Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-25 18:03:50 +00:00
Code Issues Projects Releases Wiki Activity

README, Linux transparent mode docs, requirements additions.

Browse Source
This commit is contained in:
Aldo Cortesi 2013-05-14 09:12:26 +12:00
parent d86b7c7f77
commit b5cf3b4f74
5 changed files with 63 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.mkd
View File

@ -35,6 +35,12 @@ Requirements
* [urwid](http://excess.org/urwid/) version 1.1 or newer. * [urwid](http://excess.org/urwid/) version 1.1 or newer.
* [PIL](http://www.pythonware.com/products/pil/) version 1.1 or newer. * [PIL](http://www.pythonware.com/products/pil/) version 1.1 or newer.
* [lxml](http://lxml.de/) version 2.3 or newer. * [lxml](http://lxml.de/) version 2.3 or newer.
* [flask](http://flask.pocoo.org/) version 0.9 or newer.
Optional, for extended content decoding:
* [PyAMF](http://www.pyamf.org/) version 0.6.1 or newer.
* [protobuf](https://code.google.com/p/protobuf/) version 2.5.0 or newer.
__mitmproxy__ is tested and developed on OSX, Linux and OpenBSD. Windows is not __mitmproxy__ is tested and developed on OSX, Linux and OpenBSD. Windows is not
officially supported at the moment. officially supported at the moment.
@ -49,3 +55,6 @@ The following components are needed if you plan to hack on mitmproxy:
framework and requires [pathod](http://pathod.org) and [flask](http://flask.pocoo.org/). framework and requires [pathod](http://pathod.org) and [flask](http://flask.pocoo.org/).
* Rendering the documentation requires [countershape](http://github.com/cortesi/countershape). * Rendering the documentation requires [countershape](http://github.com/cortesi/countershape).
Please ensure that all patches are accompanied by matching changes in the test
suite. The project maintains 100% test coverage.

18
doc-src/transparent.html
View File

@ -1,15 +1,19 @@
When a transparent proxy is used, traffic is redirected into a proxy at the
When a transparent proxy is used, traffic is redirected into a proxy at the network layer, without network layer, without any client configuration being required. This makes
any client configuration being required. This makes transparent proxying ideal for those situations transparent proxying ideal for those situations where you can't change client
where you can't change client behaviour - proxy-oblivious Android applications being a common behaviour - proxy-oblivious Android applications being a common example.
example.
To set up transparent proxying, we need two new components. The first is a To set up transparent proxying, we need two new components. The first is a
redirection mechanism that transparently reroutes a TCP connection destined for redirection mechanism that transparently reroutes a TCP connection destined for
a server on the Internet to a listening proxy server. This usually takes the a server on the Internet to a listening proxy server. This usually takes the
form of a firewall on the same host as the proxy server - form of a firewall on the same host as the proxy server -
[iptables](http://www.netfilter.org/) on Linux or [iptables](http://www.netfilter.org/) on Linux or
[pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy receives a redirected connection, it sees a vanilla HTTP request, without a host specification. This is where the second new component comes in - a host module that allows us to query the redirector for the original destination of the TCP connection. [pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy
receives a redirected connection, it sees a vanilla HTTP request, without a
host specification. This is where the second new component comes in - a host
module that allows us to query the redirector for the original destination of
the TCP connection.
At the moment, mitmproxy supports transparent proxying on OSX Lion and above, and all current flavors of Linux.kkkkk At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
and all current flavors of Linux.

2
doc-src/transparent/index.py
View File

@ -1,6 +1,6 @@
from countershape import Page from countershape import Page
pages = [ pages = [
Page("linux.html", "Linux"),
Page("osx.html", "OSX"), Page("osx.html", "OSX"),
Page("linux.html", "Linux"),
] ]

40
doc-src/transparent/linux.html
View File

@ -0,0 +1,40 @@
On Linux, mitmproxy integrates with the iptables redirection mechanism to
achieve transparent mode.
<ol class="tlist">
<li> <a href="@!urlTo("ssl.html")!@">Install the mitmproxy
certificates on the test device</a>. </li>
<li> Enable IP forwarding:
<pre class="terminal">sysctl -w net.ipv4.ip_forward=1</pre>
You may also want to consider enabling this permanently in
<b>/etc/sysctl.conf</b>.
</li>
<li> Create an iptables ruleset that redirects the desired traffic to the
mitmproxy port. Details will differ according to your setup, but the
ruleset should look something like this:
<pre class="terminal">iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080</pre>
</li>
<li> Fire up mitmproxy. You probably want a command like this:
<pre class="terminal">mitmproxy -T --host</pre>
The <b>-T</b> flag turns on transparent mode, and the <b>--host</b>
argument tells mitmproxy to use the value of the Host header for URL
display.
</li>
<li> Finally, configure your test device to use the host on which mitmproxy is
running as the default gateway.</li>
</ol>

3
setup.py
View File

@ -98,6 +98,7 @@ setup(
"pyasn1>0.1.2", "pyasn1>0.1.2",
"pyopenssl>=0.12", "pyopenssl>=0.12",
"PIL", "PIL",
"lxml" "lxml",
"flask"
], ],
) )