2016-01-12 16:41:41 +00:00
|
|
|
from netlib.http import decoded
|
|
|
|
|
import re
|
|
|
|
|
from six.moves import urllib
|
|
|
|
|
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
def start(context, argv):
|
|
|
|
|
# set of SSL/TLS capable hosts
|
2016-01-12 16:41:41 +00:00
|
|
|
context.secure_hosts = set()
|
|
|
|
|
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
def request(context, flow):
|
2016-01-12 16:41:41 +00:00
|
|
|
flow.request.headers.pop('If-Modified-Since', None)
|
|
|
|
|
flow.request.headers.pop('Cache-Control', None)
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
# proxy connections to SSL-enabled hosts
|
|
|
|
|
if flow.request.pretty_host in context.secure_hosts:
|
2016-01-12 16:41:41 +00:00
|
|
|
flow.request.scheme = 'https'
|
|
|
|
|
flow.request.port = 443
|
|
|
|
|
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
def response(context, flow):
|
|
|
|
|
with decoded(flow.response):
|
2016-01-12 16:41:41 +00:00
|
|
|
flow.request.headers.pop('Strict-Transport-Security', None)
|
|
|
|
|
flow.request.headers.pop('Public-Key-Pins', None)
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
# strip links in response body
|
2016-01-12 16:41:41 +00:00
|
|
|
flow.response.content = flow.response.content.replace('https://', 'http://')
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
# strip links in 'Location' header
|
|
|
|
|
if flow.response.headers.get('Location', '').startswith('https://'):
|
2016-01-12 16:41:41 +00:00
|
|
|
location = flow.response.headers['Location']
|
|
|
|
|
hostname = urllib.parse.urlparse(location).hostname
|
|
|
|
|
if hostname:
|
|
|
|
|
context.secure_hosts.add(hostname)
|
|
|
|
|
flow.response.headers['Location'] = location.replace('https://', 'http://', 1)
|
|
|
|
|
|
2016-05-29 08:23:39 +00:00
|
|
|
# strip secure flag from 'Set-Cookie' headers
|
2016-01-12 16:41:41 +00:00
|
|
|
cookies = flow.response.headers.get_all('Set-Cookie')
|
|
|
|
|
cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies]
|
|
|
|
|
flow.response.headers.set_all('Set-Cookie', cookies)
|
