Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-22 07:08:10 +00:00
Code Issues Projects Releases Wiki Activity

vendoring of wsproto

Browse Source 
https://github.com/python-hyper/wsproto.git
commit 5ea2da61266796666f5de6461aaae22e6b00deba
This commit is contained in:
Thomas Kriechbaumer 2017-12-12 21:47:24 +01:00
parent 70e1409261
commit f5fafbfcb5
7 changed files with 1419 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mitmproxy/contrib/wsproto/compat.py Normal file
View File

@ -0,0 +1,20 @@
# flake8: noqa
import sys
PY2 = sys.version_info.major == 2
PY3 = sys.version_info.major == 3
if PY3:
unicode = str
def Utf8Validator():
return None
else:
unicode = unicode
try:
from wsaccel.utf8validator import Utf8Validator
except ImportError:
from .utf8validator import Utf8Validator

477
mitmproxy/contrib/wsproto/connection.py Normal file
View File

@ -0,0 +1,477 @@
# -*- coding: utf-8 -*-
"""
wsproto/connection
~~~~~~~~~~~~~~
An implementation of a WebSocket connection.
"""
import os
import base64
import hashlib
from collections import deque
from enum import Enum
import h11
from .events import (
ConnectionRequested, ConnectionEstablished, ConnectionClosed,
ConnectionFailed, TextReceived, BytesReceived, PingReceived, PongReceived
)
from .frame_protocol import FrameProtocol, ParseFailed, CloseReason, Opcode
# RFC6455, Section 1.3 - Opening Handshake
ACCEPT_GUID = b"258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
class ConnectionState(Enum):
"""
RFC 6455, Section 4 - Opening Handshake
"""
CONNECTING = 0
OPEN = 1
CLOSING = 2
CLOSED = 3
class ConnectionType(Enum):
CLIENT = 1
SERVER = 2
CLIENT = ConnectionType.CLIENT
SERVER = ConnectionType.SERVER
# Some convenience utilities for working with HTTP headers
def _normed_header_dict(h11_headers):
# This mangles Set-Cookie headers. But it happens that we don't care about
# any of those, so it's OK. For every other HTTP header, if there are
# multiple instances then you're allowed to join them together with
# commas.
name_to_values = {}
for name, value in h11_headers:
name_to_values.setdefault(name, []).append(value)
name_to_normed_value = {}
for name, values in name_to_values.items():
name_to_normed_value[name] = b", ".join(values)
return name_to_normed_value
# We use this for parsing the proposed protocol list, and for parsing the
# proposed and accepted extension lists. For the proposed protocol list it's
# fine, because the ABNF is just 1#token. But for the extension lists, it's
# wrong, because those can contain quoted strings, which can in turn contain
# commas. XX FIXME
def _split_comma_header(value):
return [piece.decode('ascii').strip() for piece in value.split(b',')]
class WSConnection(object):
"""
A low-level WebSocket connection object.
This wraps two other protocol objects, an HTTP/1.1 protocol object used
to do the initial HTTP upgrade handshake and a WebSocket frame protocol
object used to exchange messages and other control frames.
:param conn_type: Whether this object is on the client- or server-side of
a connection. To initialise as a client pass ``CLIENT`` otherwise
pass ``SERVER``.
:type conn_type: ``ConnectionType``
:param host: The hostname to pass to the server when acting as a client.
:type host: ``str``
:param resource: The resource (aka path) to pass to the server when acting
as a client.
:type resource: ``str``
:param extensions: A list of extensions to use on this connection.
Extensions should be instances of a subclass of
:class:`Extension <wsproto.extensions.Extension>`.
:param subprotocols: A list of subprotocols to request when acting as a
client, ordered by preference. This has no impact on the connection
itself.
:type subprotocol: ``list`` of ``str``
"""
def __init__(self, conn_type, host=None, resource=None, extensions=None,
subprotocols=None):
self.client = conn_type is ConnectionType.CLIENT
self.host = host
self.resource = resource
self.subprotocols = subprotocols or []
self.extensions = extensions or []
self.version = b'13'
self._state = ConnectionState.CONNECTING
self._close_reason = None
self._nonce = None
self._outgoing = b''
self._events = deque()
self._proto = None
if self.client:
self._upgrade_connection = h11.Connection(h11.CLIENT)
else:
self._upgrade_connection = h11.Connection(h11.SERVER)
if self.client:
if self.host is None:
raise ValueError(
"Host must not be None for a client-side connection.")
if self.resource is None:
raise ValueError(
"Resource must not be None for a client-side connection.")
self.initiate_connection()
def initiate_connection(self):
self._generate_nonce()
headers = {
b"Host": self.host.encode('ascii'),
b"Upgrade": b'WebSocket',
b"Connection": b'Upgrade',
b"Sec-WebSocket-Key": self._nonce,
b"Sec-WebSocket-Version": self.version,
}
if self.subprotocols:
headers[b"Sec-WebSocket-Protocol"] = ", ".join(self.subprotocols)
if self.extensions:
offers = {e.name: e.offer(self) for e in self.extensions}
extensions = []
for name, params in offers.items():
if params is True:
extensions.append(name.encode('ascii'))
elif params:
# py34 annoyance: doesn't support bytestring formatting
extensions.append(('%s; %s' % (name, params))
.encode("ascii"))
if extensions:
headers[b'Sec-WebSocket-Extensions'] = b', '.join(extensions)
upgrade = h11.Request(method=b'GET', target=self.resource,
headers=headers.items())
self._outgoing += self._upgrade_connection.send(upgrade)
def send_data(self, payload, final=True):
"""
Send a message or part of a message to the remote peer.
