Skip to content

Commit 12649e7

Browse files
rev1si0nrev1si0n
committed
dns mitm, update requirements
1 parent d7f68e3 commit 12649e7

5 files changed

Lines changed: 56 additions & 10 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -311,8 +311,8 @@ profile.port = 代理服务器端口
311311
profile.password = "代理服务器登录密码"
312312
profile.login = "代理服务器登录用户"
313313

314-
# 注意目前无法通过TCP代理转发UDP流量,所以APP发出的任何UDP流量都是不经过代理的!
315-
# 因为这些原因,我们提供了一个选项让你可以选择是否只允许 TCP 流量
314+
# socks5 模式支持 udp 代理,但是 http 代理并不支持
315+
# 这会导致 udp 流量逃逸泄露你的真实IP地址,所以提供这个可选项
316316
# 当 drop_udp 为 True 时,应用的 UDP 流量将会被屏蔽,默认为 False
317317
profile.drop_udp = False
318318

lamda/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,4 @@
33
# Distributed under MIT license.
44
# See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
55
__version__ = "3.0"
6-
__build__ = 0
6+
__build__ = 10

setup.py

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,10 @@
77
setuptools.setup(
88
name = "lamda",
99
version = "{}.{}".format(__version__, __build__),
10-
url = "https://github.com/rev1si0n",
10+
description = "Android reverse engineering & automation framework",
11+
url = "https://github.com/rev1si0n/lamda",
1112
author = "rev1si0n",
12-
python_requires = ">=3.6,<4.0",
13+
python_requires = ">=3.6,<=3.10",
1314
zip_safe = False,
1415
extras_require = {
1516
"frida": ["frida>=15.0.0,<16.0.0,!=15.1.15,!=15.1.16,!=15.1.17"],
@@ -18,11 +19,20 @@
1819
],
1920
},
2021
install_requires= [
21-
"grpcio-tools>=1.35.0,<=1.40.0",
22-
"grpc-interceptor>=0.13.0,<0.14.0",
23-
"grpcio>=1.35.0,<=1.40.0",
22+
"grpcio-tools>=1.35.0,<1.48.0",
23+
"grpc-interceptor>=0.13.0,<0.14.2",
24+
"grpcio>=1.35.0,<1.48.0",
2425
"asn1crypto>=1.0.0",
2526
],
27+
classifiers = [
28+
"Environment :: Console",
29+
"Intended Audience :: Developers",
30+
"Intended Audience :: Information Technology",
31+
"Intended Audience :: Science/Research",
32+
"Programming Language :: Python :: 3",
33+
"Operating System :: Android",
34+
"Topic :: Security",
35+
],
2636
package_data = {
2737
"lamda": ["*.py", "*.proto"],
2838
"lamda.google.protobuf.compiler": ["*.proto"],

tools/README.md

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ test.pem # 用于加密客户端与服务端通信的证书
4747

4848
## startmitm.py
4949

50-
启动中间人,这将会完全自动的在设备上开启全局的中间人代理,你就可以截获大部分APP的 http/s 流量。
50+
启动中间人,这将会完全自动的在设备上开启全局的中间人代理,你就可以截获大部分APP的 http/s 流量,当然,也包括 DNS 请求
5151

5252
首先确保当前电脑与设备在同一个网段,192.168.1.2 为运行了 lamda 的手机设备。
5353
其次,确保你已在命令行验证 mitmproxy 已安装成功(在命令行输入 `mitmdump` 进行验证)。
@@ -82,6 +82,31 @@ python3 -u startmitm.py localhost
8282

8383
按下一次 `CONTROL` + `C` 退出脚本。
8484

85+
### DNS 中间人
86+
87+
截获 DNS 请求需要确保 mitmproxy 的版本 >= 8.1.0,且需要以**管理员**或者**root**身份运行脚本。
88+
```bash
89+
python3 -u startmitm.py 192.168.1.2 --set dns_server=true
90+
```
91+
即可。
92+
93+
这些DNS请求默认会从本机发出,你也可以将这些 DNS 请求转发到指定的上游DNS服务器例如 `1.1.1.1`
94+
```bash
95+
python3 -u startmitm.py 192.168.1.2 --set dns_server=true --set dns_mode=reverse:1.1.1.1
96+
```
97+
98+
hook 脚本的方法名称定义有一些变化,正常 http 请求为 `response()`,截获 DNS 时需要使用 `dns_response()`
99+
100+
```python
101+
def response(flow):
102+
print (flow, type(flow))
103+
104+
def dns_response(flow):
105+
print (flow, type(flow))
106+
```
107+
108+
具体请查看 mitmproxy 的文档。
109+
85110
## ssh.sh
86111

87112
连接入手机上的 shell 终端。

tools/startmitm.py

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@
88

99
from socket import *
1010
from random import randint
11+
from packaging.version import parse as ver
12+
from mitmproxy.version import VERSION
1113
from lamda.client import *
1214

1315

@@ -35,6 +37,9 @@ def get_default_interface_ip():
3537
host = sys.argv[1]
3638
if ":" in host:
3739
host, pkgName = host.split(":")
40+
if "dns_server=true" in sys.argv and ver(VERSION)<ver("8.1.0"):
41+
print (time.ctime(), "dns_server needs mitmproxy>=8.1.0")
42+
sys.exit(1)
3843
certfile = os.environ.get("CERTIFICATE", None)
3944
d = Device(host, certificate=certfile)
4045

@@ -77,7 +82,8 @@ def get_default_interface_ip():
7782
# 初始化 proxy 配置
7883
profile = GproxyProfile()
7984
profile.type = GproxyType.HTTP_CONNECT
80-
profile.nameserver = "114.114.114.114"
85+
if "dns_server=true" in sys.argv:
86+
profile.nameserver = host
8187
profile.drop_udp = True
8288
# http 代理不支持 udp
8389
#profile.udp_proxy = False
@@ -90,6 +96,11 @@ def get_default_interface_ip():
9096

9197
servercmd = []
9298
servercmd.append("mitmweb")
99+
# 默认监听的是 127.0.0.1,改为全局
100+
servercmd.append("--set")
101+
servercmd.append("dns_listen_host=0.0.0.0")
102+
servercmd.append("--set")
103+
servercmd.append("dns_listen_port=53")
93104
servercmd.append("--ssl-insecure")
94105
# 随机 web-port
95106
servercmd.append("--web-port")

0 commit comments

Comments
 (0)