mitmproxy linux docker
流量捕获
容器
拉取 Redroid
(root) 容器,并寻找到其网卡名称,如 br-207943f7b031
mitmproxy
安装 mitmproxy,可选 redirect.py 来控制流,在 8888 端口启动即可
transparent --listen-host :: --listen-port 8888 -s redirect.py
|
nft 设置
加载 Netfilter NAT 相关的内核模块:
sudo modprobe nf_nat
sudo modprobe nf_nat_ipv4
sudo modprobe nf_nat_ipv6
sudo modprobe nf_tproxy
lsmod | grep nf_nat
lsmod | grep nf_tproxy
|
设定一个 chain,引导流量到 8888
sudo nft add rule ip nat mitmproxy_prerouting ip saddr 172.26.0.0/16 tcp dport 80 redirect to :8888
sudo nft add rule ip nat mitmproxy_prerouting ip saddr 172.26.0.0/16 tcp dport 443 redirect to :8888
sudo nft add rule ip6 nat mitmproxy_prerouting ip6 saddr ::/0 tcp dport 80 redirect to :8888
sudo nft add rule ip6 nat mitmproxy_prerouting ip6 saddr ::/0 tcp dport 443 redirect to :8888
|
检查 rulelist:
应存在引导流量的 chain ,在 ipv4 ipv6 中,各有一个:
chain mitmproxy_prerouting {
ip saddr 172.26.0.0/16 tcp dport 80 redirect to :8888
ip saddr 172.26.0.0/16 tcp dport 443 redirect to :8888
}
|
添加跳转规则:
# IPv4 jump rule
sudo nft insert rule ip nat PREROUTING iifname "br-207943f7b031" goto mitmproxy_prerouting
# IPv6 jump rule
sudo nft insert rule ip6 nat PREROUTING iifname "br-207943f7b031" goto mitmproxy_prerouting
|
这样,透明代理构建完成
证书安装
为了捕获 HTTPS 流,需要将 Android 设备的系统证书做修改,信任
mitmproxy 的证书
确保证书文件存在于主机路径:~/.mitmproxy/mitmproxy-ca-cert.cer
如上证书,安装 mitmproxy 运行之后应当出现
使用 adb ,将证书推送到 Redroid 容器的临时目录:
adb push ~/.mitmproxy/mitmproxy-ca-cert.cer /data/local/tmp/
|
通过 ADB 连接到容器:
在容器内执行以下命令,获取证书的哈希值(用于重命名文件):
cd /data/local/tmp
HASH=$(openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1)
echo $HASH
|
利用 Magisk 的 root 权限将证书复制到系统证书存储:
mount -o rw,remount /system
cp mitmproxy-ca-cert.cer /system/etc/security/cacerts/
mv /system/etc/security/cacerts/mitmproxy-ca-cert.cer /system/etc/security/cacerts/${HASH}.0
chmod 644 /system/etc/security/cacerts/${HASH}.0
chown root:root /system/etc/security/cacerts/${HASH}.0
mount -o ro,remount /system
|
系统分区的 mount 可能存在不同,查看 df,根据 Android
版本选择分区修改
重启容器,使证书生效: