2014-03-10 21:36:47 +00:00
|
|
|
from __future__ import absolute_import
|
2014-03-11 01:16:22 +00:00
|
|
|
import copy
|
|
|
|
import netlib.tcp
|
2014-02-04 04:02:17 +00:00
|
|
|
from .. import stateobject, utils, version
|
2014-03-09 20:51:24 +00:00
|
|
|
from ..proxy.connection import ClientConnection, ServerConnection
|
2014-02-04 04:02:17 +00:00
|
|
|
|
|
|
|
|
2014-03-10 20:57:50 +00:00
|
|
|
KILL = 0 # const for killed requests
|
|
|
|
|
|
|
|
|
2014-09-16 23:35:14 +00:00
|
|
|
class Error(stateobject.StateObject):
|
2014-02-04 04:02:17 +00:00
|
|
|
"""
|
|
|
|
An Error.
|
|
|
|
|
2014-09-16 21:40:25 +00:00
|
|
|
This is distinct from an protocol error response (say, a HTTP code 500),
|
|
|
|
which is represented by a normal HTTPResponse object. This class is
|
|
|
|
responsible for indicating errors that fall outside of normal protocol
|
|
|
|
communications, like interrupted connections, timeouts, protocol errors.
|
2014-02-04 04:02:17 +00:00
|
|
|
|
|
|
|
Exposes the following attributes:
|
|
|
|
|
|
|
|
flow: Flow object
|
|
|
|
msg: Message describing the error
|
|
|
|
timestamp: Seconds since the epoch
|
|
|
|
"""
|
|
|
|
def __init__(self, msg, timestamp=None):
|
|
|
|
"""
|
|
|
|
@type msg: str
|
|
|
|
@type timestamp: float
|
|
|
|
"""
|
2014-02-05 13:33:17 +00:00
|
|
|
self.flow = None # will usually be set by the flow backref mixin
|
2014-02-04 04:02:17 +00:00
|
|
|
self.msg = msg
|
|
|
|
self.timestamp = timestamp or utils.timestamp()
|
|
|
|
|
|
|
|
_stateobject_attributes = dict(
|
|
|
|
msg=str,
|
|
|
|
timestamp=float
|
|
|
|
)
|
|
|
|
|
2014-02-07 17:14:15 +00:00
|
|
|
def __str__(self):
|
|
|
|
return self.msg
|
|
|
|
|
2014-02-04 04:02:17 +00:00
|
|
|
@classmethod
|
2014-09-16 23:35:14 +00:00
|
|
|
def from_state(cls, state):
|
2014-09-16 21:40:25 +00:00
|
|
|
# the default implementation assumes an empty constructor. Override
|
|
|
|
# accordingly.
|
|
|
|
f = cls(None)
|
2014-09-16 23:35:14 +00:00
|
|
|
f.load_state(state)
|
2014-02-04 04:02:17 +00:00
|
|
|
return f
|
|
|
|
|
|
|
|
def copy(self):
|
|
|
|
c = copy.copy(self)
|
|
|
|
return c
|
|
|
|
|
|
|
|
|
2014-09-16 23:35:14 +00:00
|
|
|
class Flow(stateobject.StateObject):
|
2014-09-05 13:16:20 +00:00
|
|
|
"""
|
|
|
|
A Flow is a collection of objects representing a single transaction.
|
|
|
|
This class is usually subclassed for each protocol, e.g. HTTPFlow.
|
|
|
|
"""
|
2014-08-24 12:22:11 +00:00
|
|
|
def __init__(self, conntype, client_conn, server_conn, live=None):
|
2014-02-04 04:02:17 +00:00
|
|
|
self.conntype = conntype
|
|
|
|
self.client_conn = client_conn
|
2014-02-05 19:26:47 +00:00
|
|
|
"""@type: ClientConnection"""
|
2014-02-04 04:02:17 +00:00
|
|
|
self.server_conn = server_conn
|
2014-02-05 19:26:47 +00:00
|
|
|
"""@type: ServerConnection"""
|
2014-09-03 21:44:54 +00:00
|
|
|
self.live = live
|
2014-08-24 12:22:11 +00:00
|
|
|
"""@type: LiveConnection"""
|
2014-02-05 19:26:47 +00:00
|
|
|
|
2014-02-04 04:02:17 +00:00
|
|
|
self.error = None
|
2014-02-05 19:26:47 +00:00
|
|
|
"""@type: Error"""
|
|
|
|
self._backup = None
|
2014-02-04 04:02:17 +00:00
|
|
|
|
|
|
|
_stateobject_attributes = dict(
|
|
|
|
error=Error,
|
|
|
|
client_conn=ClientConnection,
|
|
|
|
server_conn=ServerConnection,
|
|
|
|
conntype=str
|
|
|
|
)
|
|
|
|
|
2014-09-17 01:58:56 +00:00
|
|
|
def get_state(self, short=False):
|
|
|
|
d = super(Flow, self).get_state(short)
|
2014-02-04 04:02:17 +00:00
|
|
|
d.update(version=version.IVERSION)
|
|
|
|
return d
|
|
|
|
|
2014-02-05 13:33:17 +00:00
|
|
|
def __eq__(self, other):
|
|
|
|
return self is other
|
|
|
|
|
2014-02-04 04:02:17 +00:00
|
|
|
def copy(self):
|
|
|
|
f = copy.copy(self)
|
|
|
|
|
|
|
|
f.client_conn = self.client_conn.copy()
|
|
|
|
f.server_conn = self.server_conn.copy()
|
|
|
|
|
|
|
|
if self.error:
|
|
|
|
f.error = self.error.copy()
|
|
|
|
return f
|
|
|
|
|
|
|
|
def modified(self):
|
|
|
|
"""
|
|
|
|
Has this Flow been modified?