If ``final`` is ``False`` it indicates that this is part of a longer
message. If ``final`` is ``True`` it indicates that this is either a
self-contained message or the last part of a longer message.
If ``payload`` is of type ``bytes`` then the message is flagged as
being binary If it is of type ``str`` encoded as UTF-8 and sent as
text.
:param payload: The message body to send.
:type payload: ``bytes`` or ``str``
:param final: Whether there are more parts to this message to be sent.
:type final: ``bool``
"""
self._outgoing += self._proto.send_data(payload, final)
def close(self, code=CloseReason.NORMAL_CLOSURE, reason=None):
self._outgoing += self._proto.close(code, reason)
self._state = ConnectionState.CLOSING
@property
def closed(self):
return self._state is ConnectionState.CLOSED
def bytes_to_send(self, amount=None):
"""
Return any data that is to be sent to the remote peer.
:param amount: (optional) The maximum number of bytes to be provided.
If ``None`` or not provided it will return all available bytes.
:type amount: ``int``
"""
if amount is None:
data = self._outgoing
self._outgoing = b''
else:
data = self._outgoing[:amount]
self._outgoing = self._outgoing[amount:]
return data
def receive_bytes(self, data):
"""
Pass some received bytes to the connection for processing.
:param data: The data received from the remote peer.
:type data: ``bytes``
"""
if data is None and self._state is ConnectionState.OPEN:
# "If _The WebSocket Connection is Closed_ and no Close control
# frame was received by the endpoint (such as could occur if the
# underlying transport connection is lost), _The WebSocket
# Connection Close Code_ is considered to be 1006."
self._events.append(ConnectionClosed(CloseReason.ABNORMAL_CLOSURE))
self._state = ConnectionState.CLOSED
return
elif data is None:
self._state = ConnectionState.CLOSED
return
if self._state is ConnectionState.CONNECTING:
event, data = self._process_upgrade(data)
if event is not None:
self._events.append(event)
if self._state is ConnectionState.OPEN:
self._proto.receive_bytes(data)
def _process_upgrade(self, data):
self._upgrade_connection.receive_data(data)
while True:
try:
event = self._upgrade_connection.next_event()
except h11.RemoteProtocolError:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Bad HTTP message"), b''
if event is h11.NEED_DATA:
break
elif self.client and isinstance(event, (h11.InformationalResponse,
h11.Response)):
data = self._upgrade_connection.trailing_data[0]
return self._establish_client_connection(event), data
elif not self.client and isinstance(event, h11.Request):
return self._process_connection_request(event), None
else:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Bad HTTP message"), b''
self._incoming = b''
return None, None
def events(self):
"""
Return a generator that provides any events that have been generated
by protocol activity.
:returns: generator
"""
while self._events:
yield self._events.popleft()
if self._proto is None:
return
try:
for frame in self._proto.received_frames():
if frame.opcode is Opcode.PING:
assert frame.frame_finished and frame.message_finished
self._outgoing += self._proto.pong(frame.payload)
yield PingReceived(frame.payload)
elif frame.opcode is Opcode.PONG:
assert frame.frame_finished and frame.message_finished
yield PongReceived(frame.payload)
elif frame.opcode is Opcode.CLOSE:
code, reason = frame.payload
self.close(code, reason)
yield ConnectionClosed(code, reason)
elif frame.opcode is Opcode.TEXT:
yield TextReceived(frame.payload,
frame.frame_finished,
frame.message_finished)
elif frame.opcode is Opcode.BINARY:
yield BytesReceived(frame.payload,
frame.frame_finished,
frame.message_finished)
except ParseFailed as exc:
# XX FIXME: apparently autobahn intentionally deviates from the
# spec in that on protocol errors it just closes the connection
# rather than trying to send a CLOSE frame. Investigate whether we
# should do the same.
self.close(code=exc.code, reason=str(exc))
yield ConnectionClosed(exc.code, reason=str(exc))
def _generate_nonce(self):
# os.urandom may be overkill for this use case, but I don't think this
# is a bottleneck, and better safe than sorry...
self._nonce = base64.b64encode(os.urandom(16))
def _generate_accept_token(self, token):
accept_token = token + ACCEPT_GUID
accept_token = hashlib.sha1(accept_token).digest()
return base64.b64encode(accept_token)
def _establish_client_connection(self, event):
if event.status_code != 101:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Bad status code from server")
headers = _normed_header_dict(event.headers)
if headers[b'connection'].lower() != b'upgrade':
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Connection: Upgrade header")
if headers[b'upgrade'].lower() != b'websocket':
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Upgrade: WebSocket header")
accept_token = self._generate_accept_token(self._nonce)
if headers[b'sec-websocket-accept'] != accept_token:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Bad accept token")
subprotocol = headers.get(b'sec-websocket-protocol', None)
if subprotocol is not None:
subprotocol = subprotocol.decode('ascii')
if subprotocol not in self.subprotocols:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"unrecognized subprotocol {!r}"
.format(subprotocol))
extensions = headers.get(b'sec-websocket-extensions', None)
if extensions:
accepts = _split_comma_header(extensions)
for accept in accepts:
name = accept.split(';', 1)[0].strip()
for extension in self.extensions:
if extension.name == name:
extension.finalize(self, accept)
break
else:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"unrecognized extension {!r}"
.format(name))
self._proto = FrameProtocol(self.client, self.extensions)
self._state = ConnectionState.OPEN
return ConnectionEstablished(subprotocol, extensions)
def _process_connection_request(self, event):
if event.method != b'GET':
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Request method must be GET")
headers = _normed_header_dict(event.headers)
if headers[b'connection'].lower() != b'upgrade':
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Connection: Upgrade header")
if headers[b'upgrade'].lower() != b'websocket':
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Upgrade: WebSocket header")
if b'sec-websocket-version' not in headers:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Sec-WebSocket-Version header")
# XX FIXME: need to check Sec-Websocket-Version, and respond with a
# 400 if it's not what we expect
if b'sec-websocket-protocol' in headers:
proposed_subprotocols = _split_comma_header(
headers[b'sec-websocket-protocol'])
else:
proposed_subprotocols = []
if b'sec-websocket-key' not in headers:
return ConnectionFailed(CloseReason.PROTOCOL_ERROR,
"Missing Sec-WebSocket-Key header")
return ConnectionRequested(proposed_subprotocols, event)
def _extension_accept(self, extensions_header):
accepts = {}
offers = _split_comma_header(extensions_header)
for offer in offers:
name = offer.split(';', 1)[0].strip()
for extension in self.extensions:
if extension.name == name:
accept = extension.accept(self, offer)
if accept is True:
accepts[extension.name] = True
elif accept is not False and accept is not None:
accepts[extension.name] = accept.encode('ascii')
if accepts:
extensions = []
for name, params in accepts.items():
if params is True:
extensions.append(name.encode('ascii'))
else:
# py34 annoyance: doesn't support bytestring formatting
params = params.decode("ascii")
extensions.append(('%s; %s' % (name, params))
.encode("ascii"))
return b', '.join(extensions)
return None
def accept(self, event, subprotocol=None):
request = event.h11request
request_headers = _normed_header_dict(request.headers)
nonce = request_headers[b'sec-websocket-key']
accept_token = self._generate_accept_token(nonce)
headers = {
b"Upgrade": b'WebSocket',
b"Connection": b'Upgrade',
b"Sec-WebSocket-Accept": accept_token,
}
if subprotocol is not None:
if subprotocol not in event.proposed_subprotocols:
raise ValueError(
"unexpected subprotocol {!r}".format(subprotocol))
headers[b'Sec-WebSocket-Protocol'] = subprotocol
extensions = request_headers.get(b'sec-websocket-extensions', None)
if extensions:
accepts = self._extension_accept(extensions)
if accepts:
headers[b"Sec-WebSocket-Extensions"] = accepts
response = h11.InformationalResponse(status_code=101,
headers=headers.items())
self._outgoing += self._upgrade_connection.send(response)
self._proto = FrameProtocol(self.client, self.extensions)
self._state = ConnectionState.OPEN
def ping(self, payload=None):
"""
Send a PING message to the peer.
:param payload: an optional payload to send with the message
"""
payload = bytes(payload or b'')
self._outgoing += self._proto.ping(payload)
def pong(self, payload=None):
"""
Send a PONG message to the peer.
This method can be used to send an unsolicted PONG to the peer.
It is not needed otherwise since every received PING causes a
corresponding PONG to be sent automatically.
:param payload: an optional payload to send with the message
"""
payload = bytes(payload or b'')
self._outgoing += self._proto.pong(payload)

81
mitmproxy/contrib/wsproto/events.py Normal file
View File

@ -0,0 +1,81 @@
# -*- coding: utf-8 -*-
"""
wsproto/events
~~~~~~~~~~
Events that result from processing data on a WebSocket connection.
"""
class ConnectionRequested(object):
def __init__(self, proposed_subprotocols, h11request):
self.proposed_subprotocols = proposed_subprotocols
self.h11request = h11request
def __repr__(self):
path = self.h11request.target
headers = dict(self.h11request.headers)
host = headers[b'host']
version = headers[b'sec-websocket-version']
subprotocol = headers.get(b'sec-websocket-protocol', None)
extensions = []
fmt = '<%s host=%s path=%s version=%s subprotocol=%r extensions=%r>'
return fmt % (self.__class__.__name__, host, path, version,
subprotocol, extensions)
class ConnectionEstablished(object):
def __init__(self, subprotocol=None, extensions=None):
self.subprotocol = subprotocol
self.extensions = extensions
if self.extensions is None:
self.extensions = []
def __repr__(self):
return '<ConnectionEstablished subprotocol=%r extensions=%r>' % \
(self.subprotocol, self.extensions)
class ConnectionClosed(object):
def __init__(self, code, reason=None):
self.code = code
self.reason = reason
def __repr__(self):
return '<%s code=%r reason="%s">' % (self.__class__.__name__,
self.code, self.reason)
class ConnectionFailed(ConnectionClosed):
pass
class DataReceived(object):
def __init__(self, data, frame_finished, message_finished):
self.data = data
# This has no semantic content, but is provided just in case some
# weird edge case user wants to be able to reconstruct the
# fragmentation pattern of the original stream. You don't want it:
self.frame_finished = frame_finished
# This is the field that you almost certainly want:
self.message_finished = message_finished
class TextReceived(DataReceived):
pass
class BytesReceived(DataReceived):
pass
class PingReceived(object):
def __init__(self, payload):
self.payload = payload
class PongReceived(object):
def __init__(self, payload):
self.payload = payload

257
mitmproxy/contrib/wsproto/extensions.py Normal file
View File

@ -0,0 +1,257 @@
# -*- coding: utf-8 -*-
"""
wsproto/extensions
~~~~~~~~~~~~~~
WebSocket extensions.
"""
import zlib
from .frame_protocol import CloseReason, Opcode, RsvBits
class Extension(object):
name = None
def enabled(self):
return False
def offer(self, connection):
pass
def accept(self, connection, offer):
pass
def finalize(self, connection, offer):
pass
def frame_inbound_header(self, proto, opcode, rsv, payload_length):
return RsvBits(False, False, False)
def frame_inbound_payload_data(self, proto, data):
return data
def frame_inbound_complete(self, proto, fin):
pass
def frame_outbound(self, proto, opcode, rsv, data, fin):
return (rsv, data)
class PerMessageDeflate(Extension):
name = 'permessage-deflate'
DEFAULT_CLIENT_MAX_WINDOW_BITS = 15
DEFAULT_SERVER_MAX_WINDOW_BITS = 15
def __init__(self, client_no_context_takeover=False,
client_max_window_bits=None, server_no_context_takeover=False,
server_max_window_bits=None):
self.client_no_context_takeover = client_no_context_takeover
if client_max_window_bits is None:
client_max_window_bits = self.DEFAULT_CLIENT_MAX_WINDOW_BITS
self.client_max_window_bits = client_max_window_bits
self.server_no_context_takeover = server_no_context_takeover
if server_max_window_bits is None:
server_max_window_bits = self.DEFAULT_SERVER_MAX_WINDOW_BITS
self.server_max_window_bits = server_max_window_bits
self._compressor = None
self._decompressor = None
# This refers to the current frame
self._inbound_is_compressible = None
# This refers to the ongoing message (which might span multiple
# frames). Only the first frame in a fragmented message is flagged for
# compression, so this carries that bit forward.
self._inbound_compressed = None
self._enabled = False
def _compressible_opcode(self, opcode):
return opcode in (Opcode.TEXT, Opcode.BINARY, Opcode.CONTINUATION)
def enabled(self):
return self._enabled
def offer(self, connection):
parameters = [
'client_max_window_bits=%d' % self.client_max_window_bits,
'server_max_window_bits=%d' % self.server_max_window_bits,
]
if self.client_no_context_takeover:
parameters.append('client_no_context_takeover')
if self.server_no_context_takeover:
parameters.append('server_no_context_takeover')
return '; '.join(parameters)
def finalize(self, connection, offer):
bits = [b.strip() for b in offer.split(';')]
for bit in bits[1:]:
if bit.startswith('client_no_context_takeover'):
self.client_no_context_takeover = True
elif bit.startswith('server_no_context_takeover'):
self.server_no_context_takeover = True
elif bit.startswith('client_max_window_bits'):
self.client_max_window_bits = int(bit.split('=', 1)[1].strip())
elif bit.startswith('server_max_window_bits'):
self.server_max_window_bits = int(bit.split('=', 1)[1].strip())
self._enabled = True
def _parse_params(self, params):
client_max_window_bits = None
server_max_window_bits = None
bits = [b.strip() for b in params.split(';')]
for bit in bits[1:]:
if bit.startswith('client_no_context_takeover'):
self.client_no_context_takeover = True
elif bit.startswith('server_no_context_takeover'):
self.server_no_context_takeover = True
elif bit.startswith('client_max_window_bits'):
if '=' in bit:
client_max_window_bits = int(bit.split('=', 1)[1].strip())
else:
client_max_window_bits = self.client_max_window_bits
elif bit.startswith('server_max_window_bits'):
if '=' in bit:
server_max_window_bits = int(bit.split('=', 1)[1].strip())
else:
server_max_window_bits = self.server_max_window_bits
return client_max_window_bits, server_max_window_bits
def accept(self, connection, offer):
client_max_window_bits, server_max_window_bits = \
self._parse_params(offer)
self._enabled = True
parameters = []
if self.client_no_context_takeover:
parameters.append('client_no_context_takeover')
if client_max_window_bits is not None:
parameters.append('client_max_window_bits=%d' %
client_max_window_bits)
self.client_max_window_bits = client_max_window_bits
if self.server_no_context_takeover:
parameters.append('server_no_context_takeover')
if server_max_window_bits is not None:
parameters.append('server_max_window_bits=%d' %
server_max_window_bits)
self.server_max_window_bits = server_max_window_bits
return '; '.join(parameters)
def frame_inbound_header(self, proto, opcode, rsv, payload_length):
if rsv.rsv1 and opcode.iscontrol():
return CloseReason.PROTOCOL_ERROR
elif rsv.rsv1 and opcode is Opcode.CONTINUATION:
return CloseReason.PROTOCOL_ERROR
self._inbound_is_compressible = self._compressible_opcode(opcode)
if self._inbound_compressed is None:
self._inbound_compressed = rsv.rsv1
if self._inbound_compressed:
assert self._inbound_is_compressible
if proto.client:
bits = self.server_max_window_bits
else:
bits = self.client_max_window_bits
if self._decompressor is None:
self._decompressor = zlib.decompressobj(-int(bits))
return RsvBits(True, False, False)
def frame_inbound_payload_data(self, proto, data):
if not self._inbound_compressed or not self._inbound_is_compressible:
return data
try:
return self._decompressor.decompress(bytes(data))
except zlib.error:
return CloseReason.INVALID_FRAME_PAYLOAD_DATA
def frame_inbound_complete(self, proto, fin):
if not fin:
return
elif not self._inbound_is_compressible:
return
elif not self._inbound_compressed:
return
try:
data = self._decompressor.decompress(b'\x00\x00\xff\xff')
data += self._decompressor.flush()
except zlib.error:
return CloseReason.INVALID_FRAME_PAYLOAD_DATA
if proto.client:
no_context_takeover = self.server_no_context_takeover
else:
no_context_takeover = self.client_no_context_takeover
if no_context_takeover:
self._decompressor = None
self._inbound_compressed = None
return data
def frame_outbound(self, proto, opcode, rsv, data, fin):
if not self._compressible_opcode(opcode):
return (rsv, data)
if opcode is not Opcode.CONTINUATION:
rsv = RsvBits(True, *rsv[1:])
if self._compressor is None:
assert opcode is not Opcode.CONTINUATION
if proto.client:
bits = self.client_max_window_bits
else:
bits = self.server_max_window_bits
self._compressor = zlib.compressobj(zlib.Z_DEFAULT_COMPRESSION,
zlib.DEFLATED, -int(bits))
data = self._compressor.compress(bytes(data))
if fin:
data += self._compressor.flush(zlib.Z_SYNC_FLUSH)
data = data[:-4]
if proto.client:
no_context_takeover = self.client_no_context_takeover
else:
no_context_takeover = self.server_no_context_takeover
if no_context_takeover:
self._compressor = None
return (rsv, data)
def __repr__(self):
descr = ['client_max_window_bits=%d' % self.client_max_window_bits]
if self.client_no_context_takeover:
descr.append('client_no_context_takeover')
descr.append('server_max_window_bits=%d' % self.server_max_window_bits)
if self.server_no_context_takeover:
descr.append('server_no_context_takeover')
descr = '; '.join(descr)
return '<%s %s>' % (self.__class__.__name__, descr)
#: SUPPORTED_EXTENSIONS maps all supported extension names to their class.
#: This can be used to iterate all supported extensions of wsproto, instantiate
#: new extensions based on their name, or check if a given extension is
#: supported or not.
SUPPORTED_EXTENSIONS = {
PerMessageDeflate.name: PerMessageDeflate
}

579
mitmproxy/contrib/wsproto/frame_protocol.py Normal file
View File

@ -0,0 +1,579 @@
# -*- coding: utf-8 -*-
"""
wsproto/frame_protocol
~~~~~~~~~~~~~~
WebSocket frame protocol implementation.
"""
import os
import itertools
import struct
from codecs import getincrementaldecoder
from collections import namedtuple
from enum import Enum, IntEnum
from .compat import unicode, Utf8Validator
try:
from wsaccel.xormask import XorMaskerSimple
except ImportError:
class XorMaskerSimple:
def __init__(self, masking_key):
self._maskbytes = itertools.cycle(bytearray(masking_key))
def process(self, data):
maskbytes = self._maskbytes
return bytearray(b ^ next(maskbytes) for b in bytearray(data))
class XorMaskerNull:
def process(self, data):
return data
# RFC6455, Section 5.2 - Base Framing Protocol
# Payload length constants
PAYLOAD_LENGTH_TWO_BYTE = 126
PAYLOAD_LENGTH_EIGHT_BYTE = 127
MAX_PAYLOAD_NORMAL = 125
MAX_PAYLOAD_TWO_BYTE = 2 ** 16 - 1
MAX_PAYLOAD_EIGHT_BYTE = 2 ** 64 - 1
MAX_FRAME_PAYLOAD = MAX_PAYLOAD_EIGHT_BYTE
# MASK and PAYLOAD LEN are packed into a byte
MASK_MASK = 0x80
PAYLOAD_LEN_MASK = 0x7f
# FIN, RSV[123] and OPCODE are packed into a single byte
FIN_MASK = 0x80
RSV1_MASK = 0x40
RSV2_MASK = 0x20
RSV3_MASK = 0x10
OPCODE_MASK = 0x0f
class Opcode(IntEnum):
"""
RFC 6455, Section 5.2 - Base Framing Protocol
"""
CONTINUATION = 0x0
TEXT = 0x1
BINARY = 0x2
CLOSE = 0x8
PING = 0x9
PONG = 0xA
def iscontrol(self):
return bool(self & 0x08)
class CloseReason(IntEnum):
"""
RFC 6455, Section 7.4.1 - Defined Status Codes
"""
NORMAL_CLOSURE = 1000
GOING_AWAY = 1001
PROTOCOL_ERROR = 1002
UNSUPPORTED_DATA = 1003
NO_STATUS_RCVD = 1005
ABNORMAL_CLOSURE = 1006
INVALID_FRAME_PAYLOAD_DATA = 1007
POLICY_VIOLATION = 1008
MESSAGE_TOO_BIG = 1009
MANDATORY_EXT = 1010
INTERNAL_ERROR = 1011
SERVICE_RESTART = 1012
TRY_AGAIN_LATER = 1013
TLS_HANDSHAKE_FAILED = 1015
# RFC 6455, Section 7.4.1 - Defined Status Codes
LOCAL_ONLY_CLOSE_REASONS = (
CloseReason.NO_STATUS_RCVD,
CloseReason.ABNORMAL_CLOSURE,
CloseReason.TLS_HANDSHAKE_FAILED,
)
# RFC 6455, Section 7.4.2 - Status Code Ranges
MIN_CLOSE_REASON = 1000
MIN_PROTOCOL_CLOSE_REASON = 1000
