Created
March 9, 2023 17:43
-
-
Save wdormann/ceb8d98c149322a685722bac41c40ddb to your computer and use it in GitHub Desktop.
mitmproxy rewrite rule to allow user to use personal login for Microsoft as opposed to org-controlled oauth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##################################################### | |
| ## Content rewriting script for mitmproxy 4 | |
| ## Other versions of mitmproxy may not be compatible | |
| ##################################################### | |
| # | |
| # BEGIN LICENSE # | |
| # | |
| # CERT Tapioca | |
| # | |
| # Copyright 2018 Carnegie Mellon University. All Rights Reserved. | |
| # | |
| # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE | |
| # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. | |
| # CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER | |
| # EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED | |
| # TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, | |
| # OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON | |
| # UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO | |
| # FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. | |
| # | |
| # Released under a BSD (SEI)-style license, please see license.txt or | |
| # contact permission@sei.cmu.edu for full terms. | |
| # | |
| # [DISTRIBUTION STATEMENT A] This material has been approved for | |
| # public release and unlimited distribution. Please see Copyright | |
| # notice for non-US Government use and distribution. | |
| # CERT(R) is registered in the U.S. Patent and Trademark Office by | |
| # Carnegie Mellon University. | |
| # | |
| # DM18-0637 | |
| # | |
| # END LICENSE # | |
| # See https://github.com/mitmproxy/mitmproxy/tree/master/examples for more | |
| # examples as to what you can do with mitmproxy scripts | |
| # This file can be edited while mitmproxy is running. It will pick up changes | |
| # on file save | |
| from mitmproxy import http | |
| req_before = 'Content to find in intercepted requests' | |
| req_after = 'Content to replace the above with' | |
| resp_before = '"environment":"microsoftonline.us"' | |
| resp_after = '"environment":"Global"' | |
| resp_before2 = '"configProviderName":"microsoftonline.us"' | |
| resp_after2 = '' | |
| resp_before3 = 'https://login.microsoftonline.com/common/oauth2/authorize' | |
| resp_after3 = 'https://login.live.com/oauth20_authorize.srf' | |
| resp_before4 = 'https://login.microsoftonline.us/common/oauth2/token' | |
| resp_after4 = 'https://login.live.com/oauth20_token.srf' | |
| resp_before5 = '"type":"OrgId"' | |
| resp_after5 = '"type":"MSA"' | |
| #calcbytes = None | |
| #with open("calc.exe", "rb") as f: | |
| # calcbytes = f.read() | |
| def response(flow: http.HTTPFlow) -> None: | |
| try: | |
| # Older mitmproxy version | |
| flow.response.replace(resp_before, resp_after) | |
| except AttributeError: | |
| # Newer mitmproxy version | |
| # https://stackoverflow.com/questions/64111152/issue-converting-older-mitmproxy-scripts-to-work-on-5-2-error-on-replace-and-c | |
| if flow.response.content: | |
| try: | |
| # Try binary replacement first | |
| flow.response.content = flow.response.content.replace(resp_before, resp_after) | |
| flow.response.content = flow.response.content.replace(resp_before2, resp_after2) | |
| flow.response.content = flow.response.content.replace(resp_before3, resp_after3) | |
| flow.response.content = flow.response.content.replace(resp_before4, resp_after4) | |
| flow.response.content = flow.response.content.replace(resp_before5, resp_after5) | |
| except TypeError: | |
| # Then fall back to text replacement | |
| flow.response.text = flow.response.text.replace(resp_before, resp_after) | |
| flow.response.text = flow.response.text.replace(resp_before2, resp_after2) | |
| flow.response.text = flow.response.text.replace(resp_before3, resp_after3) | |
| flow.response.text = flow.response.text.replace(resp_before4, resp_after4) | |
| flow.response.text = flow.response.text.replace(resp_before5, resp_after5) | |
| def request(flow: http.HTTPFlow) -> None: | |
| try: | |
| # Older mitmproxy version | |
| flow.request.replace(req_before, req_after) | |
| except AttributeError: | |
| # Newer mitmproxy version | |
| if flow.request.content: | |
| try: | |
| # Try binary replacement first | |
| flow.request.content = flow.request.content.replace(req_before, req_after) | |
| flow.request.content = flow.request.content.replace(req_before2, req_after2) | |
| flow.request.content = flow.request.content.replace(req_before3, req_after3) | |
| flow.request.content = flow.request.content.replace(req_before4, req_after4) | |
| flow.request.content = flow.request.content.replace(req_before5, req_after5) | |
| except TypeError: | |
| # Then fall back to text replacement | |
| flow.request.text = flow.request.text.replace(req_before, req_after) | |
| flow.request.text = flow.request.text.replace(req_before2, req_after2) | |
| flow.request.text = flow.request.text.replace(req_before3, req_after3) | |
| flow.request.text = flow.request.text.replace(req_before4, req_after4) | |
| flow.request.text = flow.request.text.replace(req_before5, req_after5) | |
| #flow.request.headers['User-Agent'] = 'Custom User-Agent' | |
| ## Below is an example that will answer any question for a URI that ends in '.exe' | |
| ## with the bytes from calc.exe (uncomment the above as well) | |
| # if flow.request.method == 'GET' and flow.request.url.endswith('.exe'): | |
| # flow.response = http.HTTPResponse.make( | |
| # 200, # (optional) status code | |
| # calcbytes, # (optional) content | |
| # {'Content-Type': 'application/octet-stream'} # (optional) headers | |
| # ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment