mirror of
https://github.com/mitmproxy/mitmproxy.git
synced 2025-01-19 04:04:52 +00:00
Prep for 0.5 release
- Update CHANGELOG and CONTRIBUTORS - Bump version - Include Apple Gamecenter highscore setting tutorial in docs
This commit is contained in:
parent
0a642f2441
commit
46ec8f52e7
25
CHANGELOG
25
CHANGELOG
@ -1,3 +1,28 @@
|
||||
27 June 2011: mitmproxy 0.5:
|
||||
|
||||
* An -n option to start the tools without binding to a proxy port.
|
||||
|
||||
* Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
|
||||
save files.
|
||||
|
||||
* Regularize command-line options for mitmproxy and mitmdump.
|
||||
|
||||
* Add an "SSL exception" to mitmproxy's license to remove possible
|
||||
distribution issues.
|
||||
|
||||
* Add a --cert-wait-time option to make mitmproxy pause after a new SSL
|
||||
certificate is generated. This can pave over small discrepancies in
|
||||
system time between the client and server.
|
||||
|
||||
* Handle viewing big request and response bodies more elegantly. Only
|
||||
render the first 100k of large documents, and try to avoid running the
|
||||
XML indenter on non-XML data.
|
||||
|
||||
* BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
|
||||
flow has been replayed.
|
||||
|
||||
* BUGFIX: Repair a problem that sometimes caused SSL connections to consume
|
||||
100% of CPU.
|
||||
|
||||
|
||||
30 March 2011: mitmproxy 0.4
|
||||
|
@ -1,4 +1,5 @@
|
||||
179 Aldo Cortesi
|
||||
203 Aldo Cortesi
|
||||
18 Henrik Nordstrom
|
||||
13 Thomas Roth
|
||||
1 Yuangxuan Wang
|
||||
1 Henrik Nordström
|
||||
|
@ -19,9 +19,7 @@
|
||||
<li>Tutorials</li>
|
||||
<ul>
|
||||
<li> <a href="@!urlTo("tutorials/30second.html")!@">Client replay: a 30 second example</a> </li>
|
||||
<li> Scripting: On-the-fly modifications to HTTP conversations [coming soon] </li>
|
||||
<li> Sticky cookies [coming soon] </li>
|
||||
<li> Breaking iPhone apps for fun and profit [coming soon] </li>
|
||||
<li> <a href="@!urlTo("tutorials/gamecenter.html")!@">Setting highscores on Apple's GameCenter</a> </li>
|
||||
</ul>
|
||||
<li><a href="@!urlTo("faq.html")!@">FAQ</a></li>
|
||||
<li><a href="@!urlTo("admin.html")!@">Administrivia</a></li>
|
||||
|
@ -1,7 +1,7 @@
|
||||
import os, sys
|
||||
import countershape
|
||||
from countershape import Page, Directory, PythonModule, markup
|
||||
import countershape.grok, countershape.template
|
||||
import countershape.template
|
||||
sys.path.insert(0, "..")
|
||||
from libmproxy import filt
|
||||
|
||||
@ -33,7 +33,7 @@ ns.index_contents = file(mpath("README.mkd")).read()
|
||||
top = os.path.abspath(os.getcwd())
|
||||
def example(s):
|
||||
d = file(mpath(s)).read()
|
||||
return countershape.template.pySyntax(d)
|
||||
return countershape.template.Syntax("py")(d)
|
||||
|
||||
|
||||
ns.example = example
|
||||
|
105
doc-src/tutorials/gamecenter.html
Normal file
105
doc-src/tutorials/gamecenter.html
Normal file
@ -0,0 +1,105 @@
|
||||
|
||||
## The setup
|
||||
|
||||
In this tutorial, I'm going to show you how simple it is to creatively
|
||||
interfere with Apple Game Center traffic using mitmproxy. To set things up, I
|
||||
registered my mitmproxy CA certificate with my iPhone - there's a [step by step
|
||||
set of instructions](@!urlTo("certinstall/ios.html")!@) elsewhere in this manual. I then
|
||||
started mitmproxy on my desktop, and configured the iPhone to use it as a
|
||||
proxy.
|
||||
|
||||
|
||||
## Taking a look at the Game Center traffic
|
||||
|
||||
Lets take a first look at the Game Center traffic. The game I'll use in this
|
||||
tutorial is [Super Mega
|
||||
Worm](http://itunes.apple.com/us/app/super-mega-worm/id388541990?mt=8) - a
|
||||
great little retro-apocalyptic sidescroller for the iPhone:
|
||||
|
||||
<center>
|
||||
<img src="@!urlTo("tutorials/supermega.png")!@"/>
|
||||
</center>
|
||||
|
||||
After finishing a game (take your time), watch the traffic flowing through
|
||||
mitmproxy:
|
||||
|
||||
<center>
|
||||
<img src="@!urlTo("tutorials/one.png")!@"/>
|
||||
</center>
|
||||
|
||||
We see a bunch of things we might expect - initialisation, the retrieval of
|
||||
leaderboards and so forth. Then, right at the end, there's a POST to this
|
||||
tantalising URL:
|
||||
|
||||
<pre>
|
||||
https://service.gc.apple.com/WebObjects/GKGameStatsService.woa/wa/submitScore
|
||||
</pre>
|
||||
|
||||
The contents of the submission are particularly interesting:
|
||||
|
||||
<!--(block|syntax("xml"))-->
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>category</key>
|
||||
<string>SMW_Adv_USA1</string>
|
||||
<key>score-value</key>
|
||||
<integer>55</integer>
|
||||
<key>timestamp</key>
|
||||
<integer>1301553284461</integer>
|
||||
</dict>
|
||||
</plist>
|
||||
<!--(end)-->
|
||||
|
||||
This is a [property list](http://en.wikipedia.org/wiki/Property_list),
|
||||
containing an identifier for the game, a score (55, in this case), and a
|
||||
timestamp. Looks pretty simple to mess with.
|
||||
|
||||
|
||||
## Modifying and replaying the score submission
|
||||
|
||||
Lets edit the score submission. First, select it in mitmproxy, then press
|
||||
__enter__ to view it. Make sure you're viewing the request, not the response -
|
||||
you can use __tab__ to flick between the two. Now press __e__ for edit. You'll
|
||||
be prompted for the part of the request you want to change - press __b__ for
|
||||
body. Your preferred editor (taken from the EDITOR environment variable) will
|
||||
now fire up. Lets bump the score up to something a bit more ambitious:
|
||||
|
||||
<!--(block|syntax("xml"))-->
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>category</key>
|
||||
<string>SMW_Adv_USA1</string>
|
||||
<key>score-value</key>
|
||||
<integer>2200272667</integer>
|
||||
<key>timestamp</key>
|
||||
<integer>1301553284461</integer>
|
||||
</dict>
|
||||
</plist>
|
||||
<!--(end)-->
|
||||
|
||||
Save the file and exit your editor.
|
||||
|
||||
The final step is to replay this modified request. Simply press __r__ for
|
||||
replay.
|
||||
|
||||
## The glorious result and some intrigue
|
||||
|
||||
<center>
|
||||
<img src="@!urlTo("tutorials/leaderboard.png")!@"/>
|
||||
</center>
|
||||
|
||||
And that's it - according to the records, I am the greatest Super Mega Worm
|
||||
player of all time.
|
||||
|
||||
Curiously, the top competitors' scores are all the same: 2,147,483,647. If you
|
||||
think that number seems familiar, you're right: it's 2^31-1, the maximum value
|
||||
you can fit into a signed 32-bit int. Now let me tell you another peculiar
|
||||
thing about Super Mega Worm - at the end of every game, it submits your highest
|
||||
previous score to the Game Center, not your current score. This means that it
|
||||
stores your highscore somewhere, and I'm guessing that it reads that stored
|
||||
score back into a signed integer. So, if you _were_ to cheat by the relatively
|
||||
pedestrian means of modifying the saved score on your jailbroken phone, then
|
||||
2^31-1 might well be the maximum score you could get. Then again, if the game
|
||||
itself stores its score in a signed 32-bit int, you could get the same score
|
||||
through perfect play, effectively beating the game. So, which is it in this
|
||||
case? I'll leave that for you to decide.
|
@ -2,4 +2,5 @@ from countershape import Page
|
||||
|
||||
pages = [
|
||||
Page("30second.html", "Client playback: a 30 second example"),
|
||||
Page("gamecenter.html", "Setting highscores on Apple's GameCenter"),
|
||||
]
|
||||
|
BIN
doc-src/tutorials/leaderboard.png
Normal file
BIN
doc-src/tutorials/leaderboard.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 438 KiB |
BIN
doc-src/tutorials/one.png
Normal file
BIN
doc-src/tutorials/one.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 138 KiB |
BIN
doc-src/tutorials/supermega.png
Normal file
BIN
doc-src/tutorials/supermega.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 91 KiB |
@ -1,2 +1,2 @@
|
||||
IVERSION = (0, 4)
|
||||
IVERSION = (0, 5)
|
||||
VERSION = ".".join([str(i) for i in IVERSION])
|
||||
|
Loading…
x
Reference in New Issue
Block a user