Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-30 03:14:22 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4074 from tunnelpr0/patch-1

Browse Source 
Secure fix for the DNS Rebind Protection issue from #4072
This commit is contained in:
Thomas Kriechbaumer 2020-07-10 15:54:38 +02:00 committed by GitHub
commit a7ccbd31e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -19,6 +19,7 @@ Unreleased: mitmproxy next
* Add new MapRemote addon to rewrite URLs of requests (@mplattner) * Add new MapRemote addon to rewrite URLs of requests (@mplattner)
* Add support for HTTP Trailers to the HTTP/2 protocol (@sanlengjingvv and @Kriechi) * Add support for HTTP Trailers to the HTTP/2 protocol (@sanlengjingvv and @Kriechi)
* Fix certificate runtime error during expire cleanup (@gorogoroumaru) * Fix certificate runtime error during expire cleanup (@gorogoroumaru)
* Fixed the DNS Rebind Protection for secure support of IPv6 addresses (@tunnelpr0)
* --- TODO: add new PRs above this line --- * --- TODO: add new PRs above this line ---

2
mitmproxy/tools/web/app.py
View File

@ -499,7 +499,7 @@ class Application(tornado.web.Application):
self.add_handlers("dns-rebind-protection", [(r"/.*", DnsRebind)]) self.add_handlers("dns-rebind-protection", [(r"/.*", DnsRebind)])
self.add_handlers( self.add_handlers(
# make mitmweb accessible by IP only to prevent DNS rebinding. # make mitmweb accessible by IP only to prevent DNS rebinding.
r'^(localhost|[0-9.:\[\]]+)$', r'^(localhost|[0-9.]+|\[[0-9a-fA-F:]+\])$',
[ [
(r"/", IndexHandler), (r"/", IndexHandler),
(r"/filter-help(?:\.json)?", FilterHelp), (r"/filter-help(?:\.json)?", FilterHelp),