MAX_PROTOCOL_CLOSE_REASON = 2999
MIN_LIBRARY_CLOSE_REASON = 3000
MAX_LIBRARY_CLOSE_REASON = 3999
MIN_PRIVATE_CLOSE_REASON = 4000
MAX_PRIVATE_CLOSE_REASON = 4999
MAX_CLOSE_REASON = 4999
NULL_MASK = struct.pack("!I", 0)
class ParseFailed(Exception):
def __init__(self, msg, code=CloseReason.PROTOCOL_ERROR):
super(ParseFailed, self).__init__(msg)
self.code = code
Header = namedtuple("Header", "fin rsv opcode payload_len masking_key".split())
Frame = namedtuple("Frame",
"opcode payload frame_finished message_finished".split())
RsvBits = namedtuple("RsvBits", "rsv1 rsv2 rsv3".split())
def _truncate_utf8(data, nbytes):
if len(data) <= nbytes:
return data
# Truncate
data = data[:nbytes]
# But we might have cut a codepoint in half, in which case we want to
# discard the partial character so the data is at least
# well-formed. This is a little inefficient since it processes the
# whole message twice when in theory we could just peek at the last
# few characters, but since this is only used for close messages (max
# length = 125 bytes) it really doesn't matter.
data = data.decode("utf-8", errors="ignore").encode("utf-8")
return data
class Buffer(object):
def __init__(self, initial_bytes=None):
self.buffer = bytearray()
self.bytes_used = 0
if initial_bytes:
self.feed(initial_bytes)
def feed(self, new_bytes):
self.buffer += new_bytes
def consume_at_most(self, nbytes):
if not nbytes:
return bytearray()
data = self.buffer[self.bytes_used:self.bytes_used + nbytes]
self.bytes_used += len(data)
return data
def consume_exactly(self, nbytes):
if len(self.buffer) - self.bytes_used < nbytes:
return None
return self.consume_at_most(nbytes)
def commit(self):
# In CPython 3.4+, del[:n] is amortized O(n), *not* quadratic
del self.buffer[:self.bytes_used]
self.bytes_used = 0
def rollback(self):
self.bytes_used = 0
def __len__(self):
return len(self.buffer)
class MessageDecoder(object):
def __init__(self):
self.opcode = None
self.validator = None
self.decoder = None
def process_frame(self, frame):
assert not frame.opcode.iscontrol()
if self.opcode is None:
if frame.opcode is Opcode.CONTINUATION:
raise ParseFailed("unexpected CONTINUATION")
self.opcode = frame.opcode
elif frame.opcode is not Opcode.CONTINUATION:
raise ParseFailed("expected CONTINUATION, got %r" % frame.opcode)
if frame.opcode is Opcode.TEXT:
self.validator = Utf8Validator()
self.decoder = getincrementaldecoder("utf-8")()
finished = frame.frame_finished and frame.message_finished
if self.decoder is not None:
data = self.decode_payload(frame.payload, finished)
else:
data = frame.payload
frame = Frame(self.opcode, data, frame.frame_finished, finished)
if finished:
self.opcode = None
self.decoder = None
return frame
def decode_payload(self, data, finished):
if self.validator is not None:
results = self.validator.validate(bytes(data))
if not results[0] or (finished and not results[1]):
raise ParseFailed(u'encountered invalid UTF-8 while processing'
' text message at payload octet index %d' %
results[3],
CloseReason.INVALID_FRAME_PAYLOAD_DATA)
try:
return self.decoder.decode(data, finished)
except UnicodeDecodeError as exc:
raise ParseFailed(str(exc), CloseReason.INVALID_FRAME_PAYLOAD_DATA)
class FrameDecoder(object):
def __init__(self, client, extensions=None):
self.client = client
self.extensions = extensions or []
self.buffer = Buffer()
self.header = None
self.effective_opcode = None
self.masker = None
self.payload_required = 0
self.payload_consumed = 0
def receive_bytes(self, data):
self.buffer.feed(data)
def process_buffer(self):
if not self.header:
if not self.parse_header():
return None
if len(self.buffer) < self.payload_required:
return None
payload_remaining = self.header.payload_len - self.payload_consumed
payload = self.buffer.consume_at_most(payload_remaining)
if not payload and self.header.payload_len > 0:
return None
self.buffer.commit()
self.payload_consumed += len(payload)
finished = self.payload_consumed == self.header.payload_len
payload = self.masker.process(payload)
for extension in self.extensions:
payload = extension.frame_inbound_payload_data(self, payload)
if isinstance(payload, CloseReason):
raise ParseFailed("error in extension", payload)
if finished:
final = bytearray()
for extension in self.extensions:
result = extension.frame_inbound_complete(self,
self.header.fin)
if isinstance(result, CloseReason):
raise ParseFailed("error in extension", result)
if result is not None:
final += result
payload += final
frame = Frame(self.effective_opcode, payload, finished,
self.header.fin)
if finished:
self.header = None
self.effective_opcode = None
