Commit Graph

1368 Commits

Author SHA1 Message Date
Thomas Kriechbaumer
f5fe93bf13 Merge pull request #1074 from mitmproxy/move-response-refresh
move HTTPResponse.refresh into netlib
2016-04-03 10:16:39 +02:00
Thomas Kriechbaumer
16fdbb4f2f Merge pull request #1073 from mitmproxy/first-line-format
form_(in|out) -> first_line_format
2016-04-03 10:16:06 +02:00
Maximilian Hils
35a6d6e7f6 response.msg -> response.reason 2016-04-02 22:54:46 +02:00
Maximilian Hils
4e2acc4d9d move HTTPResponse.refresh into netlib 2016-04-02 22:49:05 +02:00
Maximilian Hils
a267934d99 minor simplifications 2016-04-02 22:00:14 +02:00
Maximilian Hils
e6fa2688c9 form_(in|out) -> first_line_format 2016-04-02 21:57:35 +02:00
Maximilian Hils
050431fdd6 improve timing display 2016-04-02 21:33:51 +02:00
Maximilian Hils
610842cda5 fix FlowMaster.create_request, add test 2016-04-02 21:15:55 +02:00
Maximilian Hils
d6e58bd16c fix #1052 2016-04-02 21:07:55 +02:00
Maximilian Hils
3a1486183c fix #1061 2016-04-02 21:03:36 +02:00
Maximilian Hils
76b930ff70 Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2016-04-02 14:39:14 +02:00
Maximilian Hils
806aa0f41c improve .replace() and move it into netlib 2016-04-02 14:38:33 +02:00
Maximilian Hils
4ee8808b44 add Serializeable.copy 2016-04-02 13:50:53 +02:00
Will Coster
55bffe1782 Fix XSS vulnerability in HTTP errors
The make_error_response method does not properly escape characters
that end up in the response body. Since the error code can contain
user supplied values this leads to a potential XSS vulnerability.

Example:

