https://www.txthinking.com/talks/
Updated at: 2023-05-22
Brook 搭配 mitmproxy 进行手机 App 深度抓包
当然 Brook 也可以不依赖任何其他软件,自己单独进行抓包和修改包。
查看文档:https://brook.app
如下配置,然后连接 Brook
脚本:
text := import("text")
f := func(){
if in_dnsquery {
// block secure dns
if in_dnsquery.domain == "dns.google" {
return {block: true}
}
}
if in_address {
m := in_address
if m.ipaddress {
// block secure dns
if m.ipaddress == "8.8.8.8:853" || m.ipaddress == "8.8.8.8:443" || m.ipaddress == "8.8.4.4:853" || m.ipaddress == "8.8.4.4:443" || m.ipaddress == "[2001:4860:4860::8888]:853" || m.ipaddress == "[2001:4860:4860::8888]:443" || m.ipaddress == "[2001:4860:4860::8844]:853" || m.ipaddress == "[2001:4860:4860::8844]:443" {
return { "block": true }
}
// block or bypass udp
if m.network == "udp" {
return { bypass: true } // or { block : true }
}
}
if m.domainaddress {
// block secure dns
if text.has_prefix(m.domainaddress, "dns.google:") {
return { "block": true }
}
// Packet Capture all tcp 80, most http/1.1 use it
if m.network == "tcp" && text.has_suffix(m.domainaddress, ":80"){
return {"mitm": true, "mitmprotocol": "http", "mitmwithbody": true, "mitmautohandlecompress": true}
}
// Packet Capture all tcp 443, most https http/1.1 and http/2 use it
if m.network == "tcp" && text.has_suffix(m.domainaddress, ":443"){
return {"mitm": true, "mitmprotocol": "https", "mitmwithbody": true, "mitmautohandlecompress": true}
}
// block udp on port 443, most http/3 use it
if m.network == "udp" && text.has_suffix(m.domainaddress, ":443"){
return { block: true }
}
}
}
if in_httprequest && !in_httpresponse {
return in_httprequest // or Modify Packet
}
if in_httprequest && in_httpresponse {
delete(in_httpresponse, "Alt-Svc") // Avoid upgrading to http3 from http1 or http2
return in_httpresponse // or Modify Packet
}
}
out := f()
这个脚本假定了所有 TCP 443 端口当作 https 协议来抓包,所有 TCP 80 端口当作 http 来抓包,脚本地址在这里。
更多可以参考文档 https://brook.app
然后打开你要抓包的 App 即可
等有空了录一个 YouTube TODO