2016-12-05 02:55:43 +00:00
|
|
|
import argparse
|
|
|
|
|
import os
|
|
|
|
|
|
2016-07-18 05:09:55 +00:00
|
|
|
from mitmproxy import exceptions
|
2016-09-29 10:46:56 +00:00
|
|
|
from mitmproxy import flowfilter
|
2016-07-19 23:10:15 +00:00
|
|
|
from mitmproxy import options
|
2016-09-22 04:56:47 +00:00
|
|
|
from mitmproxy import platform
|
2016-10-19 20:45:18 +00:00
|
|
|
from mitmproxy.utils import human
|
2016-10-19 22:56:38 +00:00
|
|
|
from mitmproxy.net import tcp
|
2016-10-19 20:20:44 +00:00
|
|
|
from mitmproxy import version
|
2016-10-30 04:42:34 +00:00
|
|
|
from mitmproxy.addons import view
|
2012-03-17 04:20:34 +00:00
|
|
|
|
2014-03-10 04:11:51 +00:00
|
|
|
|
2016-12-05 02:55:43 +00:00
|
|
|
CONFIG_PATH = os.path.join(options.CA_DIR, "config.yaml")
|
|
|
|
|
|
|
|
|
|
|
2014-03-10 04:11:51 +00:00
|
|
|
class ParseException(Exception):
|
|
|
|
|
pass
|
|
|
|
|
|
2012-03-17 04:20:34 +00:00
|
|
|
|
2012-08-18 12:14:16 +00:00
|
|
|
def _parse_hook(s):
|
|
|
|
|
sep, rem = s[0], s[1:]
|
|
|
|
|
parts = rem.split(sep, 2)
|
|
|
|
|
if len(parts) == 2:
|
|
|
|
|
patt = ".*"
|
|
|
|
|
a, b = parts
|
|
|
|
|
elif len(parts) == 3:
|
|
|
|
|
patt, a, b = parts
|
|
|
|
|
else:
|
2014-11-15 03:14:08 +00:00
|
|
|
raise ParseException(
|
|
|
|
|
"Malformed hook specifier - too few clauses: %s" % s
|
|
|
|
|
)
|
2012-08-18 12:14:16 +00:00
|
|
|
|
|
|
|
|
if not a:
|
2014-07-21 19:06:55 +00:00
|
|
|
raise ParseException("Empty clause: %s" % str(patt))
|
2012-08-18 12:14:16 +00:00
|
|
|
|
2016-09-29 10:46:56 +00:00
|
|
|
if not flowfilter.parse(patt):
|
2014-07-21 19:06:55 +00:00
|
|
|
raise ParseException("Malformed filter pattern: %s" % patt)
|
2012-08-18 12:14:16 +00:00
|
|
|
|
|
|
|
|
return patt, a, b
|
|
|
|
|
|
2012-03-17 04:20:34 +00:00
|
|
|
|
2012-08-18 12:14:16 +00:00
|
|
|
def parse_setheader(s):
|
|
|
|
|
"""
|
|
|
|
|
Returns a (pattern, header, value) tuple.
|
|
|
|
|
|
|
|
|
|
The general form for a replacement hook is as follows:
|
|
|
|
|
|
|
|
|
|
/patt/header/value
|
|
|
|
|
|
|
|
|
|
The first character specifies the separator. Example:
|
|
|
|
|
|
|
|
|
|
:~q:foo:bar
|
|
|
|
|
|
|
|
|
|
If only two clauses are specified, the pattern is set to match
|
|
|
|
|
universally (i.e. ".*"). Example:
|
|
|
|
|
|
|
|
|
|
/foo/bar/
|
|
|
|
|
|
|
|
|
|
Clauses are parsed from left to right. Extra separators are taken to be
|
|
|
|
|
part of the final clause. For instance, the value clause below is
|
|
|
|
|
"foo/bar/":
|
|
|
|
|
|
|
|
|
|
/one/two/foo/bar/
|
|
|
|
|
|
|
|
|
|
Checks that pattern and regex are both well-formed. Raises
|
|
|
|
|
ParseException on error.
|
|
|
|
|
"""
|
|
|
|
|
return _parse_hook(s)
|
2011-03-12 01:30:12 +00:00
|
|
|
|
|
|
|
|
|
2016-07-18 02:19:39 +00:00
|
|
|
def get_common_options(args):
|
2011-03-20 04:31:54 +00:00
|
|
|
stickycookie, stickyauth = None, None
|
2016-07-18 02:19:39 +00:00
|
|
|
if args.stickycookie_filt:
|
|
|
|
|
stickycookie = args.stickycookie_filt
|
2011-03-20 04:31:54 +00:00
|
|
|
|
2016-07-18 02:19:39 +00:00
|
|
|
if args.stickyauth_filt:
|
|
|
|
|
stickyauth = args.stickyauth_filt
|
2011-03-20 04:31:54 +00:00
|
|
|
|
2016-07-18 02:19:39 +00:00
|
|
|
stream_large_bodies = args.stream_large_bodies
|
2016-05-31 07:32:08 +00:00
|
|
|
if stream_large_bodies:
|
|
|
|
|
stream_large_bodies = human.parse_size(stream_large_bodies)
|
2014-07-21 19:06:55 +00:00
|
|
|
|
2012-08-18 12:14:16 +00:00
|
|
|
setheaders = []
|
2016-12-05 02:55:43 +00:00
|
|
|
for i in args.setheader or []:
|
2012-08-18 12:14:16 +00:00
|
|
|
try:
|
|
|
|
|
p = parse_setheader(i)
|
2015-05-30 00:03:28 +00:00
|
|
|
except ParseException as e:
|
2016-07-18 05:09:55 +00:00
|
|
|
raise exceptions.OptionsError(e)
|
2012-08-18 12:14:16 +00:00
|
|
|
setheaders.append(p)
|
|
|
|
|
|
2016-11-03 02:00:18 +00:00
|
|
|
if args.streamfile and args.streamfile[0] == args.rfile:
|
|
|
|
|
if args.streamfile[1] == "wb":
|
2016-07-18 05:09:55 +00:00
|
|
|
raise exceptions.OptionsError(
|
2016-05-21 22:25:57 +00:00
|
|
|
"Cannot use '{}' for both reading and writing flows. "
|
2016-07-18 02:19:39 +00:00
|
|
|
"Are you looking for --afile?".format(args.rfile)
|
2016-05-21 22:25:57 +00:00
|
|
|
)
|
|
|
|
|
else:
|
2016-07-18 05:09:55 +00:00
|
|
|
raise exceptions.OptionsError(
|
2016-05-21 22:25:57 +00:00
|
|
|
"Cannot use '{}' for both reading and appending flows. "
|
|
|
|
|
"That would trigger an infinite loop."