self.masker = None
else:
self.effective_opcode = Opcode.CONTINUATION
return frame
def parse_header(self):
data = self.buffer.consume_exactly(2)
if data is None:
self.buffer.rollback()
return False
fin = bool(data[0] & FIN_MASK)
rsv = RsvBits(bool(data[0] & RSV1_MASK),
bool(data[0] & RSV2_MASK),
bool(data[0] & RSV3_MASK))
opcode = data[0] & OPCODE_MASK
try:
opcode = Opcode(opcode)
except ValueError:
raise ParseFailed("Invalid opcode {:#x}".format(opcode))
if opcode.iscontrol() and not fin:
raise ParseFailed("Invalid attempt to fragment control frame")
has_mask = bool(data[1] & MASK_MASK)
payload_len = data[1] & PAYLOAD_LEN_MASK
payload_len = self.parse_extended_payload_length(opcode, payload_len)
if payload_len is None:
self.buffer.rollback()
return False
self.extension_processing(opcode, rsv, payload_len)
if has_mask and self.client:
raise ParseFailed("client received unexpected masked frame")
if not has_mask and not self.client:
raise ParseFailed("server received unexpected unmasked frame")
if has_mask:
masking_key = self.buffer.consume_exactly(4)
if masking_key is None:
self.buffer.rollback()
return False
self.masker = XorMaskerSimple(masking_key)
else:
self.masker = XorMaskerNull()
self.buffer.commit()
self.header = Header(fin, rsv, opcode, payload_len, None)
self.effective_opcode = self.header.opcode
if self.header.opcode.iscontrol():
self.payload_required = payload_len
else:
self.payload_required = 0
self.payload_consumed = 0
return True
def parse_extended_payload_length(self, opcode, payload_len):
if opcode.iscontrol() and payload_len > MAX_PAYLOAD_NORMAL:
raise ParseFailed("Control frame with payload len > 125")
if payload_len == PAYLOAD_LENGTH_TWO_BYTE:
data = self.buffer.consume_exactly(2)
if data is None:
return None
(payload_len,) = struct.unpack("!H", data)
if payload_len <= MAX_PAYLOAD_NORMAL:
raise ParseFailed(
"Payload length used 2 bytes when 1 would have sufficed")
elif payload_len == PAYLOAD_LENGTH_EIGHT_BYTE:
data = self.buffer.consume_exactly(8)
if data is None:
return None
(payload_len,) = struct.unpack("!Q", data)
if payload_len <= MAX_PAYLOAD_TWO_BYTE:
raise ParseFailed(
"Payload length used 8 bytes when 2 would have sufficed")
if payload_len >> 63:
# I'm not sure why this is illegal, but that's what the RFC
# says, so...
raise ParseFailed("8-byte payload length with non-zero MSB")
return payload_len
def extension_processing(self, opcode, rsv, payload_len):
rsv_used = [False, False, False]
for extension in self.extensions:
result = extension.frame_inbound_header(self, opcode, rsv,
payload_len)
if isinstance(result, CloseReason):
raise ParseFailed("error in extension", result)
for bit, used in enumerate(result):
if used:
rsv_used[bit] = True
for expected, found in zip(rsv_used, rsv):
if found and not expected:
raise ParseFailed("Reserved bit set unexpectedly")
class FrameProtocol(object):
class State(Enum):
HEADER = 1
PAYLOAD = 2
FRAME_COMPLETE = 3
FAILED = 4
def __init__(self, client, extensions):
self.client = client
self.extensions = [ext for ext in extensions if ext.enabled()]
# Global state
self._frame_decoder = FrameDecoder(self.client, self.extensions)
self._message_decoder = MessageDecoder()
self._parse_more = self.parse_more_gen()
self._outbound_opcode = None
def _process_close(self, frame):
data = frame.payload
if not data:
# "If this Close control frame contains no status code, _The
# WebSocket Connection Close Code_ is considered to be 1005"
data = (CloseReason.NO_STATUS_RCVD, "")
elif len(data) == 1:
raise ParseFailed("CLOSE with 1 byte payload")
else:
(code,) = struct.unpack("!H", data[:2])
if code < MIN_CLOSE_REASON or code > MAX_CLOSE_REASON:
raise ParseFailed("CLOSE with invalid code")
try:
code = CloseReason(code)
except ValueError:
pass
if code in LOCAL_ONLY_CLOSE_REASONS:
raise ParseFailed(
"remote CLOSE with local-only reason")
if not isinstance(code, CloseReason) and \
code <= MAX_PROTOCOL_CLOSE_REASON:
raise ParseFailed(
"CLOSE with unknown reserved code")
validator = Utf8Validator()
if validator is not None:
results = validator.validate(bytes(data[2:]))
if not (results[0] and results[1]):
raise ParseFailed(u'encountered invalid UTF-8 while'
' processing close message at payload'
' octet index %d' %
results[3],
CloseReason.INVALID_FRAME_PAYLOAD_DATA)
try:
reason = data[2:].decode("utf-8")
except UnicodeDecodeError as exc:
raise ParseFailed(
"Error decoding CLOSE reason: " + str(exc),
CloseReason.INVALID_FRAME_PAYLOAD_DATA)
data = (code, reason)
return Frame(frame.opcode, data, frame.frame_finished,
frame.message_finished)
def parse_more_gen(self):
