Commit Graph

283 Commits

Author SHA1 Message Date
Maximilian Hils
21de99cb09 add comments 2013-12-10 02:30:07 +01:00
Maximilian Hils
a78b185278 refactor ProxyHandler, remove duplicate code 2013-12-10 01:47:19 +01:00
Maximilian Hils
4984bbb83b remove code duplication in ProxyHandler by unifying read_transparent and read_reverse 2013-12-09 19:10:15 +01:00
Maximilian Hils
a509a9037b Merge branch 'master' into 0.10 2013-12-08 14:14:57 +01:00
Aldo Cortesi
73791f986a Merge pull request #166 from ghjc/forward-proxy
Added -F http[s]://server:port option that allows MITM to forward traffi...
2013-12-08 01:05:33 -08:00
Aldo Cortesi
4816cae98c Merge pull request #170 from jsoriano/master
Reverse proxy works with SSL
2013-12-08 01:02:17 -08:00
Aldo Cortesi
dfcec4ffba Merge pull request #180 from mitmproxy/add_serverconnection_scripthook
Add serverconnection scripthook
2013-12-08 00:55:55 -08:00
Maximilian Hils
d4c3b1c213 attempt to fix https://github.com/mitmproxy/netlib/issues/24 2013-11-19 04:08:16 +01:00
Maximilian Hils
675518f873 add serverconnect script hook 2013-11-18 17:25:52 +01:00
Jaime Soriano Pastor
7140323bdb New method establish_ssl to avoid duplicated code 2013-09-26 12:38:13 +02:00
Jaime Soriano Pastor
f33d128a7f Reverse proxy works with SSL 2013-09-26 12:23:48 +02:00
Maximilian Hils
2956c144d3 Merge branch 'master' into 0.10 2013-09-14 23:47:04 +02:00
JC
65d1ed1b3c Added -F http[s]://server:port option that allows MITM to forward traffic to another http server upstream. 2013-08-30 17:19:58 -07:00
Aldo Cortesi
a2643b52f9 Tweak timing display
- Remove elapsed time. Space is at a premium here, and this is somewhat
redundant with the rate figure. We should display complete timing information
somewhere in the detailed flow view.
- Tone down the colour. Reserve highlights for stuff that should really pop out
to the user.
- Make rate calculation more acurate. Include header sizes. Use response start
and end time, rather than request end and response end. This means that we show
actual transfer rates, not including DNS requests and so forth.
2013-08-23 10:25:44 +12:00
Maximilian Hils
729677cd85 Merge branch 'master' into 0.10 2013-08-17 13:30:36 +02:00
Aldo Cortesi
f850bdd848 Revamp dummy cert store
We no longer keep these on disk. This is for a number of reasons, including
some race conditions and the fact that some valid IDNA-encoded domain names are
not valid file names on Windows.
2013-08-12 16:04:02 +12:00
Aldo Cortesi
2c4e5e0a73 Better handling of cert errors on connection. 2013-08-10 23:07:22 +12:00
Aldo Cortesi
edb10e33aa Remove GPL notices left in source files after our change to the MIT license.
Thanks to Roy Shamir for reporting this.
2013-08-01 11:08:00 +12:00
Aldo Cortesi
439d9a294c Make use of a change to netlib.tcp that clarifies error conditions for flush and close.
Should fix #144.
2013-07-30 09:42:29 +12:00
Maximilian Hils
29bcbd57d5 fix #144
netlib wraps IOError in NetLibDisconnect, so we need to cover this as well.
2013-07-28 21:05:17 +02:00
Aldo Cortesi
df3d2d70ed Terminate can be called on an unconnected server connection. 2013-07-28 18:05:04 +12:00
Aldo Cortesi
10b744ee08 Properly terminate SSL server connections.
Before, we had dangling SSL server connections causing resource exhaustion.

