Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 8 Python mitmproxy Projects
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
proxy.py
💫 Ngrok FRP Alternative • ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework
-
Scout Monitoring
Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
-
xepor
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Apple's M4 Has Reportedly Adopted the ARMv9 Architecture | news.ycombinator.com | 2024-05-24Mainly this was just myself getting irritated at MS Teams and trying to figure out what it was doing. It was a couple years ago and my current company doesn't use teams, thankfully, so I can't really see if its still valid.
From what I remember..
There are files on the disk that get updated/overwritten with pulls from the server every time it launches. Somewhere in AppData I think. A few of these are config files (with lots of interesting looking settings, including beta features).
One of the config entries specifies a telemetry endpoint (which, you _could_ figure out with a network tracing tool but there are a ton of MS telemetry endpoints your machine is probably talking to. Best to just grab the one explicitly being used from the config like this). I forget the full name of the setting but the name pretty clearly indicates its for telemetry, and the file is clearly a config file. If you can't find it just by browsing the structure, try a multi-file search tool and look for 'telemetry' or URL/hostnames.
You can't really change the value on disk and make it just take effect from there, since it gets downloaded from the server and overwritten before Teams loads. There might be some tricks you can do locally to persist the change but nothing seemed to work for me. You could override response from server via mitmproxy but that requires finding where it comes across the wire at launch time and then building a script/config to replace it.
Anyway, you can block that telemetry endpoint from a firewall and see your memory bloat. Or you can intercept that endpoint in any mitm proxy. I went with this [mitmproxy](https://mitmproxy.org/). From there you can capture the content it sends to the endpoint, or even change the response the server sends (Teams just seems to expect a 200 code back).
The telemetry data itself is some kind of streaming event format. I think I even found documentation on the structure on some microsoft website, so its likely a reused format.
It's pretty straightforward.
I couldn't spend too much time on it and now it's not something I even use, but some cool things you might want to try if you dive deeper into this:
- Overwrite the config file as it returns from the server, to turn on EU data protection, change various functionality you're not supposed to, or flip some feature flags.
- Figure out if there's a feature flag or even other overwrite to fully disable the metrics so they aren't even collected, from anywhere in the app.
- Intercept telemetry, return an 'OK' response and drop the data from telemetry, or maybe document what they collect more definitively if you think there's interest somewhere. This keeps your privacy but doesn't really do anything for performance.
- Interfere with the data before actually returning it, maybe try playing with event contents and channel/user indicators. Microsoft probably won't like this if they notice, but it's unlikely they'll even notice.
There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165
Project mention: Norway Fining Meta $98,500 per Day for User Privacy Breach | news.ycombinator.com | 2023-09-15No, they're usually not published. I encourage you to do it yourself.
Looks like Instagram at least does do TLS cert pinning, but it looks like there are patched binaries that disable it.
https://github.com/Eltion/Instagram-SSL-Pinning-Bypass
Python mitmproxy related posts
-
Terrapin-Attack Style Vulnerability Likely Exploited for 2 Years
-
mitmproxy VS petep - a user suggested alternative
2 projects | 3 Oct 2023 -
Check if a publickey is known by GitHub or Gitlab without iterating all users
-
Should SSH-MITM add a Codehoster user check as a default setting?
-
Man In The Middle Proxy in Rust
-
Python API Documentation created with ChatGPT
-
SSH-MitM has prebuilt windows executables
-
A note from our sponsor - InfluxDB
www.influxdata.com | 7 Jun 2024
Index
What are some of the best open-source mitmproxy projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | mitmproxy | 34,786 |
2 | proxy.py | 2,899 |
3 | ssh-mitm | 1,237 |
4 | BDFProxy | 981 |
5 | Instagram-SSL-Pinning-Bypass | 372 |
6 | xepor | 203 |
7 | msattack | 16 |
8 | super-auto-pets | 11 |