django-socketio
mitmproxy
Our great sponsors
| django-socketio | mitmproxy | |
|---|---|---|
| 0 | 82 | |
| 1,289 | 27,608 | |
| - | 2.5% | |
| 0.0 | 9.7 | |
| about 1 year ago | about 18 hours ago | |
| Python | Python | |
| BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
django-socketio
We haven't tracked posts mentioning django-socketio yet.
Tracking mentions began in Dec 2020.
mitmproxy
-
Extracting TLS keys from an unwilling application
Not sure about the non-security expert bit but I've done stuff[0] similar to this for iOS using Frida[1] which supports macOS too. For apps that use unpinned certificates and the builtin networking libraries(NSURLSession et.al.) you can directly use mimtproxy[2] or Charles[3]
0: https://hugotunius.se/2020/08/07/stealing-tls-sessions-keys-...
-
How do apps detect local proxies
I am using mitmproxy[https://mitmproxy.org/] to sniff http requests yet when using it with certain services such as netflix and youtube it somehow detects its a proxy and doesnt load. How does it know that? And is there anyway to circumvent it?
-
Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs
mitmproxy (https://mitmproxy.org/) has scripting support that will let you do most of this.
For example, you can expose mitmproxy, listen to HTTP requests for a specific host (using this API: https://docs.mitmproxy.org/stable/api/mitmproxy/http.html), intercept the request, do whatever API calls you need, and inject a response without ever forwarding the request to the original server.
Alternatively, you could modify the request and then change the request destination, like in this example here: https://docs.mitmproxy.org/stable/addons-examples/#http-redi.... Using the WSGI support, you could even use normal Python annotations to build your own API without doing too much pattern matching: https://docs.mitmproxy.org/stable/addons-examples/#wsgi-flas...
-
Android Chrome 99 expands Certificate Transparency, breaking all MitM dev tools
Enforcing CT is good, but that doesn't excuse the treatment of user-added CAs. On all platforms but Android, user-added CAs are considered particularly trustworthy. For example, Chrome Desktop, Firefox, and Edge will not enforce HPKP if they encounter a cert from a user-added CA. Why does Android do the opposite? I don't see the threat model they are addressing.
We (mitmproxy) have repeatedly tried to get an answer to this from the Android folks (e.g. here: https://github.com/mitmproxy/mitmproxy/issues/2054#issuecomm...). It very much feels like they just want to kill uncomfortable privacy research.
-
Reading network data from Chrome
You can also use something like BurpSuite or mitmproxy (both googleable and the latter is on GH) to capture the same network requests and use the above pkg to read the HAR or https://github.com/hrbrmstr/burrp for BurpSuite or https://github.com/mitmproxy/mitmproxy for mitmproxy.
-
Is storing passwords for automation insecure?
[1] It may sound harder, but something like Charles Proxy, Fiddler Proxy or MITMProxy can intercept HTTPS web traffic without much programming skill, and SysInternals ProcDump can dump running program memory.
-
Different response Httpie vs Httpx ( python )
It's really difficult to help you debug this. Generally my advice is to fire up man in the middle network inspector like https://httptoolkit.tech/ or https://mitmproxy.org/ and see whether those two requests are identical for sure.
-
We fixed f-string bugs in 69 of the most popular Python repos in only 1 day
We've blocked the bot after their script malfunctioned and they opened a second issue with exactly the same text (https://github.com/mitmproxy/mitmproxy/issues/5286).
- A list of new(ish) command line tools – Julia Evans
What are some alternatives?
django-channels - Developer-friendly asynchrony for Django
Wireshark - Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. GitHub won't let us disable pull requests. ☞ THEY WILL BE IGNORED HERE ☜ Please upload them at GitLab.
Shadowrocket-ADBlock-Rules - 提供多款 Shadowrocket 规则,带广告过滤功能。用于 iOS 未越狱设备选择性地自动翻墙。
Flask-SocketIO - Socket.IO integration for Flask applications.
Zed - The OWASP ZAP core project
bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
mitm-omegle - Watch strangers talk on Omegle (man in the middle attack)
sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
mtr - Official repository for mtr, a network diagnostic tool
AutobahnPython - WebSocket and WAMP in Python for Twisted and asyncio
lambda-proxy - Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions with SQLMap as described here: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-music
httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac :tada: Open an issue here to give feedback or ask for help.