I believe this fixe #144 and #153
2013-07-28 10:50:25 +12:00
Aldo Cortesi
5c1157ddaf Move app instantiation out of proxy.py. 2013-07-24 10:32:56 +12:00
Aldo Cortesi
55f7e8d5b9 Don't take minor version into account when checking serialized data compatiblity. 2013-07-13 14:44:09 +12:00
Matthias Urlichs
d9cc6f1dd6 proxy.py: Catch channel.ask() returning None when terminating 2013-06-28 07:53:56 +02:00
Matthias Urlichs
be1377850e Close connection when flush fails 2013-06-26 15:02:55 +02:00
Maximilian Hils
84248d431b fix send_error behavior if there are no headers 2013-06-17 10:52:19 +02:00
Aldo Cortesi
61c794e08f Merge pull request #107 from rouli/master
Adding remote TCP and SSL setup timestamps
2013-04-19 17:19:26 -07:00
Aldo Cortesi
e3fd0e838d Add a basic built-in web app. 2013-03-25 09:20:26 +13:00
Aldo Cortesi
98e4421a90 Trim docs. 2013-03-23 15:42:25 +13:00
Rouli
c6bf28f3f7 adding tcp and ssl setup timestamps to get better resolution on flows performance 2013-03-19 18:21:52 +02:00
Aldo Cortesi
790ad468e4 Fix bug that caused mis-identification of some HTTPS connections in transparent mode. 2013-03-17 14:35:36 +13:00
Aldo Cortesi
cde66cd584 Fuzzing, and fixes for errors found with fuzzing. 2013-03-03 22:03:27 +13:00
Aldo Cortesi
2465b8a376 100% unit test coverage on proxy.py. Hallelujah! 2013-03-03 12:13:33 +13:00
Aldo Cortesi
d5876a12ed Unit test proxy option parsing. 2013-03-03 11:58:57 +13:00
Aldo Cortesi
5c6587d4a8 Move HTTP auth module to netlib. 2013-03-03 10:37:06 +13:00
Aldo Cortesi
c20d1d7d32 Extend unit tests for proxy.py to some tricky cases. 2013-03-02 22:42:36 +13:00
Aldo Cortesi
415844511c Test cert generation errors. 2013-03-02 16:59:16 +13:00
Aldo Cortesi
a95d78438c Test SNI for transparent mode. 2013-03-02 15:06:49 +13:00
Aldo Cortesi
10db82e9a0 Test SNI for ordinary proxy connections. 2013-03-02 14:52:05 +13:00
Aldo Cortesi
ba674ad551 New SNI handling mechanism. 2013-03-01 09:05:39 +13:00
Aldo Cortesi
0257815141 Significantly simplify server connection handling, and test. 2013-02-24 22:24:21 +13:00
Aldo Cortesi
705559d65e Refactor to prepare for SNI fixes. 2013-02-24 17:35:24 +13:00
Aldo Cortesi
d0639e8925 Handle server disconnects better.
Server connections can be closed for legitimate reasons, like timeouts. If
we've already pumped data over a server connection, we reconnect on error. If
not, we treat it as a legitimate error and pass it on to the client.

Fixes #85
2013-02-24 14:04:56 +13:00
Aldo Cortesi
269780c577 Unit test dummy response functions. 2013-02-23 16:34:59 +13:00
Aldo Cortesi
7800b7c910 Refactor proxy core communications to be clearer. 2013-02-23 14:10:27 +13:00
Aldo Cortesi
aaf892e3af Significantly refactor the master/slave message passing interface. 2013-02-17 12:42:48 +13:00
Aldo Cortesi
782bbee8c0 Unit tests for ServerConnectionPool 2013-01-29 11:35:57 +13:00
Aldo Cortesi
2aa175a6ca Stub implementation of a server connection pool. 2013-01-29 10:55:19 +13:00
Aldo Cortesi
a74ca40660 Unravel enormously long read_request into three distinct methods. 2013-01-28 22:26:25 +13:00
Aldo Cortesi
57f01ffb07 Test suite, remove extraneous code. 2013-01-28 21:59:03 +13:00
Aldo Cortesi
25cb9471f0 Add tests for client certificate support. 2013-01-20 22:39:28 +13:00
Aldo Cortesi
6600c589ab Rudimentary testing for client certs. 2013-01-18 17:08:30 +13:00
Aldo Cortesi
7a79eeb143 Merge branch 'master' of ssh.github.com:cortesi/mitmproxy
Conflicts:
	test/test_server.py
2013-01-18 14:50:31 +13:00
Rouli
446f9f0a0f Merge remote-tracking branch 'upstream/master' 2013-01-17 17:33:29 +02:00
Rouli
20fa6a3083 changing requests and responses to have two timestamps, one marking their initiation, and the other their complete 2013-01-17 17:32:56 +02:00
Aldo Cortesi
d0ee4d60d0 Unit tests and minor code refactoring for ServerConnection. 2013-01-05 19:44:12 -08:00
Aldo Cortesi
060e3198bc Remove cert_wait_time flag.
We now cater for this by generating certs with a commencement date an hour in
the past in netlib.
2013-01-06 01:18:47 +13:00
Aldo Cortesi
891c441a6d Use new netlib certificate store implementation. 2013-01-06 01:16:08 +13:00
Aldo Cortesi
46ab6ed491 Minor cleanups of proxy request handling. 2013-01-04 14:19:32 +13:00
Aldo Cortesi
09f664cdea Refactor proxy auth a bit
- Remove authentication scheme option. We only support basic at the moment -
we'll add the option back when we diversify.
- Add some meta variables to make printout nicer
2013-01-02 17:35:44 +13:00
Aldo Cortesi
e42136a6ef Better error handling for transparent mode remote address resolution. 2013-01-01 11:24:11 +13:00
Aldo Cortesi
5347cb9c26 More work on proxy auth
- Strip auth header if auth succeeds, so it's not passed upstream
- Actually use realm specification to BasicProxyAuth, and make it mandatory
- Cleanups and unit tests
2012-12-31 10:56:44 +13:00
Aldo Cortesi
018c229ae4 Start solidifying proxy authentication
- Add a unit test file
- Remove some extraneous methods
- Change the auth API to make the authenticate method take a header object.
