diff options
author | Aldo Cortesi <aldo@nullcube.com> | 2011-06-27 16:38:00 +1200 |
---|---|---|
committer | Aldo Cortesi <aldo@nullcube.com> | 2011-06-27 16:38:00 +1200 |
commit | 46ec8f52e7be21a467287c9f5ba64cebb35f0a28 (patch) | |
tree | 2e905bb5867b43e5651473c47c78846498825d0c | |
parent | 0a642f2441f30988db3ca5db276716e2371e6f2f (diff) | |
download | mitmproxy-46ec8f52e7be21a467287c9f5ba64cebb35f0a28.tar.gz mitmproxy-46ec8f52e7be21a467287c9f5ba64cebb35f0a28.tar.bz2 mitmproxy-46ec8f52e7be21a467287c9f5ba64cebb35f0a28.zip |
Prep for 0.5 release
- Update CHANGELOG and CONTRIBUTORS
- Bump version
- Include Apple Gamecenter highscore setting tutorial in docs
-rw-r--r-- | CHANGELOG | 25 | ||||
-rw-r--r-- | CONTRIBUTORS | 3 | ||||
-rw-r--r-- | doc-src/index.html | 4 | ||||
-rw-r--r-- | doc-src/index.py | 4 | ||||
-rw-r--r-- | doc-src/tutorials/gamecenter.html | 105 | ||||
-rw-r--r-- | doc-src/tutorials/index.py | 1 | ||||
-rw-r--r-- | doc-src/tutorials/leaderboard.png | bin | 0 -> 448368 bytes | |||
-rw-r--r-- | doc-src/tutorials/one.png | bin | 0 -> 141443 bytes | |||
-rw-r--r-- | doc-src/tutorials/supermega.png | bin | 0 -> 92889 bytes | |||
-rw-r--r-- | libmproxy/version.py | 2 |
10 files changed, 137 insertions, 7 deletions
@@ -1,3 +1,28 @@ +27 June 2011: mitmproxy 0.5: + + * An -n option to start the tools without binding to a proxy port. + + * Allow scripts, hooks, sticky cookies etc. to run on flows loaded from + save files. + + * Regularize command-line options for mitmproxy and mitmdump. + + * Add an "SSL exception" to mitmproxy's license to remove possible + distribution issues. + + * Add a --cert-wait-time option to make mitmproxy pause after a new SSL + certificate is generated. This can pave over small discrepancies in + system time between the client and server. + + * Handle viewing big request and response bodies more elegantly. Only + render the first 100k of large documents, and try to avoid running the + XML indenter on non-XML data. + + * BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a + flow has been replayed. + + * BUGFIX: Repair a problem that sometimes caused SSL connections to consume + 100% of CPU. 30 March 2011: mitmproxy 0.4 diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 98c5a434..7cd0b19c 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -1,4 +1,5 @@ - 179 Aldo Cortesi + 203 Aldo Cortesi 18 Henrik Nordstrom 13 Thomas Roth + 1 Yuangxuan Wang 1 Henrik Nordström diff --git a/doc-src/index.html b/doc-src/index.html index 628a4a7b..7f9df3d6 100644 --- a/doc-src/index.html +++ b/doc-src/index.html @@ -19,9 +19,7 @@ <li>Tutorials</li> <ul> <li> <a href="@!urlTo("tutorials/30second.html")!@">Client replay: a 30 second example</a> </li> - <li> Scripting: On-the-fly modifications to HTTP conversations [coming soon] </li> - <li> Sticky cookies [coming soon] </li> - <li> Breaking iPhone apps for fun and profit [coming soon] </li> + <li> <a href="@!urlTo("tutorials/gamecenter.html")!@">Setting highscores on Apple's GameCenter</a> </li> </ul> <li><a href="@!urlTo("faq.html")!@">FAQ</a></li> <li><a href="@!urlTo("admin.html")!@">Administrivia</a></li> diff --git a/doc-src/index.py b/doc-src/index.py index a678953b..170839e7 100644 --- a/doc-src/index.py +++ b/doc-src/index.py @@ -1,7 +1,7 @@ import os, sys import countershape from countershape import Page, Directory, PythonModule, markup -import countershape.grok, countershape.template +import countershape.template sys.path.insert(0, "..") from libmproxy import filt @@ -33,7 +33,7 @@ ns.index_contents = file(mpath("README.mkd")).read() top = os.path.abspath(os.getcwd()) def example(s): d = file(mpath(s)).read() - return countershape.template.pySyntax(d) + return countershape.template.Syntax("py")(d) ns.example = example diff --git a/doc-src/tutorials/gamecenter.html b/doc-src/tutorials/gamecenter.html new file mode 100644 index 00000000..bf398cd1 --- /dev/null +++ b/doc-src/tutorials/gamecenter.html @@ -0,0 +1,105 @@ + +## The setup + +In this tutorial, I'm going to show you how simple it is to creatively +interfere with Apple Game Center traffic using mitmproxy. To set things up, I +registered my mitmproxy CA certificate with my iPhone - there's a [step by step +set of instructions](@!urlTo("certinstall/ios.html")!