Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-22 15:37:45 +00:00
Code Issues Projects Releases Wiki Activity

[sans-io] tls: handle invalid clienthellos

Browse Source
This commit is contained in:
Maximilian Hils 2019-11-24 00:28:16 +01:00
parent 6cf0bec912
commit b075b7fc15
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mitmproxy/proxy2/layers/tls.py
View File

@ -327,7 +327,9 @@ class ClientTLSLayer(_TLSLayer):
try:
client_hello = parse_client_hello(self.recv_buffer)
except ValueError as e:
raise NotImplementedError from e # TODO
yield commands.Log(f"Cannot parse ClientHello: {self.recv_buffer.hex()}")
yield commands.CloseConnection(client)
return
if client_hello:
client.sni = client_hello.sni
@ -378,9 +380,13 @@ class ClientTLSLayer(_TLSLayer):
dest = self.context.client.sni.decode("idna")
else:
dest = human.format_address(self.context.server.address)
if "Unknown CA" in err:
keyword = "does not"
else:
keyword = "may not"
yield commands.Log(
f"Client TLS Handshake failed. "
f"The client may not trust the proxy's certificate for {dest} ({err}).",
f"The client {keyword} trust the proxy's certificate for {dest} ({err}).",
level="warn"
)
yield commands.CloseConnection(self.context.client)

14
test/mitmproxy/proxy2/layers/test_tls.py
View File

@ -428,3 +428,17 @@ class TestClientTLS:
assert tctx.server.alpn == b"quux"
_test_echo(playbook, tssl_server, tctx.server)
_test_echo(playbook, tssl_client, tctx.client)
def test_cannot_parse_clienthello(self, tctx: context.Context):
"""We have a client layer, but we only receive garbage."""
playbook, client_layer = _make_client_tls_layer(tctx)
invalid = b"\x16\x03\x01\x00\x00"
assert (
playbook
>> events.DataReceived(tctx.client, invalid)
<< commands.Log(f"Cannot parse ClientHello: {invalid.hex()}")
<< commands.CloseConnection(tctx.client)
)
assert not tctx.client.tls_established