|
|
|
|
|
)
|
|
|
|
|
|
2016-07-18 04:02:54 +00:00
|
|
|
# Proxy config
|
|
|
|
|
certs = []
|
2016-12-05 02:55:43 +00:00
|
|
|
for i in args.certs or []:
|
2016-07-18 04:02:54 +00:00
|
|
|
parts = i.split("=", 1)
|
|
|
|
|
if len(parts) == 1:
|
|
|
|
|
parts = ["*", parts[0]]
|
|
|
|
|
certs.append(parts)
|
|
|
|
|
|
2016-07-18 04:58:53 +00:00
|
|
|
body_size_limit = args.body_size_limit
|
|
|
|
|
if body_size_limit:
|
2016-07-18 05:09:55 +00:00
|
|
|
try:
|
|
|
|
|
body_size_limit = human.parse_size(body_size_limit)
|
2016-07-18 06:10:21 +00:00
|
|
|
except ValueError as e:
|
2016-07-18 05:09:55 +00:00
|
|
|
raise exceptions.OptionsError(
|
|
|
|
|
"Invalid body size limit specification: %s" % body_size_limit
|
|
|
|
|
)
|
2016-07-18 04:58:53 +00:00
|
|
|
|
2016-07-18 06:10:21 +00:00
|
|
|
# Establish proxy mode
|
|
|
|
|
c = 0
|
|
|
|
|
mode, upstream_server = "regular", None
|
|
|
|
|
if args.transparent_proxy:
|
|
|
|
|
c += 1
|
2016-11-25 16:32:23 +00:00
|
|
|
if not platform.original_addr:
|
2016-07-18 06:10:21 +00:00
|
|
|
raise exceptions.OptionsError(
|
|
|
|
|
"Transparent mode not supported on this platform."
|
|
|
|
|
)
|
|
|
|
|
mode = "transparent"
|
|
|
|
|
if args.socks_proxy:
|
|
|
|
|
c += 1
|
|
|
|
|
mode = "socks5"
|
|
|
|
|
if args.reverse_proxy:
|
|
|
|
|
c += 1
|
|
|
|
|
mode = "reverse"
|
|
|
|
|
upstream_server = args.reverse_proxy
|
|
|
|
|
if args.upstream_proxy:
|
|
|
|
|
c += 1
|
|
|
|
|
mode = "upstream"
|
|
|
|
|
upstream_server = args.upstream_proxy
|
|
|
|
|
if c > 1:
|
|
|
|
|
raise exceptions.OptionsError(
|
|
|
|
|
"Transparent, SOCKS5, reverse and upstream proxy mode "
|
|
|
|
|
"are mutually exclusive. Read the docs on proxy modes "
|
|
|
|
|
"to understand why."
|
|
|
|
|
)
|
|
|
|
|
if args.add_upstream_certs_to_client_chain and args.no_upstream_cert:
|
|
|
|
|
raise exceptions.OptionsError(
|
|
|
|
|
"The no-upstream-cert and add-upstream-certs-to-client-chain "
|
|
|
|
|
"options are mutually exclusive. If no-upstream-cert is enabled "
|
|
|
|
|
"then the upstream certificate is not retrieved before generating "
|
|
|
|
|
"the client certificate chain."
|
|
|
|
|
)
|
|
|
|
|
|
2016-07-19 05:15:10 +00:00
|
|
|
if args.quiet:
|
|
|
|
|
args.verbose = 0
|
|
|
|
|
|
2011-03-12 01:30:12 +00:00
|
|
|
return dict(
|
2017-01-28 23:28:52 +00:00
|
|
|
onboarding=args.onboarding,
|
|
|
|
|
onboarding_host=args.onboarding_host,
|
|
|
|
|
onboarding_port=args.onboarding_port,
|
2016-07-18 02:19:39 +00:00
|
|
|
|
|
|
|
|
anticache=args.anticache,
|
|
|
|
|
anticomp=args.anticomp,
|
|
|
|
|
client_replay=args.client_replay,
|
2016-09-09 21:48:41 +00:00
|
|
|
replay_kill_extra=args.replay_kill_extra,
|
2016-07-18 02:19:39 +00:00
|
|
|
no_server=args.no_server,
|
|
|
|
|
refresh_server_playback=not args.norefresh,
|
2016-09-09 22:02:31 +00:00
|
|
|
server_replay_use_headers=args.server_replay_use_headers,
|
2016-07-18 02:19:39 +00:00
|
|
|
rfile=args.rfile,
|
2017-01-31 22:01:47 +00:00
|
|
|
replacements=args.replacements,
|
|
|
|
|
replacement_files=args.replacement_files,
|
2014-07-21 19:06:55 +00:00
|
|
|
setheaders=setheaders,
|
2016-07-18 02:19:39 +00:00
|
|
|
server_replay=args.server_replay,
|
|
|
|
|
scripts=args.scripts,
|
2014-07-21 19:06:55 +00:00
|
|
|
stickycookie=stickycookie,
|
|
|
|
|
stickyauth=stickyauth,
|
|
|
|
|
stream_large_bodies=stream_large_bodies,
|
2016-07-18 02:19:39 +00:00
|
|
|
showhost=args.showhost,
|
2016-11-03 02:12:04 +00:00
|
|
|
streamfile=args.streamfile[0] if args.streamfile else None,
|
|
|
|
|
streamfile_append=True if args.streamfile and args.streamfile[1] == "a" else False,
|
2016-07-18 02:19:39 +00:00
|
|
|
verbosity=args.verbose,
|
2016-09-09 22:07:55 +00:00
|
|
|
server_replay_nopop=args.server_replay_nopop,
|
2016-09-09 22:21:52 +00:00
|
|
|
server_replay_ignore_content=args.server_replay_ignore_content,
|
|
|
|
|
server_replay_ignore_params=args.server_replay_ignore_params,
|
|
|
|
|
server_replay_ignore_payload_params=args.server_replay_ignore_payload_params,
|
|
|
|
|
server_replay_ignore_host=args.server_replay_ignore_host,
|
2016-07-18 02:19:39 +00:00
|
|
|
|
2016-07-19 02:51:12 +00:00
|
|
|
auth_nonanonymous = args.auth_nonanonymous,
|
|
|
|
|
auth_singleuser = args.auth_singleuser,
|
|
|
|
|
auth_htpasswd = args.auth_htpasswd,
|
2016-07-19 00:32:26 +00:00
|
|
|
add_upstream_certs_to_client_chain = args.add_upstream_certs_to_client_chain,
|
2016-07-18 04:58:53 +00:00
|
|
|
body_size_limit = body_size_limit,
|
2016-07-18 03:40:40 +00:00
|
|
|
cadir = args.cadir,
|
2016-07-18 04:02:54 +00:00
|
|
|
certs = certs,
|
2016-07-19 01:43:53 +00:00
|
|
|
ciphers_client = args.ciphers_client,
|
|
|
|
|
ciphers_server = args.ciphers_server,
|
2016-07-18 03:40:40 +00:00
|
|
|
clientcerts = args.clientcerts,
|
2016-07-19 02:06:02 +00:00
|
|
|
http2 = args.http2,
|
2016-07-19 00:32:26 +00:00
|
|
|
ignore_hosts = args.ignore_hosts,
|
2016-07-18 04:02:54 +00:00
|
|
|
listen_host = args.addr,
|
|
|
|
|
listen_port = args.port,
|
2016-11-12 05:52:14 +00:00
|
|
|
upstream_bind_address = args.upstream_bind_address,
|
2016-07-18 06:10:21 +00:00
|
|
|
mode = mode,
|
