Burpsuite combined with mitmproxy to achieve encryption and decryption of data

1. Implementation Principle

Burpsutie forwards requests to the mitmproxy proxy via an upstream proxy, and after the mitmproxy encrypts and decrypts the data using encryption and decryption scripts, it forwards the requests to the server

2. Achieve the goal

• Can encrypt or decrypt the request data
• Can encrypt or decrypt the response data

3. Mitmproxy environment installation

pip install mitmproxy

4. Environment configuration

• mitmproxy startup command

Method 1: mitmproxy.exe -p 8888 -s md5.py

Method 2: mitmweb.exe -p 8888 -s md5.py

Description: -p specifies the listening port, -s specifies the loaded script, which is the encryption and decryption script

• Configure burpsuite upstream proxy servers

Configure upstream proxy, address and port of mitmproxy proxy

5. MD5 encryption example

Request packet:

POST /login_check.php HTTP/1.1

Host: 127.0.0.1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0

Accept: */*

Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2

Accept-Encoding: gzip, deflate, br

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Content-Length: 60

Origin: http://127.0.0.1

Connection: close

Referer: http://127.0.0.1/

Sec-Fetch-Dest: empty

Sec-Fetch-Mode: cors

Sec-Fetch-Site: same-origin

Priority: u=1

m=1&username=admin&password=21232f297a57a5a743894a0e4a801fc3

Encryption can be judged as MD5 through the request

MD5 script:

# -*- coding: utf-8 -*-

from mitmproxy import http, ctx

import hashlib

def md5_encryption(pwd):

md5 = hashlib.md5()

md5.update(pwd.encode('utf-8'))

md5_pass = md5.hexdigest()

return md5_pass

class MD5:

def request(self, flow: http.HTTPFlow)-> None:

# Get the request POST data, such as m=1&username=admin&password=admin

data = flow.request.text

# Split the data into an array with '=', such as ['m', '1&username', 'admin&password', 'admin']

d = data.split('=')

# Encrypt the plaintext password using the md5_encryption method

md5_pass = md5_encryption(d[3])

# Reassign the encrypted ciphertext to the array

d[3] = md5_pass

# Reformat the array elements into a POST string format

data = '='.join(d)

# Assign the encrypted data to flow.request.text

flow.request.text = data

#info = ctx.log.info

#info(data)

def response(self, flow: http.HTTPFlow):

# Get the response object

response = flow.response

# Instantiate the output class

info = ctx.log.info

# Print response code

info(str(response.status_code))

# Print all headers

info(str(response.headers))

# Print cookie header

info(str(response.cookies))

# Print the response message content

info(str(response.text))

addons = [MD5()]