[Dokkan - Mitmproxy]Packets Dumper

1. from mitmproxy import http
2. from mitmproxy.proxy import ProxyConfig, ProxyServer
3. from mitmproxy.master import Master
4. from mitmproxy.options import Options
5. from mitmproxy import proxy, options
6. from mitmproxy.tools.dump import DumpMaster
7. from Cryptodome.Cipher import AES
8. from Cryptodome.Hash import MD5, SHA256
9. from Cryptodome.Hash.HMAC import HMAC
10. from Cryptodome.Protocol.KDF import PBKDF1
11. from Cryptodome.Util import Padding
12. from Cryptodome.Util.Padding import pad
13. from typing import Union, Generator, Dict
14. import hashlib
15. import base64
16. import binascii
17. import re
18. import json
19. import os
20. import random
21. import os.path
22. from os import path
23. from datetime import datetime
24. from mitmproxy.net.http.http1.assemble import *
25. APP_PATH = os.path.dirname(os.path.realpath(__file__))
26. BLOCK_SIZE = 16  # Bytes
27. pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE
28.         - len(s) % BLOCK_SIZE)
29. unpad = lambda s: s[:-ord(s[len(s) - 1:])]
30. def decrypt_sign(data, ver_global: bool = False):
31.     print("Decrypt_sign - Begin")
32.     dec_data = {}
33.     if None != dec_data:
34.         dec_data = None
35.     SALT_LEN = 8
36.     KEY_LEN = 32
37.     IV_LEN = 16
38.     ITERATIONS = 1
39.     HASH_ALGO = MD5
40.     if ver_global == True:
41.         print("Global - version - decrypt_sign")
42.         password = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJ9JaHioVi6rr0TAfr6j'
43.     else:
44.         print("Japan - version - decrypt_sign")
45.         password = '2nV6eyINqhT6iDmzack9fykEAQgFkDvABIHjxmMY3qBENWOlnGtzkOHXRWhrIztK'
46.     data = base64.b64decode(data)
47.     salt = data[:SALT_LEN]
48.     print("sign_key_iv")
49.     sign_key_iv = sign_key_iv_buffer = HASH_ALGO.new(password.encode() + salt).digest()
50.     while len(sign_key_iv) < KEY_LEN + IV_LEN:
51.         print("sign_key_iv_buffer")
52.         sign_key_iv_buffer = HASH_ALGO.new(sign_key_iv_buffer + password.encode() + salt).digest()
53.         sign_key_iv += sign_key_iv_buffer
54.     print("sign_key")
55.     sign_key, sign_iv = sign_key_iv[:KEY_LEN], sign_key_iv[KEY_LEN:]
56.     print("cipher")
57.     cipher = AES.new(sign_key, AES.MODE_CBC, sign_iv)
58.     print("Padding.unpad (dec)")
59.     dec_data = Padding.unpad(cipher.decrypt(data[SALT_LEN:]), AES.block_size)
60.     print("json.loads(dec_data)")
61.     return json.loads(dec_data)
62. class Addon(object):
63.     def __init__(self):
64.         pass
65.     def request(self, flow: http.HTTPFlow) -> None:
66.         Global_URL = re.search('.*\/ishin-global.aktsk.com', flow.request.pretty_url)
67.         if None != Global_URL:
68.             print("Global Packets Dumping (Request)")
69.             now = datetime.now()
70.             dt_string = now.strftime("_%d.%m.%Y-%H.%M.%S")
71.             PacketUrl_Raw = flow.request.pretty_url
72.             SplittedURL = PacketUrl_Raw.split('/')
73.             #0 for the 3 first entries since it delete it, so 1 became 0 and 2 became 1 and so on.