    echo '<script>alert(1)</script>' | nc localhost 8888
2016-03-31 10:22:29 -07:00
Zohar Lorberbaum
6d16f44ab7 Merge with master 2016-03-28 10:03:26 -07:00
Zohar Lorberbaum
e56198ae7c cleaner target url 2016-03-28 09:51:06 -07:00
Zohar Lorberbaum
ef3d24e8c8 locust_task re-use locust_code. 2016-03-27 21:42:52 -07:00
Zohar Lorberbaum
9f77c80a32 pep8 2016-03-25 17:29:42 -07:00
Zohar Lorberbaum
5b07e8b3af Add UI shortcuts. 2016-03-24 20:29:53 -07:00
Zohar Lorberbaum
a44062effb Flow export to locust.io load test tool. 2016-03-23 01:49:18 -07:00
Maximilian Hils
2d6eb28fd0 py3++ 2016-03-20 23:39:57 +01:00
Maximilian Hils
e739517070 py3++ 2016-03-20 23:14:22 +01:00
Maximilian Hils
726536689b py3++ 2016-03-20 22:58:35 +01:00
Maximilian Hils
2ce023a991 py3++ 2016-03-20 22:50:03 +01:00
Maximilian Hils
6f902ffbb3 py3++: iteritems 2016-03-20 19:56:22 +01:00
Maximilian Hils
b0a16dee20 fix script exception display 2016-03-19 20:27:03 +01:00
Maximilian Hils
c52c59f858 port mitmproxy.scripts to py3 2016-03-19 19:53:27 +01:00
Maximilian Hils
7e49b8c186 add tests for mitmproxy.script.reloader 2016-03-19 03:04:55 +01:00
Maximilian Hils
898f5d10b9 improve mitmproxy.scripts semantics, clean up tests 2016-03-19 03:04:55 +01:00
Maximilian Hils
f5a6ebf584 remove code duplication 2016-03-18 14:54:42 +01:00
Maximilian Hils
983b0dd4f6 Merge pull request #1014 from ikoz/master
New option: Add server certs to client chain
2016-03-17 02:28:00 +01:00
ikoz
b4e7aaf2f6 Make the add-server-certs-to-client-chain and verify-upstream-cert options mutually exclusive whily processing the proxy options. Do the same for the add-server-certs-to-client-chain and no-upstream-cert options. 2016-03-16 22:57:57 +00:00
ikoz
8ed491201a Revert "Create mutually exclusive group for add-server-certs-to-client-chain and verify-upstream-cert command line options. These are not meaningful together."
This reverts commit 02e378486b.
2016-03-16 22:45:27 +00:00
ikoz
9cc55f211f Rename 'server' to 'upstream' in identifiers related to the AddServerCertsToClientChain feature 2016-03-16 19:20:18 +00:00
ikoz
02e378486b Create mutually exclusive group for add-server-certs-to-client-chain and verify-upstream-cert command line options. These are not meaningful together. 2016-03-16 19:15:44 +00:00
Thomas Kriechbaumer
0ab9e60168 Merge pull request #1019 from lilydjwg/master
add resolved IP address in "Details" tab
2016-03-15 23:28:08 +01:00
lilydjwg
eecadadce3 use "peer_address" instead of "sock_address" 2016-03-15 21:32:06 +08:00
Maximilian Hils
4604c25c60 fix #1025, refs #983 2016-03-12 23:55:56 +01:00
Maximilian Hils
d3a55cd3f0 Merge pull request #1027 from gzzhanghao/vscroll
[web] fix virtual scroll range
2016-03-12 19:00:16 +01:00
Jason
ae61025d5d [web] fix virtual scroll range 2016-03-12 23:06:21 +08:00
Thomas Kriechbaumer
2d31c5c786 Merge pull request #1011 from MatthewShao/master
Fix #1005
2016-03-11 17:33:04 +01:00
Thomas Kriechbaumer
e74e212a7a Merge pull request #1022 from dufferzafar/fix-1018
Fix missing cookie import
2016-03-11 13:19:58 +01:00
Shadab Zafar
90587cf998 Fix missing cookie import 2016-03-11 17:36:04 +05:30
Matthew Shao
426f84d930 Add update_focus method in console/__init__.py. 2016-03-11 08:44:51 +08:00
Jason
1c0496e051 [web] VirtualScroll and AutoScroll helper 2016-03-10 21:40:07 +08:00
依云
e9bff5ac56 add resolved IP address in "Details" tab 2016-03-10 21:23:31 +08:00
Maximilian Hils
b413a052f9 Merge pull request #1012 from gzzhanghao/router
[web] eliminate common.Router.getParams
2016-03-09 18:54:34 +01:00
Maximilian Hils
454cca43f0 Merge pull request #1015 from gzzhanghao/props
[web] dont mutate props
2016-03-09 18:53:05 +01:00
Jason
84f180847d [web] dont mutate props 2016-03-09 13:30:55 +08:00
ikoz
0169271bf9 New option: Add server certs to client chain
If enabled, append all server certificates to the certificate chain
served to the client, as extras. Can be used to bypass certain
certificate pinning impementations.
2016-03-08 18:13:36 +00:00
Jason
4522b2b62f [web] fix footer label margin 2016-03-09 00:39:51 +08:00
Jason
df8b21c08f [web] eliminate common.Router.getParams 2016-03-09 00:28:44 +08:00
Matthew Shao
6eb584f766 Fix #1005 2016-03-08 19:42:38 +08:00
Jason
ca9a493a1c [web] uniform code style for Footer component 2016-03-08 00:57:01 +08:00
Jason
0545326dc0 [web] eliminate SettingsState 2016-03-07 18:47:08 +08:00
Maximilian Hils
34d19cf12e Merge pull request #994 from gzzhanghao/common
[web] remove common.ChildFocus
2016-03-05 13:20:43 +01:00
Thomas Kriechbaumer
f59770e949 Merge pull request #969 from dufferzafar/pretty-export
Indent JSON body while exporting it as code
2016-03-04 19:57:22 +01:00
Thomas Kriechbaumer
d7e9dda85c Merge pull request #988 from xhy940801/master
Add upstream proxy authentication
2016-03-04 19:47:31 +01:00
yonder
0e27dfd9c1 Improve test case 2016-03-04 11:12:03 -05:00
Shadab Zafar
9540ede112 Use separators param in json.dumps() to avoid trailing whitespace 2016-03-04 01:05:35 +05:30
Shadab Zafar
01a99f2b25 Handle the case of correct json content-type but malformed body 2016-03-04 01:01:16 +05:30
Shadab Zafar
ec61cfddfd Use json instead of contentviews 2016-03-03 06:44:19 +05:30
yonder
b8ae666c78 Add test for upstream-auth 2016-03-02 12:19:33 -05:00
Jason
1d002182e3 [web] remove common.ChildFocus 2016-03-02 22:37:32 +08:00
Jason
70af4fae46 [web] StoreView.index -> indexOf 2016-03-02 21:55:36 +08:00
Jason
eb19077913 [web] fix StoreView.index 2016-03-02 15:59:56 +08:00
Shadab Zafar
1548185a17 Use requests' json parameter 2016-03-01 18:45:05 +05:30
Shadab Zafar
ac25206420 Indent JSON body while exporting it as code
Fixes #968
2016-03-01 17:39:32 +05:30
yonder
0077e0f8d9 Add upstream proxy authentication 2016-03-01 17:40:32 +08:00
Maximilian Hils
3de89ab16c web: use es6 modules 2016-02-29 02:57:35 +01:00
Maximilian Hils
9192427d7b web: fix router 2016-02-29 02:16:38 +01:00
Maximilian Hils
cbb068edaa fix up web stuff 2016-02-28 22:35:08 +01:00
Maximilian Hils
c68ab3e60c Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2016-02-27 02:17:10 +01:00
Maximilian Hils
b8b37fdad6 add simplified connection constructor 2016-02-27 02:17:01 +01:00
Maximilian Hils
679c97ec3e fix #966 2016-02-27 02:13:26 +01:00
Thomas Kriechbaumer
02ec4c8207 fix h2 imports
fixes #975
2016-02-23 22:10:15 +01:00
Maximilian Hils
cf57020038 fix proxy reconnect 2016-02-20 22:08:49 +01:00
Thomas Kriechbaumer
985213a6bc fix tests 2016-02-20 18:55:43 +01:00
Maximilian Hils
e8611acb76 fix #951 2016-02-19 00:46:57 +01:00
Aldo Cortesi
a635e04fbf console: slightly less hacky hack show http2 warning after first tick 2016-02-19 12:16:55 +13:00
Thomas Kriechbaumer
7d2c7efa57 enable HTTP/2 by default if available 2016-02-18 23:53:53 +01:00
Maximilian Hils
d33d3663ec combine projects 2016-02-18 13:03:40 +01:00
Maximilian Hils
18b619e164 move mitmproxy/web to root 2016-02-18 12:29:35 +01:00
Maximilian Hils
bf024cd153 Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2016-02-18 11:27:40 +01:00
Maximilian Hils
f42af90612 move bin into release, update rtool 2016-02-18 11:25:29 +01:00
Aldo Cortesi
31ab3a231e Merge pull request #959 from thiagoarrais/doc-fix
Fix misleading documentation for clipboard command
2016-02-18 10:42:07 +13:00
Thiago Arrais
3343882737 Fix help
'P' can also be used on the request screen!
2016-02-17 18:34:21 -03:00
Aldo Cortesi
46abde94a4 Merge branch 'h2' of https://github.com/Kriechi/mitmproxy into Kriechi-h2 2016-02-18 10:22:33 +13:00
Aldo Cortesi
36e070ee25 Pull bin to the top, move pathod examples to examples dir 2016-02-18 10:15:59 +13:00
Aldo Cortesi
2e7b29ce20 Merge remote-tracking branch 'origin/unify' 2016-02-18 10:10:31 +13:00
Aldo Cortesi
92597f82ea Docs and examples to top level 2016-02-18 09:27:08 +13:00
Aldo Cortesi
49464de1cb Merge branch 'master' of ssh.github.com:mitmproxy/mitmproxy 2016-02-18 09:05:54 +13:00
Aldo Cortesi
10047a025f One CHANGELOG at the top of the repo 2016-02-18 09:05:24 +13:00
Thomas Kriechbaumer
262b4bc482 upgrade h2, remove reset-stream hotfix 2016-02-17 15:34:31 +01:00
Will Coster
595d2a2fa0 Add a content view for query parameters
The query content view uses format_dict to display a table of query
parameters and is made the default content view for requests with
query parameters and no request body.

To facilitate this the query parameter dictionary of HTTPRequests is
added to the metadata content view parameter under the "query" key.

Additionally, the logic for handling "no content" messages is moved
from contentviews.get_content_view to ViewAuto. This is necessary as
it allows the query content view to be displayed when there is no
request body.
2016-02-16 18:50:10 -08:00
Maximilian Hils
b7701eb8c1 add combined MANIFEST.in and CHANGELOG 2016-02-17 00:02:18 +01:00
Thomas Kriechbaumer
d95a1f9819 fix all libmproxy->mitmproxy references 2016-02-16 20:56:33 +01:00
Thomas Kriechbaumer
f1a0a3b228 rename mitmproxy source directory 2016-02-16 20:37:59 +01:00
Maximilian Hils
5101843683 fix wheel creation, re-add MANIFEST.in 2016-02-16 04:28:10 +01:00
Maximilian Hils
4583fa7922 remove MANIFEST.in, move Dockerfile to root 2016-02-16 00:57:42 +01:00
Maximilian Hils
ec4f7ab050 update mitmproxy changelog 2016-02-16 00:45:43 +01:00
Maximilian Hils
615e4ec163 Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2016-02-16 00:22:41 +01:00
Maximilian Hils
10f9b6faa7 fix release tool, refs #947 2016-02-16 00:22:38 +01:00
Aldo Cortesi
d17ae31452 Satisfy pip constraints, set +x on executables 2016-02-16 12:04:25 +13:00
Maximilian Hils
f864266ccc update shield.io badges 2016-02-15 23:05:30 +01:00
Maximilian Hils
3d9a5157e7 use own shields instance, update pathod readme 2016-02-15 21:13:06 +01:00
Maximilian Hils
a78c6f1cb0 update README.rst, minor fixes 2016-02-15 19:43:55 +01:00
Maximilian Hils
b7af845523 fix appveyor, re-introduce requirements.txt 2016-02-15 18:12:12 +01:00
Maximilian Hils
a1190c3696 adjust travis 2016-02-15 17:06:32 +01:00
Maximilian Hils
b211bef9a1 fix tests 2016-02-15 16:34:38 +01:00
Maximilian Hils
d7158f975e move tests into shared folder 2016-02-15 16:34:22 +01:00
Maximilian Hils
95cef3c0e9 merge metadata files 2016-02-15 15:43:59 +01:00
Maximilian Hils
33fa49277a move mitmproxy 2016-02-15 14:58:46 +01:00
Aldo Cortesi
a05a70d816 Add coding style check, reformat. 2015-05-30 12:03:28 +12:00
Aldo Cortesi
e5412e9dd9 Docs stub for Unbuntu, restore executable flag on binaries. 2014-09-09 17:57:39 +12:00
Maximilian Hils
5fdec6b7cb re-add mitmproxy/mitmdump scripts for convenience 2014-09-08 23:45:45 +02:00
Maximilian Hils
fbc4bb38df mitmproxy -> libmproxy.main. do some leanup on the way 2014-09-08 23:34:43 +02:00
Maximilian Hils
f14eeef653 remove debug switch 2014-03-13 23:47:02 +01:00
Maximilian Hils
1bfc164692 adjust tests, fix option handling 2014-03-13 01:22:12 +01:00
Maximilian Hils
aefb30ea60 restrict -e to mitmproxy only (not mitmdump) 2014-03-12 22:13:00 +01:00
Maximilian Hils
5598a8de82 finish proxy.py split up 2014-03-09 21:51:24 +01:00
Maximilian Hils
5811e79361 print warning if netlib and mitmproxy versions are different. 2014-01-22 16:21:17 +01:00
Aldo Cortesi
edb10e33aa Remove GPL notices left in source files after our change to the MIT license.
Thanks to Roy Shamir for reporting this.
2013-08-01 11:08:00 +12:00
Aldo Cortesi
9f6657727b Make UTF environment detection more robust.
Fixes #125
2013-06-09 11:20:02 +12:00
Aldo Cortesi
9e94fdc6db Make ready for pyinstaller. 2013-05-15 11:25:25 +12:00
Aldo Cortesi
d86b7c7f77 Prin an error when mitmproxy runs in a non-UTF environment. 2013-05-13 21:41:16 +12:00
Maximilian Hils
ed389d8f05 use argparse instead of optparse 2012-08-17 19:11:59 +02:00
Aldo Cortesi
35d5da9f11 Move palette option getting/setting to mitmproxy.
Unbreaks mitmdump.
2012-07-03 13:42:09 +12:00
Aldo Cortesi
f9b04b84cd Silence a (rare) KeyboardInterrupt exception in mitmproxy. 2012-05-31 21:18:41 -07:00
Aldo Cortesi
c02fdb2463 Refactor proxy.Server to fix a crash when replaying with -n 2012-04-02 13:24:51 +12:00
Aldo Cortesi
76175672ad Add specification of replacement patterns on the command line. 2012-03-17 17:20:34 +13:00
Aldo Cortesi
cdd5a53767 Refactor console.
Split the console implementation out into logical components.
2012-02-07 16:39:37 +13:00
Aldo Cortesi
d9db1cf5b3 Change size limit cmdline flag to -Z, enable size limits for replay. 2011-09-09 17:31:36 +12:00
Aldo Cortesi
67f2610032 Add HTTP body size limit specification to command-line tools. 2011-09-09 15:27:31 +12:00
András Veres-Szentkirályi
9abff4f0ac Removed unused imports 2011-08-18 23:30:02 +02:00
Aldo Cortesi
e285b17e3f Add -r option to mitmdump and mitmproxy.
This option reads a set of flows from a file. I've also regularized the
mitmdump and mitmproxy command-line signatures by removing mitmproxy's old way
of specifying flow loads through naked arguments.
2011-05-15 11:54:12 +12:00
Aldo Cortesi
f89581be1b Add a -n option which tells the tools not to bind a proxy.
This is useful when you just want to inspect or process dumps.
2011-05-14 10:44:25 +12:00
Aldo Cortesi
c3105153a5 Add some debugging output to help troubleshoot a performance problem. 2011-03-27 13:10:06 +13:00
Aldo Cortesi
6cb40d03f4 Fix a number of small UI infelicities.
- Make request/response view switching behave sensibly
- Avoid having an empty string appear in connection view text. This makes urwid
misbehave.
- Make it clear that intercept and cookies specifications are filters.
2011-03-13 21:16:42 +13:00
Aldo Cortesi
0042687f0d Remove beep functionality from mitmproxy.
This acts funny (sometimes works, sometimes doesn't) and isn't really useful.
2011-03-13 11:26:30 +13:00
Aldo Cortesi
2f457e041e Unify mitmproxy and mitmdump commandline
- Extract common options into cmdline.py
- Change mitmproxy keybindings to fit command line