2016-07-19 02:06:02 +00:00
|
|
|
no_upstream_cert = args.no_upstream_cert,
|
2016-09-03 12:22:09 +00:00
|
|
|
spoof_source_address = args.spoof_source_address,
|
2016-07-19 02:06:02 +00:00
|
|
|
rawtcp = args.rawtcp,
|
2016-11-13 20:26:50 +00:00
|
|
|
websocket = args.websocket,
|
2016-07-18 06:10:21 +00:00
|
|
|
upstream_server = upstream_server,
|
|
|
|
|
upstream_auth = args.upstream_auth,
|
2016-07-18 23:41:04 +00:00
|
|
|
ssl_version_client = args.ssl_version_client,
|
|
|
|
|
ssl_version_server = args.ssl_version_server,
|
2016-07-28 00:57:38 +00:00
|
|
|
ssl_insecure = args.ssl_insecure,
|
2016-07-18 23:41:04 +00:00
|
|
|
ssl_verify_upstream_trusted_cadir = args.ssl_verify_upstream_trusted_cadir,
|
|
|
|
|
ssl_verify_upstream_trusted_ca = args.ssl_verify_upstream_trusted_ca,
|
2016-07-19 00:32:26 +00:00
|
|
|
tcp_hosts = args.tcp_hosts,
|
2011-03-12 01:30:12 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
def basic_options(parser):
|
2014-11-15 04:58:38 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--version',
|
2016-06-11 04:40:21 +00:00
|
|
|
action='store_true',
|
2017-01-19 13:00:50 +00:00
|
|
|
dest='version',
|
2016-06-11 04:40:21 +00:00
|
|
|
)
|
2014-12-28 02:07:44 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--shortversion',
|
2015-08-27 23:51:13 +00:00
|
|
|
action='version',
|
|
|
|
|
help="show program's short version number and exit",
|
|
|
|
|
version=version.VERSION
|
2014-12-28 02:07:44 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2011-08-03 01:20:36 +00:00
|
|
|
"--anticache",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="anticache",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Strip out request headers that might cause the server to return
|
|
|
|
|
304-not-modified.
|
|
|
|
|
"""
|
2011-08-03 01:20:36 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 03:14:08 +00:00
|
|
|
"--cadir",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", type=str, dest="cadir",
|
2016-07-19 23:10:15 +00:00
|
|
|
help="Location of the default mitmproxy CA files. (%s)" % options.CA_DIR
|
2011-08-03 01:20:36 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-03-13 22:43:26 +00:00
|
|
|
"--host",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="showhost",
|
2014-03-13 22:43:26 +00:00
|
|
|
help="Use the Host header to construct URLs for display."
|
2014-03-10 04:11:51 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-q", "--quiet",
|
2011-03-12 01:30:12 +00:00
|
|
|
action="store_true", dest="quiet",
|
|
|
|
|
help="Quiet."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-r", "--read-flows",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", dest="rfile",
|
2011-05-14 23:54:12 +00:00
|
|
|
help="Read flows from file."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-s", "--script",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", type=str, dest="scripts",
|
2013-06-13 14:04:04 +00:00
|
|
|
metavar='"script.py --bar"',
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Run a script. Surround with quotes to pass script arguments. Can be
|
|
|
|
|
passed multiple times.
|
|
|
|
|
"""
|
2011-03-12 01:30:12 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-t", "--stickycookie",
|
2014-11-15 03:14:08 +00:00
|
|
|
action="store",
|
|
|
|
|
dest="stickycookie_filt",
|
|
|
|
|
metavar="FILTER",
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Set sticky cookie filter. Matched against requests."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-u", "--stickyauth",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", dest="stickyauth_filt", metavar="FILTER",
|
2011-03-20 04:31:54 +00:00
|
|
|
help="Set sticky auth filter. Matched against requests."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-v", "--verbose",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_const", dest="verbose", const=3,
|
2016-07-15 22:00:34 +00:00
|
|
|
help="Increase log verbosity."
|
2011-03-12 01:30:12 +00:00
|
|
|
)
|
2016-11-03 02:00:18 +00:00
|
|
|
streamfile = parser.add_mutually_exclusive_group()
|
|
|
|
|
streamfile.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-w", "--wfile",
|
2016-11-03 02:12:04 +00:00
|
|
|
action="store", dest="streamfile", type=lambda f: (f, "w"),
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Write flows to file."
|
|
|
|
|
)
|
2016-11-03 02:00:18 +00:00
|
|
|
streamfile.add_argument(
|
2014-12-11 18:21:33 +00:00
|
|
|
"-a", "--afile",
|
2016-11-03 02:12:04 +00:00
|
|
|
action="store", dest="streamfile", type=lambda f: (f, "a"),
|
2014-12-11 18:21:33 +00:00
|
|
|
help="Append flows to file."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-z", "--anticomp",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="anticomp",
|
2011-07-15 03:21:04 +00:00
|
|
|
help="Try to convince servers to send us un-compressed data."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-Z", "--body-size-limit",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", dest="body_size_limit",
|
2011-09-09 05:31:36 +00:00
|
|
|
metavar="SIZE",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="Byte size limit of HTTP request and response bodies."