2012-12-31 09:15:56 +13:00
israel
440a9f6bda adding some simple authetication code to limit proxy access 2012-12-30 01:41:58 -08:00
Aldo Cortesi
21f74efa10 Stub out ctypes structures for OSX transparent mode. 2012-09-17 11:05:20 +12:00
Aldo Cortesi
54cee9db7f Catch a potential exception on connection finalization. 2012-09-14 09:40:13 +12:00
Aldo Cortesi
1b7990897e Command-line options for header setting. 2012-08-19 00:14:16 +12:00
Maximilian Hils
ed389d8f05 use argparse instead of optparse 2012-08-17 19:11:59 +02:00
Jim Lloyd
0ef18a7cba Adds --dummy-certs option to specify certdir
If --dummy-certs=CERTSDIR is provided, use CERTSDIR as the location
for generating/finding the dummy certs. And in this case, preserve
the CERTSDIR directory on exit.
2012-08-06 14:09:35 -07:00
Aldo Cortesi
87d05a95ff Handle invalid headers. 2012-07-30 12:54:50 +12:00
Aldo Cortesi
f93a621856 Only log real errors in WSGI apps. 2012-07-24 16:18:22 +12:00
Chris Neasbitt
525a8f6a16 Fixed a bug causing an AttributeError when request is set to false but response not None in ProxyHandler.handle_request 2012-07-17 13:24:15 -04:00
Aldo Cortesi
1d09a558a7 Fix a subtle termination condition when there's an error in a WSGI app. 2012-07-11 07:16:06 +12:00
Aldo Cortesi
04d9ec8c3c Make WSGI apps work in transparent mode. 2012-07-10 15:53:53 +12:00
Aldo Cortesi
79af9e89c4 Test replay corner cases. Fix discovered bugs. 2012-07-09 11:18:03 +12:00
Aldo Cortesi
097b566e54 Handle new netlib.tcp.NetLibDisconnect exception. 2012-07-08 23:49:44 +12:00
Aldo Cortesi
837fcc65f5 Make upstream-cert the default. There's now a --no-upstream-cert option to turn it off. 2012-07-03 22:56:25 +12:00
Aldo Cortesi
fe86194cc2 Fix Python coredump (!!) on SNI IDNA decoding. 2012-07-03 22:55:02 +12:00
Aldo Cortesi
9c30e2e86d Correct handing of IDNA encoding of internationalized domain names.
- Use IDNA encoding for hostnames gleaned by upstream-cert sniffing
- Use IDNA decoding for URL display in mitmproxy and mitmdump.
2012-07-03 22:27:16 +12:00
Aldo Cortesi
ef986202ee Make server version configurable. 2012-07-03 14:12:52 +12:00
Aldo Cortesi
90365e270e Catch and handle SSL connection errors. 2012-07-01 12:10:32 +12:00
Aldo Cortesi
4e9d4e8ddd Tweak upstream SNI. 2012-07-01 11:53:46 +12:00
Aldo Cortesi
d74a341e5d Beef up logging substantially. 2012-07-01 00:15:03 +12:00
Aldo Cortesi
f070e4523a Handle invalid data more gracefully.
Fixes #47
2012-06-30 15:59:42 +12:00
Aldo Cortesi
38ebc81590 Add error when -T is passed on an unsupported platform. 2012-06-30 11:24:41 +12:00
Aldo Cortesi
243e0efefc Adjust for new get_remote_cert API. 2012-06-28 10:02:14 +12:00
Aldo Cortesi
35ee0c098f Remove certutils from mitmproxy. 2012-06-27 16:43:33 +12:00
Aldo Cortesi
49dedd361c Fix replay. 2012-06-27 16:22:25 +12:00
Aldo Cortesi
dd55a3e0b6 Use SNI-indicated hostname for cert generation when not using upstream certs. 2012-06-27 12:12:11 +12:00
Aldo Cortesi
ceef6ee6be Enable SSL in transparent mode. 2012-06-26 23:51:38 +12:00
Aldo Cortesi
e6cdbefb3b Add transparent mode platform module for Linux. 2012-06-26 20:49:34 +12:00
Aldo Cortesi
ad893ad134 Transparent proxy command-line flag stub. 2012-06-26 20:08:24 +12:00
Aldo Cortesi
015a74fd14 We no longer store scheme on ServerConnection. 2012-06-26 18:29:12 +12:00
Aldo Cortesi
52d0536d2c Use new TCPClient.convert_to_ssl API. 2012-06-25 15:53:26 +12:00
Aldo Cortesi
e08f91c237 Port to explicit netlib connection API. 2012-06-25 11:37:12 +12:00
Aldo Cortesi
eac3b29d5f Factor read_response out into netlib. 2012-06-24 22:01:11 +12:00
Aldo Cortesi
4db2abc01c read_headers now returns an ODictCaseless object. 2012-06-24 21:49:59 +12:00
Aldo Cortesi
e7c75933e7 read_http_body -> read_http_body_request/response 2012-06-23 15:08:01 +12:00
Aldo Cortesi
874649f134 Adapt for API changes in netlib. 2012-06-23 14:06:34 +12:00