Compare commits
2 commits
3466c67912
...
7ae88ce853
| Author | SHA1 | Date | |
|---|---|---|---|
| 7ae88ce853 | |||
| e3c5605fce |
1 changed files with 38 additions and 1 deletions
39
README.md
39
README.md
|
|
@ -43,4 +43,41 @@ click "Get mitmproxy-ca-cert.pem" below "Firefox".
|
||||||
Import it: Settings > Privacy & Security > Certificates > View Certificates... > "Authorities" tab > Import... >
|
Import it: Settings > Privacy & Security > Certificates > View Certificates... > "Authorities" tab > Import... >
|
||||||
Choose the downloaded cert > Checkbox "Trust this CA to identify web sites" > OK.
|
Choose the downloaded cert > Checkbox "Trust this CA to identify web sites" > OK.
|
||||||
|
|
||||||
## TODO
|
## Archiving web sites
|
||||||
|
To get the addon, either clone the git repo:
|
||||||
|
```bash
|
||||||
|
$ git clone https://git.dc09.ru/mitm-archive/addon
|
||||||
|
$ cd addon
|
||||||
|
```
|
||||||
|
… or just download the script:
|
||||||
|
```bash
|
||||||
|
$ mkdir addon && cd addon
|
||||||
|
$ curl https://git.dc09.ru/mitm-archive/addon/raw/branch/main/addon.py >addon.py
|
||||||
|
```
|
||||||
|
|
||||||
|
Stop mitmproxy if it's still running (<kbd>q</kbd> and then <kbd>y</kbd> for mitmproxy; <kbd>Ctrl+C</kbd> for mitmweb), then re-launch it with the mitm-archive addon: `mitmproxy -s addon.py` (or mitmweb).
|
||||||
|
|
||||||
|
**Each HTTP response** that comes to mitmproxy is archived: metadata is in `./archive.db` SQLite database, headers and body are in `./storage/{id}/headers` and `./storage/{id}/body` respectively.
|
||||||
|
|
||||||
|
To adjust these paths, set the environment variables:
|
||||||
|
```bash
|
||||||
|
$ export SQLITE_DB_PATH=archive.db
|
||||||
|
$ export STORAGE=storage
|
||||||
|
$ mitmproxy -s addon.py
|
||||||
|
```
|
||||||
|
|
||||||
|
# What's not implemented
|
||||||
|
- Filter host instead of archiving everything (literally 2 lines of code, could be added soon after I figure out the best way to configure this)
|
||||||
|
- Addon is configured with env vars, Server uses command-line options; should be unified?
|
||||||
|
|
||||||
|
Probably useful, but would overcomplicate the project:
|
||||||
|
- Alphabetically sort query arguments both in addon and server (for now if archive contains `/api?key=val&abc=def`, the same request `/api?abc=def&key=val` gives 404, because URL is not exactly the same)
|
||||||
|
|
||||||
|
Harder to implement and definitely will overcomplicate the project while neither I nor anyone else need this:
|
||||||
|
- Config option to omit some query args (if there is no `/api?key=val&abc=def` and it's allowed to omit abc, then search for `/api?key=val`)
|
||||||
|
- Store request/response cookies in an archive
|
||||||
|
- Config option to disable saving cookies specified by key (e.g. in case they contain credentials)
|
||||||
|
- Config option to omit some cookies
|
||||||
|
- Invent a custom format (or find existing) for storing query args and cookies that will make the operations listed below more handy
|
||||||
|
|
||||||
|
For these usage screnarios, especially with cookies, it's simplier and overall better to self-host the web site server you are trying to archive or re-implement it in your favourite programming language and self-host.
|
||||||
Loading…
Add table
Reference in a new issue