|
|
|
|
"""
|
|
|
|
if self._backup:
|
2014-09-16 23:35:14 +00:00
|
|
|
return self._backup != self.get_state()
|
2014-02-04 04:02:17 +00:00
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
|
|
|
def backup(self, force=False):
|
|
|
|
"""
|
|
|
|
Save a backup of this Flow, which can be reverted to using a
|
|
|
|
call to .revert().
|
|
|
|
"""
|
|
|
|
if not self._backup:
|
2014-09-16 23:35:14 +00:00
|
|
|
self._backup = self.get_state()
|
2014-02-04 04:02:17 +00:00
|
|
|
|
|
|
|
def revert(self):
|
|
|
|
"""
|
|
|
|
Revert to the last backed up state.
|
|
|
|
"""
|
|
|
|
if self._backup:
|
2014-09-16 23:35:14 +00:00
|
|
|
self.load_state(self._backup)
|
2014-03-10 20:57:50 +00:00
|
|
|
self._backup = None
|
|
|
|
|
|
|
|
|
|
|
|
class ProtocolHandler(object):
|
2014-09-05 13:16:20 +00:00
|
|
|
"""
|
|
|
|
A ProtocolHandler implements an application-layer protocol, e.g. HTTP.
|
|
|
|
See: libmproxy.protocol.http.HTTPHandler
|
|
|
|
"""
|
2014-03-10 20:57:50 +00:00
|
|
|
def __init__(self, c):
|
|
|
|
self.c = c
|
2014-07-27 00:10:39 +00:00
|
|
|
"""@type: libmproxy.proxy.server.ConnectionHandler"""
|
2014-08-24 12:22:11 +00:00
|
|
|
self.live = LiveConnection(c)
|
|
|
|
"""@type: LiveConnection"""
|
2014-03-10 20:57:50 +00:00
|
|
|
|
|
|
|
def handle_messages(self):
|
|
|
|
"""
|
2014-09-16 21:40:25 +00:00
|
|
|
This method gets called if a client connection has been made. Depending
|
|
|
|
on the proxy settings, a server connection might already exist as well.
|
2014-03-10 20:57:50 +00:00
|
|
|
"""
|
|
|
|
raise NotImplementedError # pragma: nocover
|
|
|
|
|
2014-08-08 00:45:24 +00:00
|
|
|
def handle_server_reconnect(self, state):
|
|
|
|
"""
|
2014-09-16 21:40:25 +00:00
|
|
|
This method gets called if a server connection needs to reconnect and
|
|
|
|
there's a state associated with the server connection (e.g. a
|
|
|
|
previously-sent CONNECT request or a SOCKS proxy request). This method
|
|
|
|
gets called after the connection has been restablished but before SSL is
|
|
|
|
established.
|
2014-08-08 00:45:24 +00:00
|
|
|
"""
|
|
|
|
raise NotImplementedError # pragma: nocover
|
|
|
|
|
2014-03-10 20:57:50 +00:00
|
|
|
def handle_error(self, error):
|
|
|
|
"""
|
2014-09-16 21:40:25 +00:00
|
|
|
This method gets called should there be an uncaught exception during the
|
|
|
|
connection. This might happen outside of handle_messages, e.g. if the
|
|
|
|
initial SSL handshake fails in transparent mode.
