diff options
Diffstat (limited to 'doc-src/features/replacements.html')
| -rw-r--r-- | doc-src/features/replacements.html | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/doc-src/features/replacements.html b/doc-src/features/replacements.html new file mode 100644 index 00000000..c10fe2c3 --- /dev/null +++ b/doc-src/features/replacements.html @@ -0,0 +1,74 @@ +Mitmproxy lets you specify an arbitrary number of patterns that define text +replacements within flows. Each pattern has 3 components: a filter that defines +which flows a replacement applies to, a regular expression that defines what +gets replaced, and a target value that defines what is substituted in. + +Replace hooks fire when either a client request or a server response is +received. Only the matching flow component is affected: so, for example, if a +replace hook is triggered on server response, the replacement is only run on +the Response object leaving the Request intact. You control whether the hook +triggers on the request, response or both using the filter pattern. If you need +finer-grained control than this, it's simple to create a script using the +replacement API on Flow components. + +Replacement hooks are extremely handy in interactive testing of applications. +For instance you can use a replace hook to replace the text "XSS" with a +complicated XSS exploit, and then "inject" the exploit simply by interacting +with the application through the browser. When used with tools like Firebug and +mitmproxy's own interception abilities, replacement hooks can be an amazingly +flexible and powerful feature. + + +## On the command-line + +The replacement hook command-line options use a compact syntax to make it easy +to specify all three components at once. The general form is as follows: + + /patt/regex/replacement + +Here, __patt__ is a mitmproxy filter expression, __regex__ is a valid Python +regular expression, and __replacement__ is a string literal. The first +character in the expression (__/__ in this case) defines what the separation +character is. Here's an example of a valid expression that replaces "foo" with +"bar" in all requests: + + :~q:foo:bar + +In practice, it's pretty common for the replacement literal to be long and +complex. For instance, it might be an XSS exploit that weighs in at hundreds or +thousands of characters. To cope with this, there's a variation of the +replacement hook specifier that lets you load the replacement text from a file. +So, you might start __mitmdump__ as follows: + +<pre class="terminal"> +mitmdump --replace-from-file :~q:foo:~/xss-exploit +</pre> + +This will load the replacement text from the file __~/xss-exploit__. + +Both the _--replace_ and _--replace-from-file_ flags can be passed multiple +times. + + +## Interactively + +The _R_ shortcut key in mitmproxy lets you add and edit replacement hooks using +a built-in editor. The context-sensitive help (_h_) has complete usage +information. + +<table class="table"> + <tbody> + <tr> + <th width="20%">command-line</th> + <td> + <ul> + <li>--replace</li> + <li>--replace-from-file</li> + </ul> + </td> + </tr> + <tr> + <th>mitmproxy shortcut</th> <td><b>R</b></td> + </tr> + </tbody> +</table> |