如何发现未记录的 mimdump 内联脚本参数?

How to discover undocumented mimdump inline script parameters?

我正在尝试使用内联脚本和 mitmdump 解析请求和响应的不同元素 header。一些功能没有记录。我会post吸取教训来回答这个问题。

在内联脚本中使用 dir() 会显示可用于解析的所有变量。

def response(context, flow):
       print dir(flow)
       print dir(flow.request)
for cookie in flow.response.headers["Set-Cookie"]:
            print "%s:\t%s" % (flow.request.host, cookie)

目录(流)的结果

['__class__', '__delattr__', '__dict__', '__doc__', '__eq__', '__format__', '__getattribute__', '__hash__', 
'__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', 
'__str__', '__subclasshook__', '__weakref__', '_backup', '_stateobject_attributes', 
'_stateobject_long_attributes', 'accept_intercept', 'backup', 'client_conn', 'copy', 'error', 'from_state', 
'get_state', 'id', 'intercept', 'intercepting', 'kill', 'live', 'load_state', 'match', 'modified', 'replace', 
'reply', 'request', 'response', 'revert', 'server_conn', 'type']

dir(flow.request)

的结果
['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__',
'__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', 
'__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_assemble_first_line', '_assemble_head', 
'_assemble_headers', '_stateobject_attributes', '_stateobject_long_attributes', 'anticache', 'anticomp', 
'assemble', 'constrain_encoding', 'content', 'copy', 'decode', 'encode', 'form_in', 'form_out', 'from_state', 
'from_stream', 'get_cookies', 'get_decoded_content', 'get_form_urlencoded', 'get_path_components', 
'get_query', 'get_state', 'headers', 'host', 'httpversion', 'is_replay', 'load_state', 'method', 'path', 
'port', 'pretty_host', 'pretty_url', 'replace', 'scheme', 'set_form_urlencoded', 'set_path_components', 
'set_query', 'size', 'stickyauth', 'stickycookie', 'timestamp_end', 'timestamp_start', 'update_host_header', 
'url']

目录 (flow.response)

的结果
['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', 
'__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', 
'__str__', '__subclasshook__', '__weakref__', '_assemble_first_line', '_assemble_head', '_assemble_headers', 
'_refresh_cookie', '_stateobject_attributes', '_stateobject_long_attributes', 'assemble', 'code', 'content', 
'copy', 'decode', 'encode', 'from_state', 'from_stream', 'get_cookies', 'get_decoded_content', 'get_state', 
'headers', 'httpversion', 'is_replay', 'load_state', 'msg', 'refresh', 'replace', 'size', 'stream', 
'timestamp_end', 'timestamp_start']    

为什么不用官方文档?

http://mitmproxy.org/doc/scripting/inlinescripts.html

The canonical API documentation is the code, which you can browse locally or in our GitHub repo. You can view the API documentation using pydoc (which is installed with Python by default), like this:

pydoc libmproxy.protocol.http.HTTPRequest

提供更好的输出。