[PYTHON] Use mitmproxy to force your app's API into your development environment

What is mitmproxy

mitmproxy is an HTTP proxy server for peeping and tampering with HTTP requests in the manner of Man in the Middle Attack. By installing the certificate generated by mitmproxy on the terminal, HTTPS communication can be handled in the same way.

For details on installing mitmproxy, etc., refer to the following articles.

• How to intercept or tamper with SSL communication of actual iOS device by proxy

What I want to do this time

Requests can be tampered with by mitmproxy by writing a Python script. This time, we will explain the procedure assuming the following cases.

• I want to debug a smartphone app with a request to the Web API
• I want to use the Web API running in my development environment for debugging.
• Unable to prepare an app build suitable for the development environment

It may be possible to solve the problem by automating the build and distribution for the development environment from the function branch. However, there may be times when such an environment is not ready. Also, even if there is such an environment, if you want to check while switching between multiple environments many times, it may be easier to tamper with the request rather than restarting multiple apps. ..

procedure

Install mitmproxy

Please refer to the above How to intercept or tamper with SSL communication of the actual iOS device by proxy.

Preparing a Python program for request tampering

What I want to do this time is "I want to change the request destination of the Web API made on the application to the development environment". In this case, you need to do two things:

1. Tamper the host name of the TCP / IP request target
2. Tamper with Host in the HTTP request header

The following Python program does this. Change the host name, etc. as necessary.

replace_host.py

def request(context, flow):
    #Original host name(Production environment)
    original = "example.com"
    #Host name after replacement(Development environment)
    replace  = "dev.example.com"

    if original in flow.request.host:
        if original in flow.request.headers["Host"]:
            #Request destination host name
            flow.request.host = replace
            #Host in HTTP request header
            flow.request.headers["Host"] = [replace]

The request header can be tampered with in the same way other than Host. It is important to note that flow.request.headers uses the header name as a key and the value contains an array of * strings *. In the HTTP header, multiple values can be set with the same key. (Set-Cookie etc.)

Start mitmproxy

Start while loading the prepared Python script.

$ mitmproxy -p 8080 -s replace_host.py

All you have to do now is debug your app with this proxy.

Bonus: Tamper with requests only in certain paths

In the previous program, tampering was performed on the condition that "only requests to a specific host". Furthermore, if you add the condition "in a specific path", it will be as follows.

replace_host.py

def request(context, flow):
    #Original host name(Production environment)
    original = "example.com"
    #Host name after replacement(Development environment)
    replace  = "dev.example.com"
    #Path to tamper with
    target_path = '/api/foo'

    if original in flow.request.host:
        if original in flow.request.headers["Host"]:
            #Only in a specific path
            if flow.request.path == target_path:
                #Request destination host name
                flow.request.host = replace
                #Host in HTTP request header
                flow.request.headers["Host"] = [replace]

This can be achieved by checking the value of flow.request.path. Here, the exact match by == is checked, but various applications such as targeting everything under a specific directory with a regular expression will be possible.

I thought it would be convenient if the official documentation of mitmproxy had a collection of recipes around here.