@) elsewhere in this manual. I then +started mitmproxy on my desktop, and configured the iPhone to use it as a +proxy. + + +## Taking a look at the Game Center traffic + +Lets take a first look at the Game Center traffic. The game I'll use in this +tutorial is [Super Mega +Worm](http://itunes.apple.com/us/app/super-mega-worm/id388541990?mt=8) - a +great little retro-apocalyptic sidescroller for the iPhone: + +<center> + <img src="@!urlTo("tutorials/supermega.png")!@"/> +</center> + +After finishing a game (take your time), watch the traffic flowing through +mitmproxy: + +<center> + <img src="@!urlTo("tutorials/one.png")!@"/> +</center> + +We see a bunch of things we might expect - initialisation, the retrieval of +leaderboards and so forth. Then, right at the end, there's a POST to this +tantalising URL: + +<pre> +https://service.gc.apple.com/WebObjects/GKGameStatsService.woa/wa/submitScore +</pre> + +The contents of the submission are particularly interesting: + +<!--(block|syntax("xml"))--> +<plist version="1.0"> +<dict> + <key>category</key> + <string>SMW_Adv_USA1</string> + <key>score-value</key> + <integer>55</integer> + <key>timestamp</key> + <integer>1301553284461</integer> +</dict> +</plist> +<!--(end)--> + +This is a [property list](http://en.wikipedia.org/wiki/Property_list), +containing an identifier for the game, a score (55, in this case), and a +timestamp. Looks pretty simple to mess with. + + +## Modifying and replaying the score submission + +Lets edit the score submission. First, select it in mitmproxy, then press +__enter__ to view it. Make sure you're viewing the request, not the response - +you can use __tab__ to flick between the two. Now press __e__ for edit. You'll +be prompted for the part of the request you want to change - press __b__ for +body. Your preferred editor (taken from the EDITOR environment variable) will +now fire up. Lets bump the score up to something a bit more ambitious: + +<!--(block|syntax("xml"))--> +<plist version="1.0"> +<dict> + <key>category</key> + <string>SMW_Adv_USA1</string> + <key>score-value</key> + <integer>2200272667</integer> + <key>timestamp</key> + <integer>1301553284461</integer> +</dict> +</plist> +<!--(end)--> + +Save the file and exit your editor. + +The final step is to replay this modified request. Simply press __r__ for +replay. + +## The glorious result and some intrigue + +<center> + <img src="@!urlTo("tutorials/leaderboard.png")!@"/> +</center> + +And that's it - according to the records, I am the greatest Super Mega Worm +player of all time. + +Curiously, the top competitors' scores are all the same: 2,147,483,647. If you +think that number seems familiar, you're right: it's 2^31-1, the maximum value +you can fit into a signed 32-bit int. Now let me tell you another peculiar +thing about Super Mega Worm - at the end of every game, it submits your highest +previous score to the Game Center, not your current score. This means that it +stores your highscore somewhere, and I'm guessing that it reads that stored +score back into a signed integer. So, if you _were_ to cheat by the relatively +pedestrian means of modifying the saved score on your jailbroken phone, then +2^31-1 might well be the maximum score you could get. Then again, if the game +itself stores its score in a signed 32-bit int, you could get the same score +through perfect play, effectively beating the game. So, which is it in this +case? I'll leave that for you to decide. diff --git a/doc-src/tutorials/index.py b/doc-src/tutorials/index.py index 00da64cb..22cc2b7f 100644 --- a/doc-src/tutorials/index.py +++ b/doc-src/tutorials/index.py @@ -2,4 +2,5 @@ from countershape import Page pages = [ Page("30second.html", "Client playback: a 30 second example"), + Page("gamecenter.html", "Setting highscores on Apple's GameCenter"), ] diff --git a/doc-src/tutorials/leaderboard.png b/doc-src/tutorials/leaderboard.png Binary files differnew file mode 100644 index 00000000..c1be8df5 --- /dev/null +++ b/doc-src/tutorials/leaderboard.png diff --git a/doc-src/tutorials/one.png b/doc-src/tutorials/one.png Binary files differnew file mode 100644 index 00000000..78a636cf --- /dev/null +++ b/doc-src/tutorials/one.png diff --git a/doc-src/tutorials/supermega.png b/doc-src/tutorials/supermega.png Binary files differnew file mode 100644 index 00000000..d416f71f --- /dev/null +++ b/doc-src/tutorials/supermega.png diff --git a/libmproxy/version.py b/libmproxy/version.py index 6d249a8e..d0a1851e 100644 --- a/libmproxy/version.py +++ b/libmproxy/version.py @@ -1,2 +1,2 @@ -IVERSION = (0, 4) +IVERSION = (0, 5) VERSION = ".".join([str(i) for i in IVERSION]) |