# Consume as much as we can from self._buffer, yielding events, and
# then yield None when we need more data. Or raise ParseFailed.
# XX FIXME this should probably be refactored so that we never see
# disabled extensions in the first place...
self.extensions = [ext for ext in self.extensions if ext.enabled()]
closed = False
while not closed:
frame = self._frame_decoder.process_buffer()
if frame is not None:
if not frame.opcode.iscontrol():
frame = self._message_decoder.process_frame(frame)
elif frame.opcode == Opcode.CLOSE:
frame = self._process_close(frame)
closed = True
yield frame
def receive_bytes(self, data):
self._frame_decoder.receive_bytes(data)
def received_frames(self):
for event in self._parse_more:
if event is None:
break
else:
yield event
def close(self, code=None, reason=None):
payload = bytearray()
if code is None and reason is not None:
raise TypeError("cannot specify a reason without a code")
if code in LOCAL_ONLY_CLOSE_REASONS:
code = CloseReason.NORMAL_CLOSURE
if code is not None:
payload += bytearray(struct.pack('!H', code))
if reason is not None:
payload += _truncate_utf8(reason.encode('utf-8'),
MAX_PAYLOAD_NORMAL - 2)
return self._serialize_frame(Opcode.CLOSE, payload)
def ping(self, payload=b''):
return self._serialize_frame(Opcode.PING, payload)
def pong(self, payload=b''):
return self._serialize_frame(Opcode.PONG, payload)
def send_data(self, payload=b'', fin=True):
if isinstance(payload, (bytes, bytearray, memoryview)):
opcode = Opcode.BINARY
elif isinstance(payload, unicode):
opcode = Opcode.TEXT
payload = payload.encode('utf-8')
else:
raise ValueError('Must provide bytes or text')
if self._outbound_opcode is None:
self._outbound_opcode = opcode
elif self._outbound_opcode is not opcode:
raise TypeError('Data type mismatch inside message')
else:
opcode = Opcode.CONTINUATION
if fin:
self._outbound_opcode = None
return self._serialize_frame(opcode, payload, fin)
def _make_fin_rsv_opcode(self, fin, rsv, opcode):
fin = int(fin) << 7
rsv = (int(rsv.rsv1) << 6) + (int(rsv.rsv2) << 5) + \
(int(rsv.rsv3) << 4)
opcode = int(opcode)
return fin | rsv | opcode
def _serialize_frame(self, opcode, payload=b'', fin=True):
rsv = RsvBits(False, False, False)
for extension in reversed(self.extensions):
rsv, payload = extension.frame_outbound(self, opcode, rsv, payload,
fin)
fin_rsv_opcode = self._make_fin_rsv_opcode(fin, rsv, opcode)
payload_length = len(payload)
quad_payload = False
if payload_length <= MAX_PAYLOAD_NORMAL:
first_payload = payload_length
second_payload = None
elif payload_length <= MAX_PAYLOAD_TWO_BYTE:
first_payload = PAYLOAD_LENGTH_TWO_BYTE
second_payload = payload_length
else:
first_payload = PAYLOAD_LENGTH_EIGHT_BYTE
second_payload = payload_length
quad_payload = True
if self.client:
first_payload |= 1 << 7
header = bytearray([fin_rsv_opcode, first_payload])
if second_payload is not None:
if opcode.iscontrol():
raise ValueError("payload too long for control frame")
if quad_payload:
header += bytearray(struct.pack('!Q', second_payload))
else:
header += bytearray(struct.pack('!H', second_payload))
if self.client:
# "The masking key is a 32-bit value chosen at random by the
# client. When preparing a masked frame, the client MUST pick a
# fresh masking key from the set of allowed 32-bit values. The
# masking key needs to be unpredictable; thus, the masking key
# MUST be derived from a strong source of entropy, and the masking
# key for a given frame MUST NOT make it simple for a server/proxy
# to predict the masking key for a subsequent frame. The
# unpredictability of the masking key is essential to prevent
# authors of malicious applications from selecting the bytes that
# appear on the wire."
# -- https://tools.ietf.org/html/rfc6455#section-5.3
masking_key = os.urandom(4)
masker = XorMaskerSimple(masking_key)
return header + masking_key + masker.process(payload)
return header + payload

8
mitmproxy/proxy/protocol/websocket.py
View File

@ -1,10 +1,10 @@
import socket
from OpenSSL import SSL
from wsproto import events
from wsproto.connection import ConnectionType, WSConnection
from wsproto.extensions import PerMessageDeflate
from wsproto.frame_protocol import Opcode
from mitmproxy.contrib.wsproto import events
from mitmproxy.contrib.wsproto.connection import ConnectionType, WSConnection
from mitmproxy.contrib.wsproto.extensions import PerMessageDeflate
from mitmproxy.contrib.wsproto.frame_protocol import Opcode
from mitmproxy import exceptions
from mitmproxy import flow

1
setup.py
View File

@ -65,6 +65,7 @@ setup(
"certifi>=2015.11.20.1", # no semver here - this should always be on the last release!
"click>=6.2, <7",
"cryptography>=2.0,<2.2",
'h11>=0.7.0,<0.8',
"h2>=3.0, <4",
"hyperframe>=5.0, <6",
"kaitaistruct>=0.7, <0.8",