-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[question] ability to modify HTTP headers inflight? #326
Comments
Hello, this could be implemented via a mitmproxy plugin. Internally, PCAPdroid-mitm runs mitmproxy, so this could be intergrated into PCAPdroid-mitm, by providing a UI for such feature. I've recently done a similar integration to allow users to inject Javascript code, check out https://emanuele-f.github.io/PCAPdroid/advanced_features#46-js-injector and https://github.com/emanuele-f/PCAPdroid-mitm/blob/master/app/src/main/python/js_injector.py#L61, which in essence is a mitmproxy plugin. Another option, quicker to test without modifing PCAPdroid-mitm, is to enable the socks5 proxy mode of PCAPdroid, redirecting the traffic to your mitmproxy instance running in SOCKS5 listener mode. This way you can just load your plugin on the mitmproxy instance via cli options, e.g. What is your use-case for this? It could be a nice feature to have in PCAPdroid |
First off.. your app is amazing! That said.. I've never dug any deeper.. It's very amusing that your example of how to modify network traffic inflight.. The reason I say so, is that the use-case that brings me here is pretty much exactly that.
It works great, but with two important limitations..
The suggested workaround is:
I could do that, but I went googling for a more generic approach.. Now that I know there's a plugin system, I've got some reading to do.. It's funny.. this topic (of HTTP header modification) feels like it's been plaguing me for years..
In any case, I'll dig into your repo and poke around. Thanks again for writing such a truly great app, |
I was completely unaware of Now that I've installed it, and played around.. here is what I did to run my own mitmproxy script:
amazingly, it works perfectly..
partly a suggestion, and partly a request..
I think this convention of scanning particular directories.. |
as an after-thought.. there would be a benefit to moving the
|
Thank you very much for your feedback and detailed description of the steps for your integration. My specific use case is to extract a video URL from a web page on a phone and play it on a firestick device, which lacks Chromecast. To accomplish this I'm using the following technologies:
I'm quite happy with this, as the experience is very similar to the one of chromecast. In the past I've also tried your Android-WebCast app to extract the video URL but I remember I had some issues with it, missing adblock or problems with Android TV if I remember correctly. In my opinion, this approach to use a customized browser app has pros and cons. Some big pros are that you can extend the Javascript engine with native functions, e.g. start intents and access persistent storage, and of course provide a customized user experience (e.g. for the cast functions). But the cons are that the user is forced to use this app instead of his favorite browser, you need to maintain such an app and probably provide adblock and other features a user may need. I like this approach of using PCAPdroid-mitm as I can leave it running in the background and forget about it, only decrypt the specific websites which I'm interesting into, and use my favorite browser. I've open emanuele-f/PCAPdroid-mitm#8 and emanuele-f/PCAPdroid-mitm#9 to track this request. I agree that this kind of extensibility would be very appealing for power users, so this is something I plan to implement soon. One limitation to keep in mind is in the integration of python/native libraries, which may require building them via chaquopy. For the Js Injector addon, since it's integrated into the PCAPdroid-mitm UI, I think it's better to ship it with the mitm app. I will add the ability to enable/disable such addons from the mitm app. The ability to read user scripts from the local storage could be optional, so I'm not concerned about a possible not-granted READ_EXTERNAL_STORAGE permission, I will handle it. |
You're right about the Ad Blocker that I've built into both The implementation was intended to happen in two stages:
But, I suppose I got lazy and never got around to the 2nd stage. Personally, I usually like to run an Ad Blocker at a system-wide level.. If you're looking for (yet another) challenge..
Similar such mitmproxy scripts already exist,
|
as a friendly comment..
|
PS: |
Yeah, compared to the system-wide adblock, this would be more powerfull, thanks to its ability to match URLs in decrypted traffic. But decryption without root is limited to a very small set of apps, mostly browsers. Anyway, this is not something I'm willing to invest time on for now
Interesting links, thanks for sharing
I see, this is also something I've also experienced in the past for some websites. I think many websites today rely on third-party CDNs, so they don't use this referrrer-based. Anyway, an extension of the Just-Player-Receiver and Just Player should solve this.
Thanks for sharing this. I will add the external storage permission and removal of CSP headers soon Also if you would like to contribute to PCAPdroid/mitm your help is welcome. The mitm addon has quite a bit of build dependenices, but it should build just fine |
I'm loving this 😃 I just updated my it basically does the same thing as the so now, this
|
I played around with that adblock script (mentioned earlier).. and got it working pretty nicely. |
I also played around with the general concept for your javascript injector script, |
I know you said that you liked the idea of having a directory for users to add their own mitmproxy scripts.. I wrote this
All of my other scripts are automatically initialized and their addons passed to Disclaimer: |
This is a great start for such a feature! I haven't checked the code in detail, but I assume that a linear search is performed, which combined with regex match time causes such a delay. Is there any strategy to avoid such linear search?
This looks good, I will check in more detail at implementation time. I don't mind being ideomatic at this time, the priority is to allow people to use their own scripts. Thinking about this, it would be great to have a repository from which people can search and download scripts easily directly from the app. I have some concerns about this, in particular regarding maintenance time and cost and content moderation, to avoid the spread of malicious scripts. Maybe for now a simple web page, listing links to suggested scripts, could be enough. |
regarding the performance.. and implementation details.. of the upstream adblockparser library..
The only big improvement that I can see.. |
regarding the lack of a defacto repository for mitmproxy scripts.. the analogy is a good one.. continuing with that analogy.. I imagine the same would hold true for user contributions of mitmproxy scripts. |
Regarding re2, native packages need cross compilation with chaquopy. Such a speedup would justify time spent trying to build it. When I have some time I can look into building it, as I already have the environment ready. Regarding the repo, I agree that a curated list is better than having a free to access repo. I've just released the new PCAPdroid version with the js injector support, I plan this stuff for the next release |
I know that I've already said this, but it bears repeating..
Even though both my |
There is one thing that I'd like to propose.. in
I would propose adding an additional setting:
The reason for including such an option.. update: sorry.. for the false alarm 🤷 |
Yeah, PCAPdroid can direct to mitmproxy any TCP connection. Only UDP is not currently supported. |
for example:
^.*$
response
remove
content-security-policy
null
The text was updated successfully, but these errors were encountered: