Merge pull request #2053 from krsoninikhil/on-issues

Adds --keep-host-header option (#2039)

docs/features/reverseproxy.rst

@@ -31,7 +31,8 @@ Host Header
 
 In reverse proxy mode, mitmproxy automatically rewrites the Host header to match the
 upstream server. This allows mitmproxy to easily connect to existing endpoints on the
-open web (e.g. ``mitmproxy -R https://example.com``).
+open web (e.g. ``mitmproxy -R https://example.com``). You can disable this behaviour
+by passing ``--keep-host-header`` on the console.
 
 However, keep in mind that absolute URLs within the returned document or HTTP redirects will
 NOT be rewritten by mitmproxy. This means that if you click on a link for "http://example.com"

examples/complex/dns_spoofing.py

@@ -13,6 +13,8 @@ Usage:
         -s dns_spoofing.py
         # Used as the target location if neither SNI nor host header are present.
         -R http://example.com/
+        # To avoid auto rewriting of host header by the reverse proxy target.
+        --keep-host-header
     mitmdump
         -p 80
         -R http://localhost:443/
@@ -29,13 +31,6 @@ parse_host_header = re.compile(r"^(?P<host>[^:]+|\[.+\])(?::(?P<port>\d+))?$")
 
 
 class Rerouter:
-    def requestheaders(self, flow):
-        """
-        The original host header is retrieved early
-        before flow.request is replaced by mitmproxy new outgoing request
-        """
-        flow.metadata["original_host"] = flow.request.host_header
-
     def request(self, flow):
         if flow.client_conn.ssl_established:
             flow.request.scheme = "https"
@@ -46,7 +41,7 @@ class Rerouter:
             sni = None
             port = 80
 
-        host_header = flow.metadata["original_host"]
+        host_header = flow.request.host_header
         m = parse_host_header.match(host_header)
         if m:
             host_header = m.group("host").strip("[]")

mitmproxy/options.py

@@ -72,6 +72,7 @@ class Options(optmanager.OptManager):
         upstream_bind_address: str = "",
         mode: str = "regular",
         no_upstream_cert: bool = False,
+        keep_host_header: bool = False,
 
         http2: bool = True,
         http2_priority: bool = False,
@@ -162,6 +163,7 @@ class Options(optmanager.OptManager):
         self.upstream_bind_address = upstream_bind_address
         self.mode = mode
         self.no_upstream_cert = no_upstream_cert
+        self.keep_host_header = keep_host_header
 
         self.http2 = http2
         self.http2_priority = http2_priority

mitmproxy/proxy/protocol/http.py

@@ -288,7 +288,7 @@ class HttpLayer(base.Layer):
             request.first_line_format = "relative"
 
         # update host header in reverse proxy mode
-        if self.config.options.mode == "reverse":
+        if self.config.options.mode == "reverse" and not self.config.options.keep_host_header:
             f.request.host_header = self.config.upstream_server.address[0]
 
         # Determine .scheme, .host and .port attributes for inline scripts. For

mitmproxy/tools/cmdline.py

@@ -112,6 +112,7 @@ def get_common_options(args):
         replacements=args.replacements,
         replacement_files=args.replacement_files,
         setheaders=args.setheaders,
+        keep_host_header=args.keep_host_header,
         server_replay=args.server_replay,
         scripts=args.scripts,
         stickycookie=stickycookie,
@@ -387,6 +388,11 @@ def proxy_options(parser):
         action="store", type=str, dest="upstream_bind_address",
         help="Address to bind upstream requests to (defaults to none)"
     )
+    group.add_argument(
+        "--keep-host-header",
+        action="store_true", dest="keep_host_header",
+        help="Reverse Proxy: Keep the original host header instead of rewriting it to the reverse proxy target."
+    )
 
 
 def proxy_ssl_options(parser):

test/mitmproxy/proxy/test_server.py

@@ -481,6 +481,26 @@ class TestHTTPSNoCommonName(tservers.HTTPProxyTest):
 class TestReverse(tservers.ReverseProxyTest, CommonMixin, TcpMixin):
     reverse = True
 
+    def test_host_header(self):
+        self.config.options.keep_host_header = True
+        p = self.pathoc()
+        with p.connect():
+            resp = p.request("get:/p/200:h'Host'='example.com'")
+        assert resp.status_code == 200
+
+        req = self.master.state.flows[0].request
+        assert req.host_header == "example.com"
+
+    def test_overridden_host_header(self):
+        self.config.options.keep_host_header = False  # default value
+        p = self.pathoc()
+        with p.connect():
+            resp = p.request("get:/p/200:h'Host'='example.com'")
+        assert resp.status_code == 200
+
+        req = self.master.state.flows[0].request
+        assert req.host_header == "127.0.0.1"
+
 
 class TestReverseSSL(tservers.ReverseProxyTest, CommonMixin, TcpMixin):
     reverse = True

test/mitmproxy/test_examples.py

@@ -114,13 +114,11 @@ class TestScripts(tservers.MasterTest):
 
         # Rewrite by reverse proxy mode
         f.request.scheme = "https"
-        f.request.host = "mitmproxy.org"
         f.request.port = 443
 
         m.request(f)
 
         assert f.request.scheme == "http"
-        assert f.request.host == original_host
         assert f.request.port == 80
 
         assert f.request.headers["Host"] == original_host