Home Explore Help
Sign In
cloudflare
/
mitmengine
mirror of https://github.com/cloudflare/mitmengine
Watch 1
Star 0
Fork 0
Files Issues
Branch: master
Branches Tags
mitmengine
/
scripts
/
gen_mitm_records.sh

gen_mitm_records.sh 3.7 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. #!/bin/bash
    2. 

  2. 

  3. echo "# generated by $0"
    4. 

  4. ua_header="<browser_name>:<browser_version>:<os_platform>:<os_name>:<os_version>:<device_type>:<quirks>"
    5. 

  5. req_header="<tls_version>:<cipher_suites>:<extension_names>:<curves>:<ec_point_fmts>:<http_headers>:<quirks>"
    6. 

  6. mitm_header="<mitm_name>:<mitm_type>:<mitm_grade>"
    7. 

  7. echo "# ${ua_header}|${req_header}|${mitm_header}"
    8. 

  8. 

  9. pcaps=`find reference_fingerprints/pcaps/antivirus-run2 -type f -name "handshake.pcap"`
    10. 

  10. for pcapfile in $pcaps; do
    11. 

  11. 	scripts/filename_to_fingerprint.py --mitm $pcapfile
    12. 

  12. done
    13. 

  13. 

  14. cat << END
    15. 

  15. # add some additional records based on injected http headers
    16. 

  16. # Sources:
    17. 

  17. # - https://jhalderm.com/pub/papers/interception-ndss17.pdf
    18. 

  18. # - https://github.com/zakird/tlsfingerprints/blob/master/processing/browsers/browser.py#L131
    19. 

  19. 0::0:0::0:|:*:*:*:*:*barracuda:*|Barracuda:5:0
    20. 

  20. 0::0:0::0:|:*:*:*:*:*cuda_cliip:*|Barracuda:5:0
    21. 

  21. 0::0:0::0:|:*:*:*:*:*gdata-version:*|GData:1:4
    22. 

  22. 0::0:0::0:|:*:*:*:*:*gdataver:*|GData:1:4
    23. 

  23. 0::0:0::0:|:*:*:*:*:*pxyro-connection:*|Citrix:5:0
    24. 

  24. 0::0:0::0:|:*:*:*:*:*squixa-proxy:*|Squixa:0:0
    25. 

  25. 0::0:0::0:|:*:*:*:*:*x-akamai-config-log-detail:*|Akamai:5:0
    26. 

  26. 0::0:0::0:|:*:*:*:*:*x-akamai-edgescape:*|Akamai:5:0
    27. 

  27. 0::0:0::0:|:*:*:*:*:*x-akamai-origin-hop:*|Akamai:5:0
    28. 

  28. 0::0:0::0:|:*:*:*:*:*x-akamai-prefetched-object:*|Akamai:5:0
    29. 

  29. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-agent:*|Barracuda:5:0
    30. 

  30. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-app:*|Barracuda:5:0
    31. 

  31. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-device:*|Barracuda:5:0
    32. 

  32. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-deviceid:*|Barracuda:5:0
    33. 

  33. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-domain-dns:*|Barracuda:5:0
    34. 

  34. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-domain:*|Barracuda:5:0
    35. 

  35. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-machine:*|Barracuda:5:0
    36. 

  36. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-os:*|Barracuda:5:0
    37. 

  37. 0::0:0::0:|:*:*:*:*:*x-barracuda-wf-user:*|Barracuda:5:0
    38. 

  38. 0::0:0::0:|:*:*:*:*:*x-bluecoat-user:*|BlueCoat:5:0
    39. 

  39. 0::0:0::0:|:*:*:*:*:*x-bluecoat-via:*|BlueCoat:5:0
    40. 

  40. 0::0:0::0:|:*:*:*:*:*x-citrix-am-credentialtypes:*|Citrix:5:0
    41. 

  41. 0::0:0::0:|:*:*:*:*:*x-citrix-am-labeltypes:*|Citrix:5:0
    42. 

  42. 0::0:0::0:|:*:*:*:*:*x-citrix-gateway:*|Citrix:5:0
    43. 

  43. 0::0:0::0:|:*:*:*:*:*x-citrix-via-vip:*|Citrix:5:0
    44. 

  44. 0::0:0::0:|:*:*:*:*:*x-citrix-via:*|Citrix:5:0
    45. 

  45. 0::0:0::0:|:*:*:*:*:*x-cybersitter-content-flag:*|Cybersitter:5:0
    46. 

  46. 0::0:0::0:|:*:*:*:*:*x-cybersitter-csvt-token:*|Cybersitter:5:0
    47. 

  47. 0::0:0::0:|:*:*:*:*:*x-cybersitter-oemid:*|Cybersitter:5:0
    48. 

  48. 0::0:0::0:|:*:*:*:*:*x-drweb-keynumber:*|DrWeb:5:0
    49. 

  49. 0::0:0::0:|:*:*:*:*:*x-drweb-matchate:*|DrWeb:5:0
    50. 

  50. 0::0:0::0:|:*:*:*:*:*x-drweb-syshash:*|DrWeb:5:0
    51. 

  51. 0::0:0::0:|:*:*:*:*:*x-eset-spread-control:*|ESET:5:0
    52. 

  52. 0::0:0::0:|:*:*:*:*:*x-eset-updateid:*|ESET:5:0
    53. 

  53. 0::0:0::0:|:*:*:*:*:*x-fcckv2:*|Fortinet:1:0
    54. 

  54. 0::0:0::0:|:*:*:*:*:*x-gdata-device:*|GData:1:4
    55. 

  55. 0::0:0::0:|:*:*:*:*:*x-netnanny-ignore:*|NetNanny:4:0
    56. 

  56. 0::0:0::0:|:*:*:*:*:*x-nod32-mode:*|ESET:5:0
    57. 

  57. 0::0:0::0:|:*:*:*:*:*x-sophos-filter:*|Sophos:1:0
    58. 

  58. 0::0:0::0:|:*:*:*:*:*x-sophos-meta:*|Sophos:1:0
    59. 

  59. 0::0:0::0:|:*:*:*:*:*x-sophos-wsa-clientip:*|Sophos:1:0
    60. 

  60. 0::0:0::0:|:*:*:*:*:*x-websensehost:*|Forcepoint/WebSense:0:0
    61. 

  61. 0::0:0::0:|:*:*:*:*:*x-websenseproxychannel:*|Forcepoint/WebSense:0:0
    62. 

  62. 0::0:0::0:|:*:*:*:*:*x-websenseproxysslconnection:*|Forcepoint/WebSense:0:0
    63. 

  63. 0::0:0::0:|:*:*:*:*:*x_bluecoat_user:*|BlueCoat:5:0
    64. 

  64. 0::0:0::0:|:*:*:*:*:*x_bluecoat_via:*|BlueCoat:5:0
    65. 

  65. 0::0:0::0:|:*:*:*:*:*xroxy-connection:*|Kerio-Winroute-Firewall:0:0
    66. 

  66. 0::0:0::0:|:*:*:*:*:*z-forwarded-for:*|Zscaler:0:0
    67. 

  67. 0::0:0::0:|:*:*:25,24,23:*:*client-ip,x-forwarded-for:*|Forcepoint/WebSense:5:0
    68. 

  68. # add signatures based on quirks that none of the supported browsers should ever have
    69. 

  69. 0::0:0::0:|:*:*:*:*:*:*badhost|:0:0
    70. 

  70. 0::0:0::0:|:*:*:*:*:*:*badcase|:0:0
    71. 

  71. 0::0:0::0:|:*:*:*:*:*:*badpath|:0:0
    72. 

  72. 0::0:0::0:|:*:*:*:*:*:*badspace|:0:0
    73. 

  73. 0::0:0::0:|:*:*:*:*:*:*badreferer|:0:0
    74. 

  74. 0::0:0::0:|:*:*:*:*:*:*badxff|:0:0
    75. 

  75. 0::0:0::0:|:*:*:*:*:*:*badhdr|:0:0
    76. 

  76. END
    77. 

  77.