|
2014-03-10 20:57:50 +00:00
|
|
|
"""
|
|
|
|
raise error # pragma: nocover
|
|
|
|
|
|
|
|
|
2014-08-24 12:22:11 +00:00
|
|
|
class LiveConnection(object):
|
2014-03-10 20:57:50 +00:00
|
|
|
"""
|
2014-09-16 21:40:25 +00:00
|
|
|
This facade allows interested parties (FlowMaster, inline scripts) to
|
2014-09-16 21:54:17 +00:00
|
|
|
interface with a live connection, without exposing the internals
|
2014-09-16 21:40:25 +00:00
|
|
|
of the ConnectionHandler.
|
2014-03-10 20:57:50 +00:00
|
|
|
"""
|
2014-08-24 12:22:11 +00:00
|
|
|
def __init__(self, c):
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c = c
|
2014-08-24 12:22:11 +00:00
|
|
|
"""@type: libmproxy.proxy.server.ConnectionHandler"""
|
2014-09-05 13:16:20 +00:00
|
|
|
self._backup_server_conn = None
|
|
|
|
"""@type: libmproxy.proxy.connection.ServerConnection"""
|
2014-03-10 20:57:50 +00:00
|
|
|
|
2014-09-07 16:01:30 +00:00
|
|
|
def change_server(self, address, ssl=None, force=False, persistent_change=False):
|
|
|
|
"""
|
|
|
|
Change the server connection to the specified address.
|
|
|
|
@returns:
|
|
|
|
True, if a new connection has been established,
|
|
|
|
False, if an existing connection has been used
|
|
|
|
"""
|
2014-08-24 12:22:11 +00:00
|
|
|
address = netlib.tcp.Address.wrap(address)
|
2014-09-07 16:01:30 +00:00
|
|
|
|
|
|
|
ssl_mismatch = (ssl is not None and ssl != self.c.server_conn.ssl_established)
|
|
|
|
address_mismatch = (address != self.c.server_conn.address)
|
|
|
|
|
|
|
|
if persistent_change:
|
|
|
|
self._backup_server_conn = None
|
|
|
|
|
|
|
|
if ssl_mismatch or address_mismatch or force:
|
2014-08-24 12:22:11 +00:00
|
|
|
|
2014-09-16 21:54:17 +00:00
|
|
|
self.c.log(
|
|
|
|
"Change server connection: %s:%s -> %s:%s [persistent: %s]" % (
|
|
|
|
self.c.server_conn.address.host,
|
|
|
|
self.c.server_conn.address.port,
|
|
|
|
address.host,
|
|
|
|
address.port,
|
|
|
|
persistent_change
|
|
|
|
),
|
|
|
|
"debug"
|
|
|
|
)
|
2014-08-24 12:22:11 +00:00
|
|
|
|
2014-09-07 16:01:30 +00:00
|
|
|
if not self._backup_server_conn and not persistent_change:
|
2014-09-03 18:12:30 +00:00
|
|
|
self._backup_server_conn = self.c.server_conn
|
|
|
|
self.c.server_conn = None
|
2014-09-16 21:40:25 +00:00
|
|
|
else:
|
|
|
|
# This is at least the second temporary change. We can kill the
|
|
|
|
# current connection.
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c.del_server_connection()
|
2014-08-24 12:22:11 +00:00
|
|
|
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c.set_server_address(address)
|
|
|
|
self.c.establish_server_connection(ask=False)
|
2014-08-24 12:22:11 +00:00
|
|
|
if ssl:
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c.establish_ssl(server=True)
|
2014-09-07 16:01:30 +00:00
|
|
|
return True
|
|
|
|
return False
|
2014-03-10 20:57:50 +00:00
|
|
|
|
|
|
|
def restore_server(self):
|
2014-09-16 21:40:25 +00:00
|
|
|
# TODO: Similar to _backup_server_conn, introduce _cache_server_conn,
|
|
|
|
# which keeps the changed connection open This may be beneficial if a
|
|
|
|
# user is rewriting all requests from http to https or similar.
|
2014-09-03 18:12:30 +00:00
|
|
|
if not self._backup_server_conn:
|
2014-03-10 20:57:50 +00:00
|
|
|
return
|
|
|
|
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c.log("Restore original server connection: %s:%s -> %s:%s" % (
|
|
|
|
self.c.server_conn.address.host,
|
|
|
|
self.c.server_conn.address.port,
|
2014-03-11 01:16:22 +00:00
|
|
|
self._backup_server_conn.address.host,
|
|
|
|
self._backup_server_conn.address.port
|
2014-03-13 00:04:45 +00:00
|
|
|
), "debug")
|
2014-03-10 20:57:50 +00:00
|
|
|
|
2014-09-03 18:12:30 +00:00
|
|
|
self.c.del_server_connection()
|
|
|
|
self.c.server_conn = self._backup_server_conn
|
2014-09-16 21:54:17 +00:00
|
|
|
self._backup_server_conn = None
|