Ignore a set of domains

help
1

Hi, so Ive played around with some filter expressions and the one thing I have consistently failed to do it correctly filter OUT certain domains. For example I’d like to filter out everything that has ‘accuweather’ in the URL. Furthermore I’d like to be able to filter out multiple domains this way. I’m doing this using the ‘Filtering saved traffic’ feature mitmdump provides.

Heres what I know

mitmdump -nr Infile -w testFilter google.com filters everything but google.com in the URL

when I try to use a Unary not it produces an error “-bash: !: event not found”. I assumed that if you could filter everything but something, you could filter out just that one url. But this doesn’t work with a !. Even trying the filter expression !(~q & ~t “text/html”) as a test to see if unary not worked…didn’t work.

So if anyone could provide help with this this would be much appreciated.

ps I’ve tried to use --ignore but that doesn’t quite seem to work. I don’t think Ive quite grasped it.

2

Hi,

if you invoke this from bash, you probably need an additional pair of quotes around your filter. Otherwise bash will interpret is as bash stuff. :slight_smile:

3

Thanks for the speedy reply mhils, much appreciated. I’ve worked out how it works and its basically the need for ’ rather than "

So for anyone in future need of help, you can filter out by simply putting something like this

mitmdump -nr infile -w outfile ‘!accuweather’

and this will filter anything with ‘accuweather’ in it. This can of course be used in conjunction with & to filter out multiple transactions.

Hope this helps :slight_smile: