Prep for 0.5 release

- Update CHANGELOG and CONTRIBUTORS
- Bump version
- Include Apple Gamecenter highscore setting tutorial in docs

CHANGELOG

@@ -1,3 +1,28 @@
+27 June 2011: mitmproxy 0.5:
+
+    * An -n option to start the tools without binding to a proxy port.
+
+    * Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
+      save files.
+
+    * Regularize command-line options for mitmproxy and mitmdump.
+
+    * Add an "SSL exception" to mitmproxy's license to remove possible
+      distribution issues.
+
+    * Add a --cert-wait-time option to make mitmproxy pause after a new SSL
+      certificate is generated. This can pave over small discrepancies in
+      system time between the client and server.
+
+    * Handle viewing big request and response bodies more elegantly. Only
+      render the first 100k of large documents, and try to avoid running the
+      XML indenter on non-XML data.
+
+    * BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
+      flow has been replayed.
+
+    * BUGFIX: Repair a problem that sometimes caused SSL connections to consume
+      100% of CPU.
 
 
 30 March 2011: mitmproxy 0.4 

CONTRIBUTORS

@@ -1,4 +1,5 @@
-    179 Aldo Cortesi
+    203 Aldo Cortesi
      18 Henrik Nordstrom
      13 Thomas Roth
+      1 Yuangxuan Wang
       1 Henrik Nordström

doc-src/index.html

@@ -19,9 +19,7 @@
      <li>Tutorials</li>
         <ul>
             <li> <a href="@!urlTo("tutorials/30second.html")!@">Client replay: a 30 second example</a> </li>
-            <li> Scripting: On-the-fly modifications to HTTP conversations [coming soon] </li>
-            <li> Sticky cookies  [coming soon] </li>
-            <li> Breaking iPhone apps for fun and profit [coming soon] </li>
+            <li> <a href="@!urlTo("tutorials/gamecenter.html")!@">Setting highscores on Apple's GameCenter</a> </li>
         </ul>
      <li><a href="@!urlTo("faq.html")!@">FAQ</a></li>
      <li><a href="@!urlTo("admin.html")!@">Administrivia</a></li>

doc-src/index.py

@@ -1,7 +1,7 @@
 import os, sys
 import countershape
 from countershape import Page, Directory, PythonModule, markup
-import countershape.grok, countershape.template    
+import countershape.template
 sys.path.insert(0, "..")
 from libmproxy import filt
 
@@ -33,7 +33,7 @@ ns.index_contents = file(mpath("README.mkd")).read()
 top = os.path.abspath(os.getcwd())
 def example(s):
     d = file(mpath(s)).read()
-    return countershape.template.pySyntax(d)
+    return countershape.template.Syntax("py")(d)
 
 
 ns.example = example

doc-src/tutorials/gamecenter.html

@@ -0,0 +1,105 @@
+
+## The setup
+
+In this tutorial, I'm going to show you how simple it is to creatively
+interfere with Apple Game Center traffic using mitmproxy. To set things up, I
+registered my mitmproxy CA certificate with my iPhone - there's a [step by step
+set of instructions](@!urlTo("certinstall/ios.html")!@) elsewhere in this manual. I then
+started mitmproxy on my desktop, and configured the iPhone to use it as a
+proxy. 
+
+
+## Taking a look at the Game Center traffic
+
+Lets take a first look at the Game Center traffic. The game I'll use in this
+tutorial is [Super Mega
+Worm](http://itunes.apple.com/us/app/super-mega-worm/id388541990?mt=8) - a
+great little retro-apocalyptic sidescroller for the iPhone: 
+
+<center>
+    <img src="@!urlTo("tutorials/supermega.png")!@"/>
+</center>
+
+After finishing a game (take your time), watch the traffic flowing through
+mitmproxy:
+
+<center>
+    <img src="@!urlTo("tutorials/one.png")!@"/>
+</center>
+
+We see a bunch of things we might expect - initialisation, the retrieval of
+leaderboards and so forth. Then, right at the end, there's a POST to this
+tantalising URL:
+
+<pre>
+https://service.gc.apple.com/WebObjects/GKGameStatsService.woa/wa/submitScore
+</pre>
+
+The contents of the submission are particularly interesting:
+
+<!--(block|syntax("xml"))-->
+<plist version="1.0">
+<dict>
+    <key>category</key>
+    <string>SMW_Adv_USA1</string>
+    <key>score-value</key>
+    <integer>55</integer>
+    <key>timestamp</key>
+    <integer>1301553284461</integer>
+</dict>
+</plist>
+<!--(end)-->
+
+This is a [property list](http://en.wikipedia.org/wiki/Property_list),
+containing an identifier for the game, a score (55, in this case), and a
+timestamp. Looks pretty simple to mess with.
+
+
+## Modifying and replaying the score submission
+
+Lets edit the score submission. First, select it in mitmproxy, then press
+__enter__ to view it. Make sure you're viewing the request, not the response -
+you can use __tab__ to flick between the two. Now press __e__ for edit. You'll
+be prompted for the part of the request you want to change - press __b__ for
+body.  Your preferred editor (taken from the EDITOR environment variable) will
+now fire up. Lets bump the score up to something a bit more ambitious:
+
+<!--(block|syntax("xml"))-->
+<plist version="1.0">
+<dict>
+    <key>category</key>
+    <string>SMW_Adv_USA1</string>
+    <key>score-value</key>
+    <integer>2200272667</integer>
+    <key>timestamp</key>
+    <integer>1301553284461</integer>
+</dict>
+</plist>
+<!--(end)-->
+
+Save the file and exit your editor. 
+
+The final step is to replay this modified request. Simply press __r__ for
+replay.
+
+## The glorious result and some intrigue
+
+<center>
+    <img src="@!urlTo("tutorials/leaderboard.png")!@"/>
+</center>
+
+And that's it - according to the records, I am the greatest Super Mega Worm
+player of all time. 
+
+Curiously, the top competitors' scores are all the same: 2,147,483,647. If you
+think that number seems familiar, you're right: it's 2^31-1, the maximum value
+you can fit into a signed 32-bit int. Now let me tell you another peculiar
+thing about Super Mega Worm - at the end of every game, it submits your highest
+previous score to the Game Center, not your current score.  This means that it
+stores your highscore somewhere, and I'm guessing that it reads that stored
+score back into a signed integer. So, if you _were_ to cheat by the relatively
+pedestrian means of modifying the saved score on your jailbroken phone, then
+2^31-1 might well be the maximum score you could get. Then again, if the game
+itself stores its score in a signed 32-bit int, you could get the same score
+through perfect play, effectively beating the game. So, which is it in this
+case? I'll leave that for you to decide.

doc-src/tutorials/index.py

@@ -2,4 +2,5 @@ from countershape import Page
 
 pages = [
     Page("30second.html", "Client playback: a 30 second example"),
+    Page("gamecenter.html", "Setting highscores on Apple's GameCenter"),
 ]

libmproxy/version.py

@@ -1,2 +1,2 @@
-IVERSION = (0, 4)
+IVERSION = (0, 5)
 VERSION = ".".join([str(i) for i in IVERSION])