|
2011-09-09 05:31:36 +00:00
|
|
|
" Understands k/m/g suffixes, i.e. 3m for 3 megabytes."
|
|
|
|
|
)
|
2014-07-21 19:06:55 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--stream",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", dest="stream_large_bodies",
|
2014-07-21 19:06:55 +00:00
|
|
|
metavar="SIZE",
|
Fix crash while streaming
Found using fuzzing. Reproduction with pathoc, given "mitmproxy -s" and
pathod running on 9999:
get:'http://localhost:9999/p/':s'200:b\'foo\':h\'Content-Length\'=\'3\'':i58,'\x1a':r
return flow.FlowMaster.run(self)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 111, in run
self.tick(self.masterq, 0.01)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 613, in tick
return controller.Master.tick(self, q, timeout)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 101, in tick
self.handle(*msg)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 118, in handle
m(obj)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 738, in handle_responseheaders
self.stream_large_bodies.run(f, False)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 155, in run
r.headers, is_request, flow.request.method, code
File "/Users/aldo/mitmproxy/mitmproxy/netlib/http.py", line 401, in expected_http_body_size
raise HttpError(400 if is_request else 502, "Invalid content-length header: %s" % headers["content-length"])
netlib.http.HttpError: Invalid content-length header: ['\x1a3']
2014-10-26 04:58:36 +00:00
|
|
|
help="""
|
2014-11-15 03:14:08 +00:00
|
|
|
Stream data to the client if response body exceeds the given
|
|
|
|
|
threshold. If streamed, the body will not be stored in any way.
|
|
|
|
|
Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
|
Fix crash while streaming
Found using fuzzing. Reproduction with pathoc, given "mitmproxy -s" and
pathod running on 9999:
get:'http://localhost:9999/p/':s'200:b\'foo\':h\'Content-Length\'=\'3\'':i58,'\x1a':r
return flow.FlowMaster.run(self)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 111, in run
self.tick(self.masterq, 0.01)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 613, in tick
return controller.Master.tick(self, q, timeout)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 101, in tick
self.handle(*msg)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 118, in handle
m(obj)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 738, in handle_responseheaders
self.stream_large_bodies.run(f, False)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 155, in run
r.headers, is_request, flow.request.method, code
File "/Users/aldo/mitmproxy/mitmproxy/netlib/http.py", line 401, in expected_http_body_size
raise HttpError(400 if is_request else 502, "Invalid content-length header: %s" % headers["content-length"])
netlib.http.HttpError: Invalid content-length header: ['\x1a3']
2014-10-26 04:58:36 +00:00
|
|
|
"""
|
2014-07-21 19:06:55 +00:00
|
|
|
)
|
2014-03-13 22:43:26 +00:00
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def proxy_modes(parser):
|
2016-06-29 02:26:08 +00:00
|
|
|
group = parser.add_argument_group("Proxy Modes")
|
2015-08-27 23:51:13 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"-R", "--reverse",
|
|
|
|
|
action="store",
|
2016-07-18 06:10:21 +00:00
|
|
|
type=str,
|
2015-08-27 23:51:13 +00:00
|
|
|
dest="reverse_proxy",
|
|
|
|
|
help="""
|
|
|
|
|
Forward all requests to upstream HTTP server:
|
2016-04-22 00:56:18 +00:00
|
|
|
http[s]://host[:port]. Clients can always connect both
|
|
|
|
|
via HTTPS and HTTP, the connection to the server is
|
|
|
|
|
determined by the specified scheme.
|
2015-08-27 23:51:13 +00:00
|
|
|
"""
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
|
|
|
|
"--socks",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="socks_proxy",
|
2015-08-27 23:51:13 +00:00
|
|
|
help="Set SOCKS5 proxy mode."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
|
|
|
|
"-T", "--transparent",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="transparent_proxy",
|
2015-08-27 23:51:13 +00:00
|
|
|
help="Set transparent proxy mode."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
|
|
|
|
"-U", "--upstream",
|
|
|
|
|
action="store",
|
2016-07-18 06:10:21 +00:00
|
|
|
type=str,
|
2015-08-27 23:51:13 +00:00
|
|
|
dest="upstream_proxy",
|
|
|
|
|
help="Forward all requests to upstream proxy server: http://host[:port]"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def proxy_options(parser):
|
2014-03-13 22:43:26 +00:00
|
|
|
group = parser.add_argument_group("Proxy Options")
|
|
|
|
|
group.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-b", "--bind-address",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", type=str, dest="addr",
|
2014-07-21 19:06:55 +00:00
|
|
|
help="Address to bind proxy to (defaults to all interfaces)"
|
2014-03-13 22:43:26 +00:00
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2014-08-09 01:03:21 +00:00
|
|
|
"-I", "--ignore",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", type=str, dest="ignore_hosts",
|
2014-08-09 01:03:21 +00:00
|
|
|
metavar="HOST",
|
Fix crash while streaming
Found using fuzzing. Reproduction with pathoc, given "mitmproxy -s" and
pathod running on 9999:
get:'http://localhost:9999/p/':s'200:b\'foo\':h\'Content-Length\'=\'3\'':i58,'\x1a':r
return flow.FlowMaster.run(self)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 111, in run
self.tick(self.masterq, 0.01)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 613, in tick
return controller.Master.tick(self, q, timeout)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 101, in tick
self.handle(*msg)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/controller.py", line 118, in handle
m(obj)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 738, in handle_responseheaders
self.stream_large_bodies.run(f, False)
File "/Users/aldo/mitmproxy/mitmproxy/libmproxy/flow.py", line 155, in run
r.headers, is_request, flow.request.method, code
File "/Users/aldo/mitmproxy/mitmproxy/netlib/http.py", line 401, in expected_http_body_size
raise HttpError(400 if is_request else 502, "Invalid content-length header: %s" % headers["content-length"])
netlib.http.HttpError: Invalid content-length header: ['\x1a3']
2014-10-26 04:58:36 +00:00
|
|
|
help="""
|
|
|
|
|
Ignore host and forward all traffic without processing it. In
|
|
|
|
|
transparent mode, it is recommended to use an IP address (range),
|
|
|
|
|
not the hostname. In regular mode, only SSL traffic is ignored and
|
|
|
|
|
the hostname should be used. The supplied value is interpreted as a
|
|
|
|
|
regular expression and matched on the ip or the hostname. Can be
|
|
|
|
|
passed multiple times.
|
|
|
|
|
"""
|
2014-03-13 22:43:26 +00:00
|
|
|
)
|
2014-10-18 16:29:35 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--tcp",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", type=str, dest="tcp_hosts",
|
2014-10-18 16:29:35 +00:00
|
|
|
metavar="HOST",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Generic TCP SSL proxy mode for all hosts that match the pattern.
|
|
|
|
|
Similar to --ignore, but SSL connections are intercepted. The
|
2016-07-15 22:00:34 +00:00
|
|
|
communication contents are printed to the log in verbose mode.
|
2014-11-15 03:14:08 +00:00
|
|
|
"""
|
2014-10-18 16:29:35 +00:00
|
|
|
)
|
2014-03-13 22:43:26 +00:00
|
|
|
group.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-n", "--no-server",
|
2014-03-13 22:43:26 +00:00
|
|
|
action="store_true", dest="no_server",
|
|
|
|
|
help="Don't start a proxy server."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2014-11-15 04:25:05 +00:00
|
|
|
"-p", "--port",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", type=int, dest="port",
|
2014-07-21 19:06:55 +00:00
|
|
|
help="Proxy service port."
|
2014-03-13 22:43:26 +00:00
|
|
|
)
|
2016-12-10 23:26:01 +00:00
|
|
|
|
|
|
|
|
http2 = group.add_mutually_exclusive_group()
|
|
|
|
|
http2.add_argument("--no-http2", action="store_false", dest="http2",
|
|
|
|
|
help="Explicitly enable/disable HTTP/2 support. "
|
2016-12-26 20:51:10 +00:00
|
|
|
"Enabled by default."
|
2016-12-10 23:26:01 +00:00
|
|
|
)
|
2016-12-26 20:51:10 +00:00
|
|
|
http2.add_argument("--http2", action="store_true", dest="http2")
|
2016-12-10 23:26:01 +00:00
|
|
|
|
|
|
|
|
websocket = group.add_mutually_exclusive_group()
|
|
|
|
|
websocket.add_argument("--no-websocket", action="store_false", dest="websocket",
|
|
|
|
|
help="Explicitly enable/disable WebSocket support. "
|
|
|
|
|
"Enabled by default."
|
|
|
|
|
)
|
|
|
|
|
websocket.add_argument("--websocket", action="store_true", dest="websocket")
|
2016-11-13 20:26:50 +00:00
|
|
|
|
2016-03-01 09:40:32 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--upstream-auth",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", dest="upstream_auth",
|
2016-07-18 06:10:21 +00:00
|
|
|
type=str,
|
2016-03-01 09:40:32 +00:00
|
|
|
help="""
|
2016-11-12 22:50:28 +00:00
|
|
|
Add HTTP Basic authentcation to upstream proxy and reverse proxy
|
|
|
|
|
requests. Format: username:password
|
2016-03-01 09:40:32 +00:00
|
|
|
"""
|
|
|
|
|
)
|
2016-11-13 20:26:50 +00:00
|
|
|
|
2015-09-10 22:00:00 +00:00
|
|
|
rawtcp = group.add_mutually_exclusive_group()
|
|
|
|
|
rawtcp.add_argument("--raw-tcp", action="store_true", dest="rawtcp")
|
|
|
|
|
rawtcp.add_argument("--no-raw-tcp", action="store_false", dest="rawtcp",
|
2016-01-27 09:12:18 +00:00
|
|
|
help="Explicitly enable/disable experimental raw tcp support. "
|
|
|
|
|
"Disabled by default. "
|
|
|
|
|
"Default value will change in a future version."
|
|
|
|
|
)
|
2016-11-13 20:26:50 +00:00
|
|
|
|
2016-09-03 12:22:09 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--spoof-source-address",
|
|
|
|
|
action="store_true", dest="spoof_source_address",
|
2016-11-16 13:50:36 +00:00
|
|
|
help="Use the client's IP for server-side connections. "
|
|
|
|
|
"Combine with --upstream-bind-address to spoof a fixed source address."
|
2016-09-03 12:22:09 +00:00
|
|
|
)
|
2016-11-12 05:52:14 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--upstream-bind-address",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store", type=str, dest="upstream_bind_address",
|
2016-11-12 05:52:14 +00:00
|
|
|
help="Address to bind upstream requests to (defaults to none)"
|
|
|
|
|
)
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def proxy_ssl_options(parser):
|
|
|
|
|
# TODO: Agree to consistently either use "upstream" or "server".
|
|
|
|
|
group = parser.add_argument_group("SSL")
|
2014-03-13 22:43:26 +00:00
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--cert",
|
|
|
|
|
dest='certs',
|
|
|
|
|
type=str,
|
|
|
|
|
metavar="SPEC",
|
|
|
|
|
action="append",
|
|
|
|
|
help='Add an SSL certificate. SPEC is of the form "[domain=]path". '
|
|
|
|
|
'The domain may include a wildcard, and is equal to "*" if not specified. '
|
|
|
|
|
'The file at path is a certificate in PEM format. If a private key is included '
|
|
|
|
|
'in the PEM, it is used, else the default key in the conf dir is used. '
|
|
|
|
|
'The PEM file should contain the full certificate chain, with the leaf certificate '
|
|
|
|
|
'as the first entry. Can be passed multiple times.')
|
2014-10-08 23:58:54 +00:00
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--ciphers-client", action="store",
|
2016-12-07 21:18:50 +00:00
|
|
|
type=str, dest="ciphers_client",
|
2015-08-27 23:51:13 +00:00
|
|
|
help="Set supported ciphers for client connections. (OpenSSL Syntax)"
|
2014-10-08 23:58:54 +00:00
|
|
|
)
|
2014-03-13 22:43:26 +00:00
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--ciphers-server", action="store",
|
2016-12-05 02:55:43 +00:00
|
|
|
type=str, dest="ciphers_server",
|
2015-08-27 23:51:13 +00:00
|
|
|
help="Set supported ciphers for server connections. (OpenSSL Syntax)"
|
2013-03-17 04:31:35 +00:00
|
|
|
)
|
2014-08-09 01:03:21 +00:00
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--client-certs", action="store",
|
2016-12-05 02:55:43 +00:00
|
|
|
type=str, dest="clientcerts",
|
2015-12-28 20:20:45 +00:00
|
|
|
help="Client certificate file or directory."
|
2014-08-09 01:03:21 +00:00
|
|
|
)
|
2015-06-20 12:43:50 +00:00
|
|
|
group.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--no-upstream-cert",
|
2015-08-27 23:51:13 +00:00
|
|
|
action="store_true", dest="no_upstream_cert",
|
|
|
|
|
help="Don't connect to upstream server to look up certificate details."
