Skip to content

Instantly share code, notes, and snippets.

Last active May 21, 2024 19:30
Show Gist options
  • Save dlenski/33bfa3a8691686d02ddaf7a51843a89a to your computer and use it in GitHub Desktop.
Save dlenski/33bfa3a8691686d02ddaf7a51843a89a to your computer and use it in GitHub Desktop.
Juniper VPN logging script for mitmproxy v4.0.4
# Run like this with mitmproxy v4.0.4:
# mitmdump --script --tcp-hosts JUNIPER.SERVER.COM
# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
# and will replace the MD5 hash of the "real" server certificate with that of the
# MITM'ed server certificate (as provided to the client) anywhere it appears in the
# TCP flows' content.
from time import strftime, time, localtime
from sys import stderr
from binascii import hexlify
#import argparse
#p = argparse.ArgumentParser()
#p.add_argument('path', nargs='?', default='/tmp')
#args = p.parse_args()
logpath = '/tmp'
def hexl(bytes):
return ' '.join('%02x'%b for b in bytes)
def hexdump(bytes, width=32, text=True):
out = ''
for pos in range(0, len(bytes), width):
row = bytes[pos:pos+width]
hexrow = ' '.join('%02x'%b for b in row)
textrow = ' '+repr(row) if text else ''
out += '%08x %s%s\n' % (pos, hexrow.ljust(3*width), textrow)
return out
def tcp_start(flow):
d = flow.dumpfile = open('%s/TCPFlow-%s.log' % (logpath,'%Y%m%d_%H%M%S')), 'w')
print("Dumping to %s" %, file=stderr)
def tcp_message(flow):
d = flow.dumpfile
m = flow.messages[-1]
c = m.content
real_server_hash = flow.server_conn.cert.digest('md5').replace(b':',b'').lower()
# see dlenski's issue #1935, PR #2018
mitm_server_hash = flow.client_conn.mitmcert.digest('md5').replace(b':',b'').lower()
nc = m.content
nc = nc.replace(real_server_hash, mitm_server_hash)
if nc!=m.content:
print("%s message: replaced real cert hash (%r) with mitmproxy cert hash (%r)" % ('outgoing' if m.from_client else 'incoming', real_server_hash, mitm_server_hash), file=stderr)
m.content = nc
d.write('%s %s\n' % (strftime('%Y%m%dT%H%M%S', localtime(time())), '>' if m.from_client else '<'))
def tcp_error(flow):
d = flow.dumpfile
error = flow.error
d.write('# %s\n' % repr(error))
def tcp_end(flow):
d = flow.dumpfile
Copy link

dlenski commented May 21, 2024

My 2017 contribution of mitmproxy/mitmproxy#2018 (→ mitmproxy/mitmproxy@391f28f) to mitmproxy made it possible to automate the substitution of the server's cert's MD5 hash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment