Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-27 10:26:23 +00:00
Code Issues Projects Releases Wiki Activity
647 Commits 1 Branch 67 Tags 50 MiB
173ff0b235
Commit Graph

647 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maximilian Hils
810c2f2414 Merge remote-tracking branch 'origin/hostname-validation' 2015-11-04 21:33:32 +01:00
Maximilian Hils
9d12425d5e Set default cert expiry to <39 months 
This sould fix mitmproxy/mitmproxy#815
 2015-11-04 11:28:02 +01:00
Maximilian Hils
9d36f8e43f minor fixes 2015-11-01 18:20:00 +01:00
Maximilian Hils
5af9df326a fix certificate verification 
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:

 1. Exactly mirror the host names presented by the server in the
    spoofed certificate presented to the client.
 2. Require the client to send the TLS Server Name Indication
    extension. While this does not work with older clients,
    we can validate the hostname on the proxy.

Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
 2015-11-01 18:15:30 +01:00
Maximilian Hils
b4eb4eab92 adjust test certificate generation 2015-11-01 17:48:34 +01:00
Maximilian Hils
267837f441 add test certificate generator 2015-10-16 18:12:36 +02:00
Maximilian Hils
2e1f7ecd55 fix tests 2015-09-28 14:04:25 +02:00
Maximilian Hils
67229fbdf7 Merge branch 'http-models' 2015-09-28 13:53:59 +02:00
Maximilian Hils
5261bcdf4b properly adjust tests for 87566da3ba 2015-09-28 11:46:18 +02:00
Maximilian Hils
87566da3ba fix mitmproxy/mitmproxy#784 2015-09-28 11:18:00 +02:00
Maximilian Hils
23d13e4c12 test response model, push coverage to 100% branch cov 2015-09-27 00:49:41 +02:00
Maximilian Hils
466888b01a improve request tests, coverage++ 2015-09-26 20:07:11 +02:00
Maximilian Hils
49ea8fc0eb refactor response model 2015-09-26 17:39:50 +02:00
Maximilian Hils
106f7046d3 refactor request model 2015-09-26 00:39:04 +02:00
Maximilian Hils
45f2ea33b2 minor fixes 2015-09-25 18:24:18 +02:00
Maximilian Hils
c7b8322500 also accept bytes as arguments 2015-09-22 01:56:09 +02:00
Maximilian Hils
f937522773 Headers: return str on all Python versions 2015-09-22 01:48:35 +02:00
Maximilian Hils
9fbeac50ce revert websocket changes from 73586b1b 
The DEFAULT construct is very weird,
but with None we apparently break pathod
in some difficult-to-debug ways.
Revisit once we do more here.
 2015-09-21 22:49:39 +02:00
Thomas Kriechbaumer
21579f0add Merge pull request #98 from Kriechi/master 
backport changes
 2015-09-21 18:51:44 +02:00
Thomas Kriechbaumer
e9fe45f3f4 backport changes 2015-09-21 18:45:49 +02:00
Maximilian Hils
1ff8f294b4 minor encoding fixes 2015-09-21 18:34:43 +02:00
Maximilian Hils
9dea36e439 remove nose references 2015-09-21 01:22:05 +02:00
Maximilian Hils
151942d7ae update appveyor 2015-09-21 01:13:59 +02:00
Maximilian Hils
f0ff68023d remove nose as a dependency 2015-09-21 01:11:42 +02:00
Maximilian Hils
eaf66550b0 always use py.test 2015-09-21 01:08:19 +02:00
Maximilian Hils
f2e3e6af6d test on pypy3 2015-09-21 00:45:52 +02:00
Maximilian Hils
73586b1be9 python 3++ 2015-09-21 00:44:17 +02:00
Maximilian Hils
daebd1bd27 python3++ 2015-09-20 20:35:45 +02:00
Maximilian Hils
292a0aa9e6 make tests compatible with py.test 2015-09-20 19:56:57 +02:00
Maximilian Hils
0ad5cbc6bf python3++ 2015-09-20 19:56:45 +02:00
Maximilian Hils
693cdfc6d7 python3++ 2015-09-20 19:40:09 +02:00
Maximilian Hils
3f1ca556d1 python3++ 2015-09-20 18:12:55 +02:00
Maximilian Hils
91cdd78201 improve http error messages 2015-09-19 11:59:40 +02:00
Maximilian Hils
551d9f11e5 experimental: don't interfere with headers 2015-09-18 18:05:50 +02:00
Maximilian Hils
d1904c2f52 python3++ 2015-09-18 15:38:31 +02:00
Maximilian Hils
7b6b157547 properly handle SNI IPs 
fixes mitmproxy/mitmproxy#772
We must use the ipaddress package here, because that's what cryptography
uses. If we opt for something else, we have nasty namespace conflicts.
 2015-09-18 15:35:02 +02:00
Maximilian Hils
f2c87cff8a fix py3 tests 2015-09-17 17:32:59 +02:00
Maximilian Hils
266b80238d fix tests 2015-09-17 17:29:55 +02:00
Maximilian Hils
d798ed955d python3++ 2015-09-17 16:31:50 +02:00
Maximilian Hils
8d71059d77 clean up http message models 2015-09-17 15:16:12 +02:00
Maximilian Hils
a07e43df8b http1: add assemble_body function 2015-09-17 02:39:42 +02:00
Maximilian Hils
dad9f06cb9 organize exceptions, improve content-length handling 2015-09-17 02:14:14 +02:00
Maximilian Hils
e1659f3fcf Merge pull request #92 from mitmproxy/python3 
Python3 & HTTP1 Refactor
 2015-09-16 20:19:52 +02:00
Maximilian Hils
265f31e878 adjust http1-related code 2015-09-16 18:43:24 +02:00
Maximilian Hils
9b882d2450 test parts on python 3.5 2015-09-16 00:09:43 +02:00
Maximilian Hils
a077d8877d finish netlib.http.http1 refactor 2015-09-16 00:04:23 +02:00
Maximilian Hils
11e7f476bd wip 2015-09-15 19:12:15 +02:00
Maximilian Hils
2f9c566e48 remove pathod as dependency 2015-09-13 14:33:45 +02:00
Maximilian Hils
997fcde8ce make clean_bin unicode-aware 2015-09-12 17:03:09 +02:00
Maximilian Hils
a38142d595 don't yield empty chunks 2015-09-11 01:17:39 +02:00