'%b for b in bytes)

def hexdump(bytes, width=32, text=True):
    out = ''
    for pos in range(0, len(bytes), width):
        row = bytes[pos:pos+width]
        hexrow = ' '.join('%02x'%b for b in row)
        textrow = ' '+repr(row) if text else ''
        out += '%08x  %s%s\n' % (pos, hexrow.ljust(3*width), textrow)
    return out

def tcp_start(flow):
    d =  flow.dumpfile = open('%s/TCPFlow-%s.log' % (logpath, datetime.now().strftime('%Y%m%d_%H%M%S')), 'w')
    print("Dumping to %s" % d.name, file=stderr)

def tcp_message(flow):
    d = flow.dumpfile
    m = flow.messages[-1]
    c = m.content

    real_server_hash = flow.server_conn.cert.digest('md5').replace(b':',b'').lower()
    # see dlenski's issue #1935, PR #2018
    mitm_server_hash = flow.client_conn.mitmcert.digest('md5').replace(b':',b'').lower()

    nc = m.content
    nc = nc.replace(real_server_hash, mitm_server_hash)
    if nc!=m.content:
        print("%s message: replaced real cert hash (%r) with mitmproxy cert hash (%r)" % ('outgoing' if m.from_client else 'incoming', real_server_hash, mitm_server_hash), file=stderr)
        m.content = nc

    d.write('%s %s\n' % (strftime('%Y%m%dT%H%M%S', localtime(time())), '>' if m.from_client else '<'))
    d.write(hexdump(m.content))

def tcp_error(flow):
    d = flow.dumpfile
    error = flow.error
    d.write('# %s\n' % repr(error))

def tcp_end(flow):
    d = flow.dumpfile
    d.close()
	#!/usr/bin/python3

	# Run like this with mitmproxy v4.0.4:
	# mitmdump --script jun_ssl_log.py --tcp-hosts JUNIPER.SERVER.COM
	#
	# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
	# and will replace the MD5 hash of the "real" server certificate with that of the
	# MITM'ed server certificate (as provided to the client) anywhere it appears in the
	# TCP flows' content.

	from time import strftime, time, localtime
	from sys import stderr
	from binascii import hexlify
	#import argparse

	#p = argparse.ArgumentParser()
	#p.add_argument('path', nargs='?', default='/tmp')
	#args = p.parse_args()
	logpath = '/tmp'

	def hexl(bytes):
	return ' '.join('%02x'%b for b in bytes)

	def hexdump(bytes, width=32, text=True):
	out = ''
	for pos in range(0, len(bytes), width):
	row = bytes[pos:pos+width]
	hexrow = ' '.join('%02x'%b for b in row)
	textrow = ' '+repr(row) if text else ''
	out += '%08x %s%s\n' % (pos, hexrow.ljust(3*width), textrow)
	return out

	def tcp_start(flow):
	d = flow.dumpfile = open('%s/TCPFlow-%s.log' % (logpath, datetime.now().strftime('%Y%m%d_%H%M%S')), 'w')
	print("Dumping to %s" % d.name, file=stderr)

	def tcp_message(flow):
	d = flow.dumpfile
	m = flow.messages[-1]
	c = m.content

	real_server_hash = flow.server_conn.cert.digest('md5').replace(b':',b'').lower()
	# see dlenski's issue #1935, PR #2018
	mitm_server_hash = flow.client_conn.mitmcert.digest('md5').replace(b':',b'').lower()

	nc = m.content
	nc = nc.replace(real_server_hash, mitm_server_hash)
	if nc!=m.content:
	print("%s message: replaced real cert hash (%r) with mitmproxy cert hash (%r)" % ('outgoing' if m.from_client else 'incoming', real_server_hash, mitm_server_hash), file=stderr)
	m.content = nc

	d.write('%s %s\n' % (strftime('%Y%m%dT%H%M%S', localtime(time())), '>' if m.from_client else '<'))
	d.write(hexdump(m.content))

	def tcp_error(flow):
	d = flow.dumpfile
	error = flow.error
	d.write('# %s\n' % repr(error))

	def tcp_end(flow):
	d = flow.dumpfile
	d.close()