Mitmproxy 请求和响应中的 Cookie 操作

问题描述 投票:0回答:2

我在添加仅对 mitmproxy 反向代理模式下的客户端可见的新 cookie 时遇到问题。似乎很少有文档或示例涵盖其中的 cookie 操作。

我想要:

  1. 将 cookie 添加到发送给客户端的响应中
  2. 在客户端发回时拦截相同的 cookie,以识别用户,并在将其发送到目标服务器之前将其删除

如何实现这一点?

python mitmproxy
2个回答
1
投票

注意:我相信 1. 你的意思是在“请求”中添加一个 cookie。

您可以编写一个脚本来实现 

request
response
函数并修改这些对象。然后,您可以使用 
mitmproxy
标志运行 
-s
并将其传递给脚本文件的路径,这样您就可以继续操作了。请参阅下面的脚本的主要结构(以及下面的辅助函数)。

# USAGE: mitmproxy -s path/to/http_manipulate_cookies.py
from mitmproxy import http


PATH_TO_COOKIES = "./cookies.json"  # insert your path to the cookie file here
FILTER_COOKIES = {"userdata", "_ga"}  # update this to the specific cookie names you want to remove
# NOTE: we use a set for lookup efficiency

# -- Main interception functionality --
def request(flow: http.HTTPFlow) -> None:
    """Add a specific set of cookies to every request."""
    # obtain any cookies from the request
    _req_cookies_str = flow.request.headers.get("cookie", "")
    req_cookies = parse_cookies(_req_cookies_str)

    # add our cookies to the original cookies from the request
    all_cookies = req_cookies + load_json_cookies()
    # NOTE: by adding it to the end we should overwrite any existing cookies
    # of the same name but if you want to be more careful you can iterate over 
    # the req_cookies and remove the ones you want to overwrite first.

    # modify the request with the combined cookies
    flow.request.headers["cookie"] = stringify_cookies(all_cookies)


def response(flow: http.HTTPFlow) -> None:
    """Remove a specific cookie from every response."""
    set_cookies_str = flow.response.headers.get("set-cookie", "")
    # NOTE: use safe attribute access (.get), in some cases there might not be a set-cookie header
    
    if set_cookies_str:
        resp_cookies = parse_cookies(set_cookies_str)

        # remove the cookie we want to remove
        resp_cookies = [c for c in resp_cookies if c["name"] not in FILTER_COOKIES]

        # modify the request with the combined cookies
        flow.response.headers["set-cookie"] = stringify_cookies(resp_cookies)



cookie.json
文档的示例如下:

[
    {
        "name": "mycookie",
        "value": "somevalue"
    },
    {
        "name": "anothercookie",
        "value": "foobarfoobazfoofoobuzz"
    }
]

以下是我使用的辅助函数:

from typing import List, Dict
import json


# -- Helper functions --
def load_json_cookies():
    """
    Load a particular json file containing a list of cookies.
    """
    with open(PATH_TO_COOKIES, "r") as f:
        return json.load(f)
# NOTE: or just hardcode the cookies as [{"name": "", "value": ""}]


def stringify_cookies(cookies: List[Dict]) -> str:
    """
    Creates a cookie string from a list of cookie dicts.
    """
    return ";".join([f"{c['name']}={c['value']}" for c in cookies])


def parse_cookies(cookie_string: str) -> List[Dict[str, str]]:
    """
    Parses a cookie string into a list of cookie dicts.
    """
    cookies = []
    for c in cookie_string.split(";"):
        c = c.strip()
        if c:            
            k, v = c.split("=", 1)
            cookies.append({"name": k, "value": v})
    return cookies

我将此示例作为 PR 提交给 mitmproxy:https://github.com/mitmproxy/mitmproxy/pull/5278

0
投票

以下是如何告诉浏览器设置多个 cookie 的示例。

flow.response.headers.add('set-cookie', 'name=value; expires=Sat, 27-Apr-2024 20:58:43 GMT; path=/; domain=.example.com; Secure; SameSite=none')
flow.response.headers.add('set-cookie', 'name2=value2; expires=Sat, 27-Apr-2024 20:58:43 GMT; path=/; domain=.example.com; Secure; SameSite=none')

上面的例子会在响应头中插入两行set-cookie。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.