minor cleanups (#4530)

This commit is contained in:
Maximilian Hils 2021-03-29 17:42:24 +02:00 committed by GitHub
parent de3f089bb0
commit 9baaf9dfdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 56 deletions

View File

@ -26,10 +26,9 @@ Mitmproxy has a completely new proxy core, fixing many longstanding issues:
We wanted to bring these improvements out, so we have a few temporary regressions:
* HTTP trailers were added in mitmproxy 5.2, but have not made it into the new core yet.
* Support for HTTP/2 Push Promises has been dropped.
* Message Injection for WebSocket and TCP connections is not implemented yet.
* SOCKS/5 Proxy Mode is not implemented yet.
* body_size_limit is currently unsupported.
* upstream_auth is currently unsupported.
If you depend on these features, please raise your voice in
[#4348](https://github.com/mitmproxy/mitmproxy/issues/4348)!

View File

@ -24,7 +24,7 @@ menu:
## Anticache
When the `anticache` option is set, it removes headers (`if-none-match` and
`if-modified-since`) that might elicit a `304 not modified` response from the
`if-modified-since`) that might elicit a `304 Not Modified` response from the
server. This is useful when you want to make sure you capture an HTTP exchange
in its totality. It's also often used during client-side replay, when you want
to make sure the server responds with complete data.
@ -88,7 +88,7 @@ and transparently returned to the client.
* **flow-filter** is an optional mitmproxy [filter expression]({{< relref "concepts-filters">}})
that additionally constrains which requests will be redirected.
### Examples
#### Examples
Pattern | Description
------- | -----------
@ -164,7 +164,7 @@ that defines which requests the `map_remote` option applies to.
The _separator_ is arbitrary, and is defined by the first character.
### Examples
#### Examples
Map all requests ending with `.jpg` to `https://placedog.net/640/480?random`.
Note that this might fail if the original HTTP request destination uses HTTP2 but the replaced
@ -210,7 +210,7 @@ whether the hook triggers on the request, response or both using the
filter pattern. If you need finer-grained control than this, it's simple
to create a script using the replacement API on Flow components.
### Examples
#### Examples
Replace `foo` with `bar` in bodies of requests:
@ -258,7 +258,7 @@ whether the hook triggers on the request, response or both using the
filter pattern. If you need finer-grained control than this, it's simple
to create a script using the replacement API on Flow components.
### Examples
#### Examples
Set the `Host` header to `example.org` for all requests (existing `Host`
headers are replaced):
@ -289,7 +289,7 @@ Remove existing `Host` headers from all requests:
## Proxy Authentication
Asks the user for authentication before they are permitted to use the proxy.
The `proxyauth` option asks the user for authentication before they are permitted to use the proxy.
Authentication headers are stripped from the flows, so they are not passed to
upstream servers. For now, only HTTP Basic Authentication is supported.
@ -329,18 +329,6 @@ updated in a similar way.
You can turn off this behaviour by setting the `server_replay_refresh` option to
`false`.
### Replaying a session recorded in Reverse-proxy Mode
If you have captured the session in reverse proxy mode, in order to replay it
you still have to specify the server URL, otherwise you may get the error: 'HTTP
protocol error in client request: Invalid HTTP request form (expected authority
or absolute...)'.
During replay, when the client's requests match previously recorded requests,
then the respective recorded responses are simply replayed by mitmproxy.
Otherwise, the unmatched requests is forwarded to the upstream server. If
forwarding is not desired, you can use the --kill (-k) switch to prevent that.
## Sticky auth
The `stickyauth` option is analogous to the sticky cookie option, in that HTTP
@ -386,29 +374,3 @@ streamed. Requests/Responses that should be tagged for streaming by setting
their ``.stream`` attribute to ``True``:
{{< example src="examples/addons/http-stream-simple.py" lang="py" >}}
### Websockets
The `stream_websockets` option enables an analogous behaviour for websockets.
When WebSocket streaming is enabled, portions of the code which may perform
changes to the WebSocket message payloads will not have any effect on the actual
payload sent to the server as the frames are immediately forwarded to the
server. In contrast to HTTP streaming, where the body is not stored, the message
payload will still be stored in the WebSocket flow.
## Upstream Certificates
When mitmproxy receives a connection destined for an SSL-protected service, it
freezes the connection before reading its request data, and makes a connection
to the upstream server to "sniff" the contents of its SSL certificate. The
information gained - the **Common Name** and **Subject Alternative Names** - is
then used to generate the interception certificate, which is sent to the client
so the connection can continue.
This rather intricate little dance lets us seamlessly generate correct
certificates even if the client has specified only an IP address rather than the
hostname. It also means that we don't need to sniff additional data to generate
certs in transparent mode.
Upstream cert sniffing is on by default, and can optionally be turned off with
the `upstream_cert` option.

View File

@ -7,16 +7,15 @@ class Block:
loader.add_option(
"block_global", bool, True,
"""
Block connections from globally reachable networks, as defined in
the IANA special purpose registries.
Block connections from public IP addresses.
"""
)
loader.add_option(
"block_private", bool, False,
"""
Block connections from private networks, as defined in the IANA
special purpose registries. This option does not affect loopback
addresses.
Block connections from local (private) IP addresses.
This option does not affect loopback addresses (connections from the local machine),
which are always permitted.
"""
)

View File

@ -46,7 +46,7 @@ class BlockList:
"""
Block matching requests and return an empty response with the specified HTTP status.
Option syntax is "/flow-filter/status-code", where flow-filter describes
which requests this rule should be applied to and status-code is the HTTP status code to return for
which requests this rule should be applied to and status-code is the HTTP status code to return for
blocked requests. The separator ("/" in the example) can be any character.
Setting a non-standard status code of 444 will close the connection without sending a response.
"""

View File

@ -160,14 +160,13 @@ def _check_content_type(rex, message):
class FAsset(_Action):
code = "a"
help = "Match asset in response: CSS, Javascript, Flash, images."
help = "Match asset in response: CSS, JavaScript, images."
ASSET_TYPES = [re.compile(x) for x in [
b"text/javascript",
b"application/x-javascript",
b"application/javascript",
b"text/css",
b"image/.*",
b"application/x-shockwave-flash"
b"image/.*"
]]
@only(http.HTTPFlow)