Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > afa0e7c59554a6ec33ced1a95f14102d > files > 166

mitmproxy-0.9.2-4.mga4.noarch.rpm

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta  content="text/html; charset=utf-8" http-equiv="Content-Type"/>


<link  href="../01-bootstrap.min.css" type="text/css" rel="StyleSheet"/>
<link  href="../02-docstyle.css" type="text/css" rel="StyleSheet"/>
<link  href="../syntax.css" type="text/css" rel="StyleSheet"/>
<title>mitmproxy 0.9 - Replacements</title></head><body><div class="navbar navbar-fixed-top">
  <div class="navbar-inner">
    <div class="container">
      <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </a>
      <a class="brand" href="../index.html">mitmproxy 0.9 docs</a>
      </div><!--/.nav-collapse -->
    </div>
  </div>
</div>

<div class="container">
  <div class="row">
    <div class="span3">
      <div class="well sidebar-nav">
        <ul class="nav nav-list">
            <li><a href="../index.html">Introduction</a></li>
            <li><a href="../install.html">Installation</a></li>
            <li><a href="../howmitmproxy.html">How mitmproxy works</a></li>

            <li class="nav-header">Tools</li>
                <li><a href="../mitmproxy.html">mitmproxy</a></li>
                <li><a href="../mitmdump.html">mitmdump</a></li>

            <li class="nav-header">Features</li>
                <li><a href="anticache.html">Anticache</a></li>
                <li><a href="clientreplay.html">Client-side replay</a></li>
                <li><a href="filters.html">Filter expressions</a></li>
                <li><a href="proxyauth.html">Proxy Authentication</a></li>
                <li class="active"><a href="replacements.html">Replacements</a></li>
                <li><a href="serverreplay.html">Server-side replay</a></li>
                <li><a href="setheaders.html">Set Headers</a></li>
                <li><a href="sticky.html">Sticky cookies and auth</a></li>
                <li><a href="reverseproxy.html">Reverse proxy mode</a></li>
                <li><a href="upstreamcerts.html">Upstream Certs</a></li>

            <li class="nav-header">Installing Certificates</li>
                <li><a href="../ssl.html">Overview</a></li>
                <li><a href="../certinstall/firefox.html">Firefox</a></li>
                <li><a href="../certinstall/osx.html">OSX</a></li>
                <li><a href="../certinstall/windows7.html">Windows 7</a></li>
                <li><a href="../certinstall/ios.html">IOS</a></li>
                <li><a href="../certinstall/ios-simulator.html">IOS Simulator</a></li>
                <li><a href="../certinstall/android.html">Android</a></li>

            <li class="nav-header">Transparent Proxying</li>
                <li><a href="../transparent.html">Overview</a></li>
                <li><a href="../transparent/linux.html">Linux</a></li>
                <li><a href="../transparent/osx.html">OSX</a></li>

             <li class="nav-header">Tutorials</li>
                <li><a href="../tutorials/30second.html">Client playback: a 30 second example</a></li>
                <li><a href="../tutorials/gamecenter.html">Setting highscores on Apple's GameCenter</a></li>

            <li class="nav-header">Scripting mitmproxy</li>
                <li><a href="../scripting/inlinescripts.html">Inline Scripts</a></li>
                <li><a href="../scripting/libmproxy.html">libmproxy</a></li>

            <li class="nav-header">Hacking</li>
                <li><a href="../dev/testing.html">Testing</a></li>

        </ul>
      </div>
    </div>

    <div class="span9">
        <div class="page-header">
        <h1>Replacements</h1>
        </div>
        <p>Mitmproxy lets you specify an arbitrary number of patterns that define text
replacements within flows. Each pattern has 3 components: a filter that defines
which flows a replacement applies to, a regular expression that defines what
gets replaced, and a target value that defines what is substituted in.</p>

<p>Replace hooks fire when either a client request or a server response is
received. Only the matching flow component is affected: so, for example, if a
replace hook is triggered on server response, the replacement is only run on
the Response object leaving the Request intact. You control whether the hook
triggers on the request, response or both using the filter pattern. If you need
finer-grained control than this, it's simple to create a script using the
replacement API on Flow components. </p>

<p>Replacement hooks are extremely handy in interactive testing of applications.
For instance you can use a replace hook to replace the text "XSS" with a
complicated XSS exploit, and then "inject" the exploit simply by interacting
with the application through the browser. When used with tools like Firebug and
mitmproxy's own interception abilities, replacement hooks can be an amazingly
flexible and powerful feature. </p>

<h2>On the command-line</h2>

<p>The replacement hook command-line options use a compact syntax to make it easy
to specify all three components at once. The general form is as follows:</p>

<pre><code>/patt/regex/replacement
</code></pre>

<p>Here, <strong>patt</strong> is a mitmproxy filter expression, <strong>regex</strong> is a valid Python
regular expression, and <strong>replacement</strong> is a string literal. The first
character in the expression (<strong>/</strong> in this case) defines what the separation
character is. Here's an example of a valid expression that replaces "foo" with
"bar" in all requests:</p>

<pre><code>:~q:foo:bar
</code></pre>

<p>In practice, it's pretty common for the replacement literal to be long and
complex. For instance, it might be an XSS exploit that weighs in at hundreds or
thousands of characters. To cope with this, there's a variation of the
replacement hook specifier that lets you load the replacement text from a file.
So, you might start <strong>mitmdump</strong> as follows:</p>

<pre class="terminal">
mitmdump --replace-from-file :~q:foo:~/xss-exploit
</pre>

<p>This will load the replacement text from the file <strong>~/xss-exploit</strong>.</p>

<p>Both the <em>--replace</em> and <em>--replace-from-file</em> flags can be passed multiple
times.</p>

<h2>Interactively</h2>

<p>The <em>R</em> shortcut key in mitmproxy lets you add and edit replacement hooks using
a built-in editor. The context-sensitive help (<em>h</em>) has complete usage
information.</p>

<table class="table">
    <tbody>
        <tr>
            <th width="20%">command-line</th>
            <td>
                <ul>
                    <li>--replace</li>
                    <li>--replace-from-file</li>
                </ul>
            </td>
        </tr>
        <tr>
            <th>mitmproxy shortcut</th> <td><b>R</b></td>
        </tr>
    </tbody>
</table>

    </div>
  </div>

  <hr>

  <footer>
    <p>© mitmproxy project, 2013</p>
  </footer>
</div>
</body></html>