|
2015-06-20 15:51:56 +00:00
|
|
|
)
|
2016-03-16 22:45:27 +00:00
|
|
|
group.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--add-upstream-certs-to-client-chain",
|
2016-03-16 19:20:18 +00:00
|
|
|
action="store_true", dest="add_upstream_certs_to_client_chain",
|
|
|
|
|
help="Add all certificates of the upstream server to the certificate chain "
|
|
|
|
|
"that will be served to the proxy client, as extras."
|
2016-03-02 15:23:33 +00:00
|
|
|
)
|
2016-03-16 22:45:27 +00:00
|
|
|
group.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--insecure",
|
2016-07-28 00:57:38 +00:00
|
|
|
action="store_true", dest="ssl_insecure",
|
|
|
|
|
help="Do not verify upstream server SSL/TLS certificates."
|
2015-06-20 15:51:56 +00:00
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--upstream-trusted-cadir", action="store",
|
2015-08-27 23:51:13 +00:00
|
|
|
dest="ssl_verify_upstream_trusted_cadir",
|
|
|
|
|
help="Path to a directory of trusted CA certificates for upstream "
|
|
|
|
|
"server verification prepared using the c_rehash tool."
|
2015-06-20 12:43:50 +00:00
|
|
|
)
|
2015-08-27 23:51:13 +00:00
|
|
|
group.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--upstream-trusted-ca", action="store",
|
2015-08-27 23:51:13 +00:00
|
|
|
dest="ssl_verify_upstream_trusted_ca",
|
|
|
|
|
help="Path to a PEM formatted trusted CA certificate."
|
2014-03-13 22:43:26 +00:00
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--ssl-version-client", dest="ssl_version_client",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store",
|
2016-06-01 02:06:57 +00:00
|
|
|
choices=tcp.sslversion_choices.keys(),
|
2015-08-29 10:34:01 +00:00
|
|
|
help="Set supported SSL/TLS versions for client connections. "
|
2015-08-27 23:51:13 +00:00
|
|
|
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
2014-03-13 22:43:26 +00:00
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2015-08-27 23:51:13 +00:00
|
|
|
"--ssl-version-server", dest="ssl_version_server",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store",
|
2016-06-01 02:06:57 +00:00
|
|
|
choices=tcp.sslversion_choices.keys(),
|
2015-08-29 10:34:01 +00:00
|
|
|
help="Set supported SSL/TLS versions for server connections. "
|
2015-08-27 23:51:13 +00:00
|
|
|
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
2012-02-27 02:05:45 +00:00
|
|
|
)
|
2014-03-13 22:43:26 +00:00
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def onboarding_app(parser):
|
2014-09-14 00:22:28 +00:00
|
|
|
group = parser.add_argument_group("Onboarding App")
|
2013-03-24 20:20:26 +00:00
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--no-onboarding",
|
|
|
|
|
action="store_false", dest="onboarding",
|
2014-09-14 00:22:28 +00:00
|
|
|
help="Disable the mitmproxy onboarding app."
|
2013-03-24 20:20:26 +00:00
|
|
|
)
|
2013-07-23 22:32:56 +00:00
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--onboarding-host",
|
|
|
|
|
action="store", dest="onboarding_host",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Domain to serve the onboarding app from. For transparent mode, use
|
|
|
|
|
an IP when a DNS entry for the app domain is not present. Default:
|
|
|
|
|
%s
|
2016-07-19 23:10:15 +00:00
|
|
|
""" % options.APP_HOST
|
2013-07-23 22:32:56 +00:00
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--onboarding-port",
|
2014-11-15 03:14:08 +00:00
|
|
|
action="store",
|
2017-01-28 23:28:52 +00:00
|
|
|
dest="onboarding_port",
|
2014-11-15 03:14:08 +00:00
|
|
|
type=int,
|
|
|
|
|
metavar="80",
|
2014-09-14 00:22:28 +00:00
|
|
|
help="Port to serve the onboarding app from."
|
2013-08-18 18:03:53 +00:00
|
|
|
)
|
2013-03-24 20:20:26 +00:00
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def client_replay(parser):
|
2012-08-17 17:04:39 +00:00
|
|
|
group = parser.add_argument_group("Client Replay")
|
|
|
|
|
group.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-c", "--client-replay",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", dest="client_replay", metavar="PATH",
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Replay client requests from a saved file."
|
|
|
|
|
)
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def server_replay(parser):
|
2012-08-17 17:04:39 +00:00
|
|
|
group = parser.add_argument_group("Server Replay")
|
|
|
|
|
group.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-S", "--server-replay",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", dest="server_replay", metavar="PATH",
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Replay server responses from a saved file."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2016-09-09 21:48:41 +00:00
|
|
|
"-k", "--replay-kill-extra",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="replay_kill_extra",
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Kill extra requests during replay."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2016-09-09 22:02:31 +00:00
|
|
|
"--server-replay-use-header",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", dest="server_replay_use_headers", type=str,
|
2011-03-12 01:30:12 +00:00
|
|
|
help="Request headers to be considered during replay. "
|
2014-07-21 19:06:55 +00:00
|
|
|
"Can be passed multiple times."
|
2011-03-12 01:30:12 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2011-03-12 01:30:12 +00:00
|
|
|
"--norefresh",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="norefresh",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Disable response refresh, which updates times in cookies and headers
|
|
|
|
|
for replayed responses.
|
|
|
|
|
"""
|
2011-03-12 01:30:12 +00:00
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2012-03-05 09:05:11 +00:00
|
|
|
"--no-pop",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="server_replay_nopop",
|
2012-03-05 09:56:03 +00:00
|
|
|
help="Disable response pop from response flow. "
|
2014-07-21 19:06:55 +00:00
|
|
|
"This makes it possible to replay same response multiple times."
|
2012-03-05 09:05:11 +00:00
|
|
|
)
|
2014-12-18 20:56:27 +00:00
|
|
|
payload = group.add_mutually_exclusive_group()
|
|
|
|
|
payload.add_argument(
|
2014-10-03 10:29:44 +00:00
|
|
|
"--replay-ignore-content",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="server_replay_ignore_content",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Ignore request's content while searching for a saved flow to replay
|
|
|
|
|
"""
|
2014-10-03 10:29:44 +00:00
|
|
|
)
|
2014-12-18 20:56:27 +00:00
|
|
|
payload.add_argument(
|
|
|
|
|
"--replay-ignore-payload-param",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", dest="server_replay_ignore_payload_params", type=str,
|
2014-12-18 20:56:27 +00:00
|
|
|
help="""
|
2015-03-27 14:30:19 +00:00
|
|
|
Request's payload parameters (application/x-www-form-urlencoded or multipart/form-data) to
|
2014-12-28 02:07:44 +00:00
|
|
|
be ignored while searching for a saved flow to replay.
|
|
|
|
|
Can be passed multiple times.
|
2014-12-18 20:56:27 +00:00
|
|
|
"""
|
|
|
|
|
)
|
|
|
|
|
|
2014-10-03 10:29:44 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--replay-ignore-param",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", dest="server_replay_ignore_params", type=str,
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Request's parameters to be ignored while searching for a saved flow
|
|
|
|
|
to replay. Can be passed multiple times.
|
|
|
|
|
"""
|
2014-10-08 23:58:54 +00:00
|
|
|
)
|
2015-03-07 16:38:18 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--replay-ignore-host",
|
2015-05-30 00:03:28 +00:00
|
|
|
action="store_true",
|
2016-09-09 22:21:52 +00:00
|
|
|
dest="server_replay_ignore_host",
|
2015-05-30 00:03:28 +00:00
|
|
|
help="Ignore request's destination host while searching for a saved flow to replay")
|
2012-03-17 04:20:34 +00:00
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def replacements(parser):
|
2012-08-17 17:04:39 +00:00
|
|
|
group = parser.add_argument_group(
|
2012-03-17 04:20:34 +00:00
|
|
|
"Replacements",
|
|
|
|
|
"""
|
|
|
|
|
Replacements are of the form "/pattern/regex/replacement", where
|
|
|
|
|
the separator can be any character. Please see the documentation
|
|
|
|
|
for more information.
|
|
|
|
|
""".strip()
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2012-03-17 04:20:34 +00:00
|
|
|
"--replace",
|
2017-01-31 22:01:47 +00:00
|
|
|
action="append", type=str, dest="replacements",
|
2012-03-17 04:20:34 +00:00
|
|
|
metavar="PATTERN",
|
|
|
|
|
help="Replacement pattern."
|
|
|
|
|
)
|
2012-08-17 17:04:39 +00:00
|
|
|
group.add_argument(
|
2012-03-17 04:20:34 +00:00
|
|
|
"--replace-from-file",
|
2017-01-31 22:01:47 +00:00
|
|
|
action="append", type=str, dest="replacement_files",
|
2015-08-27 23:51:13 +00:00
|
|
|
metavar="PATH",
|
|
|
|
|
help="""
|
2014-11-15 03:14:08 +00:00
|
|
|
Replacement pattern, where the replacement clause is a path to a
|
|
|
|
|
file.
|
|
|
|
|
"""
|
2012-03-17 04:20:34 +00:00
|
|
|
)
|
2011-03-12 01:30:12 +00:00
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def set_headers(parser):
|
2012-08-18 12:14:16 +00:00
|
|
|
group = parser.add_argument_group(
|
|
|
|
|
"Set Headers",
|
|
|
|
|
"""
|
|
|
|
|
Header specifications are of the form "/pattern/header/value",
|
|
|
|
|
where the separator can be any character. Please see the
|
|
|
|
|
documentation for more information.
|
|
|
|
|
""".strip()
|
|
|
|
|
)
|
2012-08-17 17:13:56 +00:00
|
|
|
group.add_argument(
|
2012-08-18 12:14:16 +00:00
|
|
|
"--setheader",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="append", type=str, dest="setheader",
|
2012-08-18 12:14:16 +00:00
|
|
|
metavar="PATTERN",
|
|
|
|
|
help="Header set pattern."
|
2012-08-06 21:09:35 +00:00
|
|
|
)
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def proxy_authentication(parser):
|
2012-12-30 09:41:58 +00:00
|
|
|
group = parser.add_argument_group(
|
|
|
|
|
"Proxy Authentication",
|
|
|
|
|
"""
|
2013-01-02 04:35:44 +00:00
|
|
|
Specify which users are allowed to access the proxy and the method
|
2014-09-06 10:23:05 +00:00
|
|
|
used for authenticating them.
|
2013-01-02 04:35:44 +00:00
|
|
|
"""
|
2015-08-27 23:51:13 +00:00
|
|
|
).add_mutually_exclusive_group()
|
|
|
|
|
group.add_argument(
|
2012-12-30 09:41:58 +00:00
|
|
|
"--nonanonymous",
|
|
|
|
|
action="store_true", dest="auth_nonanonymous",
|
2013-01-02 04:35:44 +00:00
|
|
|
help="Allow access to any user long as a credentials are specified."
|
2012-12-30 09:41:58 +00:00
|
|
|
)
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
group.add_argument(
|
2012-12-30 09:41:58 +00:00
|
|
|
"--singleuser",
|
|
|
|
|
action="store", dest="auth_singleuser", type=str,
|
2013-01-02 04:35:44 +00:00
|
|
|
metavar="USER",
|
2014-11-15 03:14:08 +00:00
|
|
|
help="""
|
|
|
|
|
Allows access to a a single user, specified in the form
|
|
|
|
|
username:password.
|
|
|
|
|
"""
|
2012-12-30 09:41:58 +00:00
|
|
|
)
|
2015-08-27 23:51:13 +00:00
|
|
|
group.add_argument(
|
2012-12-30 09:41:58 +00:00
|
|
|
"--htpasswd",
|
2014-08-17 21:06:25 +00:00
|
|
|
action="store", dest="auth_htpasswd", type=str,
|
2013-01-02 04:35:44 +00:00
|
|
|
metavar="PATH",
|
2012-12-30 09:41:58 +00:00
|
|
|
help="Allow access to users specified in an Apache htpasswd file."
