Skip to content
saalmaan edited this page Jul 27, 2016 · 20 revisions

Tamper should install any missing dependencies. If however you encounter any errors during Tamper installation then follow detailed installation guide below (Tested on OS X only):

All instruction given below are for OS X and tested on El Capitan. Command mentioned below are for console/terminal, some of these command will require sudo (administrator) access.

Step 1:

Install or update your xcode (this should take around 15 minutes depending on your internet connection):

xcode-select --install
Step 2:

To install Tamper you need python, the version of Python that ships with OS X is great for learning but it’s not good for development. The version shipped with OS X may be out of date from the official current Python release, which is considered the stable production version. (source).

So to install python type following in terminal

brew install python

if you don't have brew then type following in terminal to install it first

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Step 2:

Tamper is distributed through pip (Python Package Index), pip is automatically installed when you install python, to verify type following command in terminal

which pip

If pip was installed previously and you installed some packages then newly installed pip (though brew install python) will continue to use old path (/Library/Python/2.7/site-packages) to install/update/delete packages, this is OSX's version of python and using that will most probably fail pip package managment, one easy fix to avoid pip failing is to remove all packages from old site-packages, after that pip should links back to newly installed python, type in this command to remove site-packages

pip freeze | sudo xargs pip uninstall -y

You may have to uninstall python and install it back again after above step

brew uninstall python
brew install python
Step 3:

By now your python and pip both should be installed and working perfectly, so now proceed with installation of tamper

pip install tamper

If tamper installation was successful you should see something like this at the end:

Successfully installed tamper mitmproxy pyOpenSSL Pillow netlib lxml Werkzeug Jinja2 itsdangerous certifi backports.ssl-match-hostname cryptography markupsafe cffi pycparser

if you don't see above message continue with below steps because sometimes even a small error stops this message from appearing

Note: You can also view all installed packages in pip with this command pip list, if tamper was installed it should show in there

Tamper depends on mitmproxy (mitmproxy is installed as part of tamper installation) to route files, so now verify that Mitmproxy is working by typing in this command mitmproxy in terminal, if you see a following message:

You are using an outdated version of pyOpenSSL: mitmproxy requires pyOpenSSL 0.14 or greater. Your pyOpenSSL 0.13.1 installation is located at /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL

or

Traceback (most recent call last): File "/usr/local/bin/mitmproxy", line 9, in load_entry_point('mitmproxy==0.13', 'console_scripts', 'mitmproxy')() File "/Library/Python/2.7/site-packages/pkg_resources/init.py", line 558, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/Library/Python/2.7/site-packages/pkg_resources/init.py", line 2682, in load_entry_point return ep.load() File "/Library/Python/2.7/site-packages/pkg_resources/init.py", line 2355, in load return self.resolve() File "/Library/Python/2.7/site-packages/pkg_resources/init.py", line 2361, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/Library/Python/2.7/site-packages/libmproxy/main.py", line 7, in from . import version, cmdline File "/Library/Python/2.7/site-packages/libmproxy/cmdline.py", line 5, in from netlib import http File "/Library/Python/2.7/site-packages/netlib/http.py", line 7, in from . import odict, utils, tcp, http_status File "/Library/Python/2.7/site-packages/netlib/tcp.py", line 26, in 'TLSv1.2': SSL.TLSv1_2_METHOD, AttributeError: 'module' object has no attribute 'TLSv1_2_METHOD'

or

Traceback (most recent call last): File "/usr/local/bin/mitmproxy", line 9, in load_entry_point('mitmproxy==0.13.1', 'console_scripts', 'mitmproxy')() File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 337, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 2311, in load_entry_point return ep.load() File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 2017, in load entry = import(self.module_name, globals(),globals(), ['name']) File "/Library/Python/2.7/site-packages/libmproxy/main.py", line 7, in from . import version, cmdline File "/Library/Python/2.7/site-packages/libmproxy/cmdline.py", line 6, in from . import filt, utils, version File "/Library/Python/2.7/site-packages/libmproxy/filt.py", line 38, in from .protocol.http import decoded File "/Library/Python/2.7/site-packages/libmproxy/protocol/init.py", line 1, in from .primitives import * File "/Library/Python/2.7/site-packages/libmproxy/protocol/primitives.py", line 4, in import netlib.tcp File "/Library/Python/2.7/site-packages/netlib/tcp.py", line 26, in 'TLSv1.2': SSL.TLSv1_2_METHOD, AttributeError: 'module' object has no attribute 'TLSv1_2_METHOD'

Then fear not, just rename old folder and you are good to go, use this command:

sudo mv /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_OpenSSL

... to rename the folder (change the path according to your PyOpenSSL installation path): more info here https://github.com/mitmproxy/mitmproxy/issues/705

Now try running Mitmproxy again.

Note: You can also change your network settings to see if Mitmproxy is intercepting the traffic. Open System PreferencesNetworkWIFI or EthernetAdvanceProxiesWeb Proxy (HTTP) → Web Proxy Server = 127.0.0.1:8080.

If you see:

ImportError: dlopen(/Users/xxx/anaconda/envs/py2x/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so, 2): Library not loaded: libssl.1.0.0.dylib Referenced from: /Users/xxx/anaconda/envs/py2x/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so Reason: image not found

... http://stackoverflow.com/a/30726895/435129 sorted it out for me. (I'm on OSX).

Step 5:

Install Tamper's devtools extension from Chrome Web Store

Step 6:

Before intercepting SSL communication you need to authorize Mitmproxy. Open http://mitm.it (while Mitmproxy is running) and click on Apple (for any platform you intend to use Mitmproxy) icon. This will download a certificate, just open it and add it to Keychain.

Note: if you open http://mitm.it and you see a blank page or error message then you need to check if mitmproxy is working properly, one trick is to close any programs that may be conflicting with mitmproxy's default port 8080

Step 7:

Now open your target website in Chrome and enable Devtools (Cmd+Alt+I) and open Tamper panel and click on little cog icon at bottom left corner of tamper panel to open tamper settings and restart proxy. Now just enable Tamper from top right corner and you are good to go (if everything is correct Tamper icon should turn blue).

Note: if default proxy port 8080 in Tamper settings doesn't work then try a different one like 8181 and restart proxy.

Other Settings

if you are mac user and want to use your favourite editor to edit tamper scripts then use full application path. For phpstorm use something like this in Tamper settings (wheel icon) in 'Editor Command Line' input field

/usr/local/bin/pstorm

Other issues

  1. HTTPS websites suddenly stops loading when Tamper turned on. Most probably mitmproxy which tamper depends on traffic sniffing is not starting properly, trying killing tamper.py process and see if it helps, ps aux | grep 'tamper.py' and kill -9 <PROCESS ID>

  2. Remote debugging on android/IOS showing traffic in Tamper console but files not mapping. Make sure your wifi has correct proxy settings, your host machine IP address and port on which tamper is running (usually 8080)

  3. Can't Previously edited files If you clicking on script/css or any file you edited through Tamper and clicking on it is not opening the file then most probably its deleted and doesn't exist, to backup your files regularly and move your changes to out side of Tamper for reliability. Or you can try to find the file in Tamper folder, just edit any file and see its path and if that has the your desired file in there.

Clone this wiki locally