mitmproxy/examples/contrib/dns_spoofing.py

"""
This script makes it possible to use mitmproxy in scenarios where IP spoofing
has been used to redirect connections to mitmproxy. The way this works is that
we rely on either the TLS Server Name Indication (SNI) or the Host header of the
HTTP request. Of course, this is not foolproof - if an HTTPS connection comes
without SNI, we don't know the actual target and cannot construct a certificate
that looks valid. Similarly, if there's no Host header or a spoofed Host header,
we're out of luck as well. Using transparent mode is the better option most of
the time.

Usage:
    mitmproxy
        -p 443
        -s dns_spoofing.py
        # Used as the target location if neither SNI nor host header are present.
        --mode reverse:http://example.com/
        # To avoid auto rewriting of host header by the reverse proxy target.
        --set keep_host_header
    mitmdump
        -p 80
        --mode reverse:http://localhost:443/

    (Setting up a single proxy instance and using iptables to redirect to it
    works as well)
"""
import re

# This regex extracts splits the host header into host and port.
# Handles the edge case of IPv6 addresses containing colons.
# https://bugzilla.mozilla.org/show_bug.cgi?id=45891
parse_host_header = re.compile(r"^(?P<host>[^:]+|\[.+\])(?::(?P<port>\d+))?$")


class Rerouter:
    def request(self, flow):
        if flow.client_conn.tls_established:
            flow.request.scheme = "https"
            sni = flow.client_conn.connection.get_servername()
            port = 443
        else:
            flow.request.scheme = "http"
            sni = None
            port = 80

        host_header = flow.request.host_header
        m = parse_host_header.match(host_header)
        if m:
            host_header = m.group("host").strip("[]")
            if m.group("port"):
                port = int(m.group("port"))

        flow.request.host_header = host_header
        flow.request.host = sni or host_header
        flow.request.port = port


addons = [Rerouter()]
add example inline script for dns spoofing, refs #486 2015-02-27 11:55:16 +00:00			`"""`
Enable custom options for addons - Add an options parameter to the start() event. This is to be used by addons on startup to add custom options. - Add a running() event that is called once the proxy is up and running. - With the new paradigm we can't log during master __init__, so add a tiny termstatus addon to print proxy status to terminal once we're running. 2017-03-09 00:52:58 +00:00			`This script makes it possible to use mitmproxy in scenarios where IP spoofing`
			`has been used to redirect connections to mitmproxy. The way this works is that`
			`we rely on either the TLS Server Name Indication (SNI) or the Host header of the`
			`HTTP request. Of course, this is not foolproof - if an HTTPS connection comes`
			`without SNI, we don't know the actual target and cannot construct a certificate`
			`that looks valid. Similarly, if there's no Host header or a spoofed Host header,`
			`we're out of luck as well. Using transparent mode is the better option most of`
			`the time.`
add example inline script for dns spoofing, refs #486 2015-02-27 11:55:16 +00:00
			`Usage:`
			`mitmproxy`
			`-p 443`
fix dns_spoofing example, avoid connecting to itself 2015-08-31 11:43:30 +00:00			`-s dns_spoofing.py`
			`# Used as the target location if neither SNI nor host header are present.`
Update CLI usage instructions 2018-06-26 11:09:45 +00:00			`--mode reverse:http://example.com/`
Changes dns_spoofing example to use --keep-host-header 2017-02-23 10:49:18 +00:00			`# To avoid auto rewriting of host header by the reverse proxy target.`
Corrected keep_host_header usage option I tested this locally to verify this change is correct. 2018-10-25 21:15:55 +00:00			`--set keep_host_header`
fix dns_spoofing example, avoid connecting to itself 2015-08-31 11:43:30 +00:00			`mitmdump`
			`-p 80`
Update CLI usage instructions 2018-06-26 11:09:45 +00:00			`--mode reverse:http://localhost:443/`
add example inline script for dns spoofing, refs #486 2015-02-27 11:55:16 +00:00
fix dns_spoofing example, avoid connecting to itself 2015-08-31 11:43:30 +00:00			`(Setting up a single proxy instance and using iptables to redirect to it`
			`works as well)`
add example inline script for dns spoofing, refs #486 2015-02-27 11:55:16 +00:00			`"""`
fix dns_spoofing example, avoid connecting to itself 2015-08-31 11:43:30 +00:00			`import re`

			`# This regex extracts splits the host header into host and port.`
			`# Handles the edge case of IPv6 addresses containing colons.`
			`# https://bugzilla.mozilla.org/show_bug.cgi?id=45891`
			`parse_host_header = re.compile(r"^(?P<host>[^:]+\|\[.+\])(?::(?P<port>\d+))?$")`
add example inline script for dns spoofing, refs #486 2015-02-27 11:55:16 +00:00
Add blank lines for lint 2017-01-21 08:39:34 +00:00
Change class name 2017-01-20 22:48:26 +00:00			`class Rerouter:`
Get the the original header in requestheaders instead of request 2017-01-20 22:43:53 +00:00			`def request(self, flow):`
rename TLS/SSL-related attributes SSL is an outdated protocol superseeded by TLS. Although the commonly used library is called OpenSSL, it is no reason to still use outdated language for attributes. 2018-01-05 21:46:23 +00:00			`if flow.client_conn.tls_established:`
Get the the original header in requestheaders instead of request 2017-01-20 22:43:53 +00:00			`flow.request.scheme = "https"`
			`sni = flow.client_conn.connection.get_servername()`
			`port = 443`
			`else:`
			`flow.request.scheme = "http"`
			`sni = None`
			`port = 80`

Changes dns_spoofing example to use --keep-host-header 2017-02-23 10:49:18 +00:00			`host_header = flow.request.host_header`
Store original host in flow metadata 2017-01-29 13:33:53 +00:00			`m = parse_host_header.match(host_header)`
Get the the original header in requestheaders instead of request 2017-01-20 22:43:53 +00:00			`if m:`
Store original host in flow metadata 2017-01-29 13:33:53 +00:00			`host_header = m.group("host").strip("[]")`
Get the the original header in requestheaders instead of request 2017-01-20 22:43:53 +00:00			`if m.group("port"):`
			`port = int(m.group("port"))`

.headers["host"] -> .host_header 2017-02-17 22:43:18 +00:00			`flow.request.host_header = host_header`
Store original host in flow metadata 2017-01-29 13:33:53 +00:00			`flow.request.host = sni or host_header`
Get the the original header in requestheaders instead of request 2017-01-20 22:43:53 +00:00			`flow.request.port = port`

Add blank lines for lint 2017-01-21 08:39:34 +00:00
Revamp how addons work - Addons now nest, which means that addons can manage addons. This has a number of salutary effects - the scripts addon no longer has to poke into the global addons list, we no longer have to replace/remove/boot-outof parent addons when we load scripts, and this paves the way for making our top-level tools into addons themselves. - All addon calls are now wrapped in a safe execution environment where exceptions are caught, and output to stdout/stderr are intercepted and turned into logs. - We no longer support script arguments in sys.argv - creating an option properly is the only way to pass arguments. This means that all scripts are always directly controllable from interctive tooling, and that arguments are type-checked. For now, I've disabled testing of the har dump example - it needs to be moved to the new argument handling, and become a class addon. I'll address that in a separate patch. 2017-04-25 07:06:24 +00:00			`addons = [Rerouter()]`