mitmproxy | mitmproxy 0.16 TLS/SSL patch | TLS library

Run adb root && adb remount first.

The way Mitmproxy allows TLS decryption and the way required to decrypt an pcap dump that has been generated without Mitmproxy in between is totally different:

Mitmproxy only works if the traffic is intercepted so that the traffic is temporary decrypted available in Mitmproxy where as the pcap usually contains non-mitmproxy-intercepted traffic.

For decoding a TLS data from pcap you need the exported pre-master secret keys from the client or the server (or for SSL/TLS ciphers that don't use perfect forward privacy you can decrypt the traffic using the private server key).

For details of TLS decryption using Wireshark see https://wiki.wireshark.org/TLS

It looks like you want to use response.text or response.content, not response.raw_content. raw_content contains the raw compressed HTTP message body, whereas .content contains the uncompressed version.

I was wrong. It looks like you pass in the script with the -s flag Something like:

mitmproxy -s myscript.py

Basically you pass in the file name and mitmproxy will load it and call the request() function, passing in the flow variable you mentioned.

I think reading these two pages might help. Note that they have different kinds of add-ons. I think the simple classless request() function you have would make it a 'script' type.

https://docs.mitmproxy.org/stable/addons-overview/

https://docs.mitmproxy.org/stable/addons-scripting/

There are also more examples in the docs. Also, I've found this GitHub repo to be helpful for examples:

https://github.com/KevCui/mitm-scripts

Although my prior script should work but somehow it didn't I eventually get it working by changing the script as follows:

It has 2 independent processes: The GUI and the mitmproxy script. And communicating both processes does not imply importing modules since you would be creating another widget, also objects should not be accessed through classes (I recommend you check your basic python notes).

In this the solution is to use some Inter process communication (IPC), in this case you can use Qt Remote Objects (QtRO):

main.py

The gRPC protocol is defined in this document. In particular, the section about "Length-Prefixed-Message" describes how the data is encoded:

The repeated sequence of Length-Prefixed-Message items is delivered in DATA frames

• Length-Prefixed-Message → Compressed-Flag Message-Length Message
• Compressed-Flag → 0 / 1 # encoded as 1 byte unsigned integer
• Message-Length → {length of Message} # encoded as 4 byte unsigned integer (big endian)
• Message → *{binary octet}

In other words, to read messages, read 1 byte for the compressed bit, then read 4 bytes for the length, then read that many bytes for the message. If he compressed bit is set, you will need to decompress the message using the format described in the "grpc-encoding" header. Then the format of the message is application-specific. Protobuf is common.

Starting with mitmproxy 7 (unreleased, development snapshots are available at the time of writing), raw TCP is captured by default and protocols with server-side greetings are finally supported. Here is an example:

The first code wasn't working as I did a stupid mistake when creating the thread so p1 = threading.Thread(target=startme(mytime)) does not take the function with its arguments but separately like this p1 = threading.Thread(target=startme, args=(mytime,))

The reason why I could not get the SQL insert statement to work in my second code was this error: