https://www.txthinking.com/talks/
Updated at: 2023-05-21
Because many apps can choose to bypass the system proxy. For details, you can view this article.
A few years ago we made the mitmproxy helper application, sale $9.9.
Now Brook supports very powerful scripts, which can easily achieve the same functions as the above App through scripts. You save $9.9.
In fact, Brook can also capture and modify packets independently without relying on any other software. You can view this article.
mitmproxy -m socks5 --rawtcp --listen-port 8080
This will create a socks5 with port 8080
Because mitmproxy only supports HTTP/1.1 and HTTP/2 packet capture; it does not support UDP and certainly does not support HTTP/3.
So we have to use scripts to block the UDP of domainaddress, and let the UDP of ipaddress directly connect or block UDP, or skip some addresses that cannot be caught. In actual combat, we need to analyze it according to the specific situation.
Config and Connect Brook
Script:
text := import("text")
f := func(){
if in_dnsquery {
// block secure dns
if in_dnsquery.domain == "dns.google" {
return {block: true}
}
// block ipv6, if your server or local does not support ipv6
if in_dnsquery.type == "AAAA" {
return {block: true}
}
}
if in_address {
m := in_address
if m.ipaddress {
// block secure dns
if m.ipaddress == "8.8.8.8:853" || m.ipaddress == "8.8.8.8:443" || m.ipaddress == "8.8.4.4:853" || m.ipaddress == "8.8.4.4:443" || m.ipaddress == "[2001:4860:4860::8888]:853" || m.ipaddress == "[2001:4860:4860::8888]:443" || m.ipaddress == "[2001:4860:4860::8844]:853" || m.ipaddress == "[2001:4860:4860::8844]:443" {
return { "block": true }
}
// block or bypass udp
if m.network == "udp" {
return { bypass: true } // or { block : true }
}
}
if m.domainaddress {
// block secure dns
if text.has_prefix(m.domainaddress, "dns.google:") {
return { "block": true }
}
// block udp
if m.network == "udp" {
return { block: true }
}
}
}
}
out := f()
This script blocks secure DNS, blocks IPv6 AAAA, blocks UDP of domainaddress, and allows direct connection of UDP of ipaddress. The script is here.
Visit http://mitm.it
with your mobile phone to install the CA certificate of mitmproxy
Then open the app you want to capture packets
TODO