|
|
|
|
|
)
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
|
|
|
|
|
def common_options(parser):
|
2016-12-05 02:55:43 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--conf",
|
|
|
|
|
type=str, dest="conf", default=CONFIG_PATH,
|
|
|
|
|
metavar="PATH",
|
|
|
|
|
help="""
|
|
|
|
|
Configuration file
|
|
|
|
|
"""
|
|
|
|
|
)
|
|
|
|
|
|
2015-08-27 23:51:13 +00:00
|
|
|
basic_options(parser)
|
|
|
|
|
proxy_modes(parser)
|
|
|
|
|
proxy_options(parser)
|
|
|
|
|
proxy_ssl_options(parser)
|
|
|
|
|
onboarding_app(parser)
|
|
|
|
|
client_replay(parser)
|
|
|
|
|
server_replay(parser)
|
|
|
|
|
replacements(parser)
|
|
|
|
|
set_headers(parser)
|
|
|
|
|
proxy_authentication(parser)
|
2014-11-15 03:29:38 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def mitmproxy():
|
2016-10-19 02:25:39 +00:00
|
|
|
# Don't import mitmproxy.tools.console for mitmdump, urwid is not available on all
|
2014-11-15 03:29:38 +00:00
|
|
|
# platforms.
|
|
|
|
|
from .console import palettes
|
|
|
|
|
|
2016-12-05 02:55:43 +00:00
|
|
|
parser = argparse.ArgumentParser(usage="%(prog)s [options]")
|
2014-11-15 03:29:38 +00:00
|
|
|
common_options(parser)
|
|
|
|
|
parser.add_argument(
|
2016-12-05 02:55:43 +00:00
|
|
|
"--palette", type=str,
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store", dest="console_palette",
|
2015-03-12 11:56:47 +00:00
|
|
|
choices=sorted(palettes.palettes.keys()),
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Select color palette: " + ", ".join(palettes.palettes.keys())
|
|
|
|
|
)
|
2015-04-06 22:01:18 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--palette-transparent",
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store_true", dest="console_palette_transparent",
|
2015-04-06 22:01:18 +00:00
|
|
|
help="Set transparent background for palette."
|
|
|
|
|
)
|
2014-11-15 03:29:38 +00:00
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-e", "--eventlog",
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store_true", dest="console_eventlog",
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Show event log."
|
|
|
|
|
)
|
2016-01-22 21:11:03 +00:00
|
|
|
parser.add_argument(
|
2016-07-30 16:18:54 +00:00
|
|
|
"--follow",
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store_true", dest="console_focus_follow",
|
2016-10-30 06:47:32 +00:00
|
|
|
help="Focus follows new flows."
|
2016-01-22 21:11:03 +00:00
|
|
|
)
|
2016-10-30 04:42:34 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--order",
|
2017-01-28 23:28:52 +00:00
|
|
|
type=str, dest="console_order",
|
2016-10-30 04:42:34 +00:00
|
|
|
choices=[o[1] for o in view.orders],
|
|
|
|
|
help="Flow sort order."
|
|
|
|
|
)
|
2015-08-19 20:07:39 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"--no-mouse",
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store_true", dest="console_no_mouse",
|
2015-08-19 20:07:39 +00:00
|
|
|
help="Disable mouse interaction."
|
|
|
|
|
)
|
2014-11-15 03:29:38 +00:00
|
|
|
group = parser.add_argument_group(
|
|
|
|
|
"Filters",
|
|
|
|
|
"See help in mitmproxy for filter expression syntax."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
|
|
|
|
"-i", "--intercept", action="store",
|
2016-12-05 02:55:43 +00:00
|
|
|
type=str, dest="intercept",
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Intercept filter expression."
|
|
|
|
|
)
|
2015-04-15 00:56:43 +00:00
|
|
|
group.add_argument(
|
2016-07-30 16:18:54 +00:00
|
|
|
"-f", "--filter", action="store",
|
2016-12-05 02:55:43 +00:00
|
|
|
type=str, dest="filter",
|
2016-07-30 16:18:54 +00:00
|
|
|
help="Filter view expression."
|
2015-04-15 00:56:43 +00:00
|
|
|
)
|
2014-11-15 03:29:38 +00:00
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def mitmdump():
|
2016-12-05 02:55:43 +00:00
|
|
|
parser = argparse.ArgumentParser(usage="%(prog)s [options] [filter]")
|
2014-11-15 03:29:38 +00:00
|
|
|
|
|
|
|
|
common_options(parser)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
"--keepserving",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="store_true", dest="keepserving",
|
2015-08-27 23:51:13 +00:00
|
|
|
help="""
|
2014-11-15 03:29:38 +00:00
|
|
|
Continue serving after client playback or file read. We exit by
|
|
|
|
|
default.
|
|
|
|
|
"""
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
2014-11-15 04:41:04 +00:00
|
|
|
"-d", "--detail",
|
2016-12-05 02:55:43 +00:00
|
|
|
action="count", dest="flow_detail",
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Increase flow detail display level. Can be passed multiple times."
|
|
|
|
|
)
|
2016-11-25 20:59:13 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
'filter',
|
|
|
|
|
nargs="...",
|
|
|
|
|
help="""
|
|
|
|
|
Filter view expression, used to only show flows that match a certain filter.
|
|
|
|
|
See help in mitmproxy for filter expression syntax.
|
|
|
|
|
"""
|
|
|
|
|
)
|
2014-11-15 03:29:38 +00:00
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def mitmweb():
|
2016-12-05 02:55:43 +00:00
|
|
|
parser = argparse.ArgumentParser(usage="%(prog)s [options]")
|
2014-11-15 03:29:38 +00:00
|
|
|
|
|
|
|
|
group = parser.add_argument_group("Mitmweb")
|
2016-11-24 15:37:45 +00:00
|
|
|
group.add_argument(
|
|
|
|
|
"--no-browser",
|
2017-01-28 23:28:52 +00:00
|
|
|
action="store_false", dest="web_open_browser",
|
2016-11-24 15:37:45 +00:00
|
|
|
help="Don't start a browser"
|
|
|
|
|
)
|
2014-11-15 03:29:38 +00:00
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--web-port",
|
|
|
|
|
action="store", type=int, dest="web_port",
|
2014-11-15 03:29:38 +00:00
|
|
|
metavar="PORT",
|
|
|
|
|
help="Mitmweb port."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--web-iface",
|
|
|
|
|
action="store", dest="web_iface",
|
2014-11-15 03:29:38 +00:00
|
|
|
metavar="IFACE",
|
|
|
|
|
help="Mitmweb interface."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
2017-01-28 23:28:52 +00:00
|
|
|
"--web-debug",
|
|
|
|
|
action="store_true", dest="web_debug",
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Turn on mitmweb debugging"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
common_options(parser)
|
|
|
|
|
group = parser.add_argument_group(
|
|
|
|
|
"Filters",
|
|
|
|
|
"See help in mitmproxy for filter expression syntax."
|
|
|
|
|
)
|
|
|
|
|
group.add_argument(
|
|
|
|
|
"-i", "--intercept", action="store",
|
2016-12-05 02:55:43 +00:00
|
|
|
type=str, dest="intercept",
|
2014-11-15 03:29:38 +00:00
|
|
|
help="Intercept filter expression."
|
|
|
|
|
)
|
|
|
|
|
return parser
|