74.             del SplittedURL[0] #Remove Http(s)
75.             del SplittedURL[0] #Remove //
76.             del SplittedURL[0] #Remove Domain name
77.             PacketPath = APP_PATH+'\\Global\\Request\\'
78.             if path.exists(APP_PATH+'\\Global\\'):
79.                 pass
80.             else:
81.                 os.mkdir(APP_PATH+'\\Global\\',755);
82.             if path.exists(APP_PATH+'\\Global\\Request\\'):
83.                 pass
84.             else:
85.                 os.mkdir(APP_PATH+'\\Global\\Request\\',755);  
86.             for Folders in SplittedURL:
87.                 PacketPath = PacketPath + Folders + '\\'
88.                 if path.exists(PacketPath):
89.                     pass
90.                 else:
91.                     os.mkdir(PacketPath,755);
92.             File_Header = open(PacketPath+'Headers'+dt_string+'.txt',"w+")
93.             File_Header.write(assemble_request_head(flow.request).decode('utf-8'))
94.             File_Header.close()
95.             data2 = json.loads(flow.response.text)
96.             if 'sign' in data2:
97.                 data2 = decrypt_sign(data2['sign'], True) #Global decrypt
98.             with open(PacketPath+'Content'+dt_string+'.json', 'w+') as File_Content:
99.                 json.dump(data2, File_Content, indent=4)
100.             print('Packet Dumped : ',PacketPath)
101.            
102.         Japan_URL = re.search('.*\/ishin-production.aktsk.jp', flow.request.pretty_url)
103.         if None != Japan_URL:
104.             print("Japan Packets Dumping (Request)")
105.             now = datetime.now()
106.             dt_string = now.strftime("_%d.%m.%Y-%H.%M.%S")
107.             PacketUrl_Raw = flow.request.pretty_url
108.             SplittedURL = PacketUrl_Raw.split('/')
109.             #0 for the 3 first entries since it delete it, so 1 became 0 and 2 became 1 and so on.
110.             del SplittedURL[0] #Remove Http(s)
111.             del SplittedURL[0] #Remove //
112.             del SplittedURL[0] #Remove Domain name
113.             PacketPath = APP_PATH+'\\Japan\\Request\\'
114.             if path.exists(APP_PATH+'\\Japan\\'):
115.                 pass
116.             else:
117.                 os.mkdir(APP_PATH+'\\Japan\\',755);
118.             if path.exists(APP_PATH+'\\Japan\\Request\\'):
119.                 pass
120.             else:
121.                 os.mkdir(APP_PATH+'\\Japan\\Request\\',755);  
122.                
123.             for Folders in SplittedURL:
124.                 PacketPath = PacketPath + Folders + '\\'
125.                 if path.exists(PacketPath):
126.                     pass
127.                 else:
128.                     os.mkdir(PacketPath,755);
129.             File_Header = open(PacketPath+'Headers'+dt_string+'.txt',"w+")
130.             File_Header.write(assemble_request_head(flow.request).decode('utf-8'))
131.             File_Header.close()
132.             data2 = json.loads(flow.response.text)
133.             if 'sign' in data2:
134.                 data2 = decrypt_sign(data2['sign'], False) #Japan decrypt
135.             with open(PacketPath+'Content'+dt_string+'.json', 'w+') as File_Content:
136.                 json.dump(data2, File_Content, indent=4)
137.             print('Packet Dumped : ',PacketPath)
138.              
139.     def response(self, flow: http.HTTPFlow) -> None:
140.        
141.         Global_URL = re.search('.*\/ishin-global.aktsk.com', flow.request.pretty_url)
142.         if None != Global_URL:
143.             print("Global Packets Dumping (response)")
144.             now = datetime.now()
145.             dt_string = now.strftime("_%d.%m.%Y-%H.%M.%S")
146.             PacketUrl_Raw = flow.request.pretty_url
147.             SplittedURL = PacketUrl_Raw.split('/')
148.             #0 for the 3 first entries since it delete it, so 1 became 0 and 2 became 1 and so on.
149.             del SplittedURL[0] #Remove Http(s)
150.             del SplittedURL[0] #Remove //
151.             del SplittedURL[0] #Remove Domain name
152.             PacketPath = APP_PATH+'\\Global\\Response\\'
153.             if path.exists(APP_PATH+'\\Global\\'):
154.                 pass
155.             else:
156.                 os.mkdir(APP_PATH+'\\Global\\',755);
157.             if path.exists(APP_PATH+'\\Global\\Response\\'):
158.                 pass
159.             else:
160.                 os.mkdir(APP_PATH+'\\Global\\Response\\',755);  
161.             for Folders in SplittedURL:
162.                 PacketPath = PacketPath + Folders + '\\'
163.                 if path.exists(PacketPath):
164.                     pass
165.                 else:
166.                     os.mkdir(PacketPath,755);
167.             File_Header = open(PacketPath+'Headers'+dt_string+'.txt',"w+")
168.             File_Header.write(assemble_response_head(flow.response).decode('utf-8'))
169.             File_Header.close()
170.             data2 = json.loads(flow.response.text)
171.             if 'sign' in data2:
172.                 data2 = decrypt_sign(data2['sign'], True) #Global decrypt
173.             with open(PacketPath+'Content'+dt_string+'.json', 'w+') as File_Content:
174.                 json.dump(data2, File_Content, indent=4)
175.             print('Packet Dumped : ',PacketPath)
176.            
177.         Japan_URL = re.search('.*\/ishin-production.aktsk.jp', flow.request.pretty_url)
178.         if None != Japan_URL:
179.             print("Japan Packets Dumping (Response)")
180.             now = datetime.now()
181.             dt_string = now.strftime("_%d.%m.%Y-%H.%M.%S")
182.             PacketUrl_Raw = flow.request.pretty_url
183.             SplittedURL = PacketUrl_Raw.split('/')
184.             #0 for the 3 first entries since it delete it, so 1 became 0 and 2 became 1 and so on.
185.             del SplittedURL[0] #Remove Http(s)
186.             del SplittedURL[0] #Remove //
187.             del SplittedURL[0] #Remove Domain name
188.            
189.             PacketPath = APP_PATH+'\\Japan\\Response\\'
190.             if path.exists(APP_PATH+'\\Japan\\'):
191.                 pass
192.             else:
193.                 os.mkdir(APP_PATH+'\\Japan\\',755);
194.             if path.exists(APP_PATH+'\\Japan\\Response\\'):
195.                 pass
196.             else:
197.                 os.mkdir(APP_PATH+'\\Japan\\Response\\',755);  
198.                
199.             for Folders in SplittedURL:
200.                 PacketPath = PacketPath + Folders + '\\'
201.                 if path.exists(PacketPath):
202.                     pass
203.                 else:
204.                     os.mkdir(PacketPath,755);
205.             File_Header = open(PacketPath+'Headers'+dt_string+'.txt',"w+")
206.             File_Header.write(assemble_response_head(flow.response).decode('utf-8'))
207.             File_Header.close()
208.             data2 = json.loads(flow.response.text)
209.             if 'sign' in data2:
210.                 data2 = decrypt_sign(data2['sign'], False) #Japan decrypt
211.             with open(PacketPath+'Content'+dt_string+'.json', 'w+') as File_Content:
212.                 json.dump(data2, File_Content, indent=4)
213.             print('Packet Dumped : ',PacketPath)
214.            
215.            
216. if __name__ == "__main__":
217.  
218.     options = Options(listen_port=8080, http2=True)
219.     m = DumpMaster(options, with_termlog=False, with_dumper=False)
220.     config = ProxyConfig(options)
221.  
222.     m.server = ProxyServer(config)
223.     m.addons.add(Addon())
224.  
225.     try:
226.         print('Starting Dokkan mitmproxy')
227.         m.run()
228.     except KeyboardInterrupt:
229.         m.shutdown()