From 39a8d4dc229b40d7049a2b6a07e899d89bd26eef Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Fri, 16 Dec 2016 11:28:59 +0100 Subject: [PATCH] disable h2c upgrades --- mitmproxy/addons/__init__.py | 2 ++ mitmproxy/addons/disable_h2c_upgrade.py | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 mitmproxy/addons/disable_h2c_upgrade.py diff --git a/mitmproxy/addons/__init__.py b/mitmproxy/addons/__init__.py index 71d83dada..8a2f2974f 100644 --- a/mitmproxy/addons/__init__.py +++ b/mitmproxy/addons/__init__.py @@ -12,6 +12,7 @@ from mitmproxy.addons import stickyauth from mitmproxy.addons import stickycookie from mitmproxy.addons import streambodies from mitmproxy.addons import upstream_auth +from mitmproxy.addons import disable_h2c_upgrade def default_addons(): @@ -30,4 +31,5 @@ def default_addons(): serverplayback.ServerPlayback(), clientplayback.ClientPlayback(), upstream_auth.UpstreamAuth(), + disable_h2c_upgrade.DisableH2CleartextUpgrade(), ] diff --git a/mitmproxy/addons/disable_h2c_upgrade.py b/mitmproxy/addons/disable_h2c_upgrade.py new file mode 100644 index 000000000..f4a36d5f0 --- /dev/null +++ b/mitmproxy/addons/disable_h2c_upgrade.py @@ -0,0 +1,21 @@ +class DisableH2CleartextUpgrade: + + """ + We currently only support HTTP/2 over a TLS connection. Some clients try + to upgrade a connection from HTTP/1.1 to h2c, so we need to remove those + headers to avoid protocol errors if one endpoints suddenly starts sending + HTTP/2 frames. + """ + + def process_flow(self, f): + if f.request.headers.get('upgrade', '') == 'h2c': + del f.request.headers['upgrade'] + if 'connection' in f.request.headers: + del f.request.headers['connection'] + if 'http2-settings' in f.request.headers: + del f.request.headers['http2-settings'] + + # Handlers + + def request(self, f): + self.process_flow(f)