mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-29 02:57:19 +00:00
README, Linux transparent mode docs, requirements additions.
This commit is contained in:
parent
d86b7c7f77
commit
b5cf3b4f74
@ -35,6 +35,12 @@ Requirements
|
|||||||
* [urwid](http://excess.org/urwid/) version 1.1 or newer.
|
* [urwid](http://excess.org/urwid/) version 1.1 or newer.
|
||||||
* [PIL](http://www.pythonware.com/products/pil/) version 1.1 or newer.
|
* [PIL](http://www.pythonware.com/products/pil/) version 1.1 or newer.
|
||||||
* [lxml](http://lxml.de/) version 2.3 or newer.
|
* [lxml](http://lxml.de/) version 2.3 or newer.
|
||||||
|
* [flask](http://flask.pocoo.org/) version 0.9 or newer.
|
||||||
|
|
||||||
|
Optional, for extended content decoding:
|
||||||
|
|
||||||
|
* [PyAMF](http://www.pyamf.org/) version 0.6.1 or newer.
|
||||||
|
* [protobuf](https://code.google.com/p/protobuf/) version 2.5.0 or newer.
|
||||||
|
|
||||||
__mitmproxy__ is tested and developed on OSX, Linux and OpenBSD. Windows is not
|
__mitmproxy__ is tested and developed on OSX, Linux and OpenBSD. Windows is not
|
||||||
officially supported at the moment.
|
officially supported at the moment.
|
||||||
@ -49,3 +55,6 @@ The following components are needed if you plan to hack on mitmproxy:
|
|||||||
framework and requires [pathod](http://pathod.org) and [flask](http://flask.pocoo.org/).
|
framework and requires [pathod](http://pathod.org) and [flask](http://flask.pocoo.org/).
|
||||||
* Rendering the documentation requires [countershape](http://github.com/cortesi/countershape).
|
* Rendering the documentation requires [countershape](http://github.com/cortesi/countershape).
|
||||||
|
|
||||||
|
Please ensure that all patches are accompanied by matching changes in the test
|
||||||
|
suite. The project maintains 100% test coverage.
|
||||||
|
|
||||||
|
@ -1,15 +1,19 @@
|
|||||||
|
|
||||||
|
When a transparent proxy is used, traffic is redirected into a proxy at the
|
||||||
When a transparent proxy is used, traffic is redirected into a proxy at the network layer, without
|
network layer, without any client configuration being required. This makes
|
||||||
any client configuration being required. This makes transparent proxying ideal for those situations
|
transparent proxying ideal for those situations where you can't change client
|
||||||
where you can't change client behaviour - proxy-oblivious Android applications being a common
|
behaviour - proxy-oblivious Android applications being a common example.
|
||||||
example.
|
|
||||||
|
|
||||||
To set up transparent proxying, we need two new components. The first is a
|
To set up transparent proxying, we need two new components. The first is a
|
||||||
redirection mechanism that transparently reroutes a TCP connection destined for
|
redirection mechanism that transparently reroutes a TCP connection destined for
|
||||||
a server on the Internet to a listening proxy server. This usually takes the
|
a server on the Internet to a listening proxy server. This usually takes the
|
||||||
form of a firewall on the same host as the proxy server -
|
form of a firewall on the same host as the proxy server -
|
||||||
[iptables](http://www.netfilter.org/) on Linux or
|
[iptables](http://www.netfilter.org/) on Linux or
|
||||||
[pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy receives a redirected connection, it sees a vanilla HTTP request, without a host specification. This is where the second new component comes in - a host module that allows us to query the redirector for the original destination of the TCP connection.
|
[pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy
|
||||||
|
receives a redirected connection, it sees a vanilla HTTP request, without a
|
||||||
|
host specification. This is where the second new component comes in - a host
|
||||||
|
module that allows us to query the redirector for the original destination of
|
||||||
|
the TCP connection.
|
||||||
|
|
||||||
At the moment, mitmproxy supports transparent proxying on OSX Lion and above, and all current flavors of Linux.kkkkk
|
At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
|
||||||
|
and all current flavors of Linux.
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
from countershape import Page
|
from countershape import Page
|
||||||
|
|
||||||
pages = [
|
pages = [
|
||||||
Page("linux.html", "Linux"),
|
|
||||||
Page("osx.html", "OSX"),
|
Page("osx.html", "OSX"),
|
||||||
|
Page("linux.html", "Linux"),
|
||||||
]
|
]
|
||||||
|
@ -0,0 +1,40 @@
|
|||||||
|
On Linux, mitmproxy integrates with the iptables redirection mechanism to
|
||||||
|
achieve transparent mode.
|
||||||
|
|
||||||
|
<ol class="tlist">
|
||||||
|
|
||||||
|
<li> <a href="@!urlTo("ssl.html")!@">Install the mitmproxy
|
||||||
|
certificates on the test device</a>. </li>
|
||||||
|
|
||||||
|
<li> Enable IP forwarding:
|
||||||
|
|
||||||
|
<pre class="terminal">sysctl -w net.ipv4.ip_forward=1</pre>
|
||||||
|
|
||||||
|
You may also want to consider enabling this permanently in
|
||||||
|
<b>/etc/sysctl.conf</b>.
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li> Create an iptables ruleset that redirects the desired traffic to the
|
||||||
|
mitmproxy port. Details will differ according to your setup, but the
|
||||||
|
ruleset should look something like this:
|
||||||
|
|
||||||
|
<pre class="terminal">iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
|
||||||
|
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080</pre>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li> Fire up mitmproxy. You probably want a command like this:
|
||||||
|
|
||||||
|
<pre class="terminal">mitmproxy -T --host</pre>
|
||||||
|
|
||||||
|
The <b>-T</b> flag turns on transparent mode, and the <b>--host</b>
|
||||||
|
argument tells mitmproxy to use the value of the Host header for URL
|
||||||
|
display.
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li> Finally, configure your test device to use the host on which mitmproxy is
|
||||||
|
running as the default gateway.</li>
|
||||||
|
|
||||||
|
</ol>
|
Loading…
Reference in New Issue
Block a user