mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 10:16:27 +00:00
Improved error-handling / supplemented documention.
This commit is contained in:
parent
377921fa99
commit
fbfedbdc8f
@ -1,5 +1,6 @@
|
|||||||
.. _transparent:
|
.. _transparent:
|
||||||
|
|
||||||
|
====================
|
||||||
Transparent Proxying
|
Transparent Proxying
|
||||||
====================
|
====================
|
||||||
|
|
||||||
@ -20,5 +21,20 @@ destination of the TCP connection.
|
|||||||
At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
|
At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
|
||||||
and all current flavors of Linux.
|
and all current flavors of Linux.
|
||||||
|
|
||||||
|
Fully transparent mode
|
||||||
|
=======
|
||||||
|
By default mitmproxy will use its own local ip address for its server-side connections.
|
||||||
|
In case this isn't desired, the --spoof-source-address argument can be used to
|
||||||
|
use the client's ip address for server-side connections.
|
||||||
|
|
||||||
|
This mode does require root privileges though. There's a wrapper in the examples directory
|
||||||
|
called 'mitmproxy_shim.c', which will enable you to use this mode with dropped priviliges.
|
||||||
|
It can be used as follows:
|
||||||
|
|
||||||
|
gcc examples/mitmproxy_shim.c -o mitmproxy_shim -lcap
|
||||||
|
sudo chown root:root mitmproxy_shim
|
||||||
|
sudo chmod u+s mitmproxy_shim
|
||||||
|
./mitmproxy_shim $(which mitmproxy) -T --spoof-source-address
|
||||||
|
|
||||||
.. _iptables: http://www.netfilter.org/
|
.. _iptables: http://www.netfilter.org/
|
||||||
.. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\)
|
.. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\)
|
||||||
|
@ -478,7 +478,7 @@ def proxy_options(parser):
|
|||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--spoof-source-address",
|
"--spoof-source-address",
|
||||||
action="store_true", dest="spoof_source_address",
|
action="store_true", dest="spoof_source_address",
|
||||||
help="Use client's IP for the server-side connection"
|
help="Use the client's IP for server-side connections"
|
||||||
)
|
)
|
||||||
|
|
||||||
def proxy_ssl_options(parser):
|
def proxy_ssl_options(parser):
|
||||||
|
@ -117,9 +117,11 @@ class ServerConnectionMixin(object):
|
|||||||
|
|
||||||
self.server_conn = None
|
self.server_conn = None
|
||||||
if self.config.options.spoof_source_address:
|
if self.config.options.spoof_source_address:
|
||||||
self.server_conn = models.ServerConnection(server_address, (self.ctx.client_conn.address.host, 0), True)
|
self.server_conn = models.ServerConnection(
|
||||||
|
server_address, (self.ctx.client_conn.address.host, 0), True)
|
||||||
else:
|
else:
|
||||||
self.server_conn = models.ServerConnection(server_address, (self.config.options.listen_host, 0))
|
self.server_conn = models.ServerConnection(
|
||||||
|
server_address, (self.config.options.listen_host, 0))
|
||||||
|
|
||||||
self.__check_self_connect()
|
self.__check_self_connect()
|
||||||
|
|
||||||
@ -162,10 +164,11 @@ class ServerConnectionMixin(object):
|
|||||||
self.channel.tell("serverdisconnect", self.server_conn)
|
self.channel.tell("serverdisconnect", self.server_conn)
|
||||||
|
|
||||||
if self.config.options.spoof_source_address:
|
if self.config.options.spoof_source_address:
|
||||||
self.server_conn = models.ServerConnection(address, (self.ctx.client_conn.address.host, 0), True)
|
self.server_conn = models.ServerConnection(
|
||||||
|
address, (self.ctx.client_conn.address.host, 0), True)
|
||||||
else:
|
else:
|
||||||
self.server_conn = models.ServerConnection(address, (self.server_conn.source_address.host, 0))
|
self.server_conn = models.ServerConnection(
|
||||||
|
address, (self.server_conn.source_address.host, 0))
|
||||||
|
|
||||||
def connect(self):
|
def connect(self):
|
||||||
"""
|
"""
|
||||||
|
@ -58,3 +58,6 @@ class InvalidCertificateException(TlsException):
|
|||||||
|
|
||||||
class Timeout(TcpException):
|
class Timeout(TcpException):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
class ProtocolException(NetlibException):
|
||||||
|
pass
|
||||||
|
@ -731,10 +731,11 @@ class TCPClient(_Connection):
|
|||||||
try:
|
try:
|
||||||
connection = socket.socket(self.address.family, socket.SOCK_STREAM)
|
connection = socket.socket(self.address.family, socket.SOCK_STREAM)
|
||||||
if self.spoof_source_address:
|
if self.spoof_source_address:
|
||||||
if os.geteuid() != 0:
|
try:
|
||||||
raise RuntimeError("Insufficient privileges to set socket option")
|
|
||||||
else:
|
|
||||||
connection.setsockopt(socket.SOL_IP, 19, 1)
|
connection.setsockopt(socket.SOL_IP, 19, 1)
|
||||||
|
except socket.error as e:
|
||||||
|
raise exceptions.ProtocolException(
|
||||||
|
"Failed to spoof the source address: " + e.strerror)
|
||||||
if self.source_address:
|
if self.source_address:
|
||||||
connection.bind(self.source_address())
|
connection.bind(self.source_address())
|
||||||
connection.connect(self.address())
|
connection.connect(self.address())
|
||||||
@ -874,6 +875,7 @@ class BaseHandler(_Connection):
|
|||||||
|
|
||||||
|
|
||||||
class Counter:
|
class Counter:
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._count = 0
|
self._count = 0
|
||||||
self._lock = threading.Lock()
|
self._lock = threading.Lock()
|
||||||
|
Loading…
Reference in New Issue
Block a user