Some cmdline options and keybindings aren't in operation yet - just stubs
where functionality will be added in the next few commits.
2011-03-12 14:30:12 +13:00
Aldo Cortesi
9927ebad3e Make mitmproxy handle invalid flow data gracefully. 2011-03-12 13:49:54 +13:00
Aldo Cortesi
40e9067b83 Handle invalid bind address specifications gracefully. 2011-03-12 13:47:37 +13:00
Aldo Cortesi
592812467d Move version constants to version.py, add version to serialized flows.
For now, we don't do anything with the serialized version info, but this should
give us some future-proofing for serialization format changes.
2011-03-09 12:36:14 +13:00
Aldo Cortesi
2e492b8e94 Minor command-line argument fixes. 2011-02-25 21:33:31 +13:00
Aldo Cortesi
57f96c5fe0 Minor housekeeping - unused code, nocover directives.
95% test coverage.
2011-02-24 15:44:08 +13:00
Aldo Cortesi
7ddba22f51 Certificates are now generated in a temporary per-session directory.
This means that certificates don't accumulate in the conf directory, users
don't have to clear certificates if the CA is regenerated, and the user can
specify a custom CA without invalid certificates being loaded inadvertently.
2011-02-20 13:29:41 +13:00
Aldo Cortesi
c2ae8285f4 Revamp SSL configuration.
- Move option parsing utiliities to proxy.py

- Don't have a global config object. Pass it as an argument to ProxyServer.

- Simplify certificate generation logic.
2011-02-20 12:53:42 +13:00
Aldo Cortesi
4fc807cedd Clean up certificate generation.
- Use templates for config files. We can re-introduce customization of the
certificate attributes when we need them.

- Split CA and cert generation into separate functions.

- Generation methods provide an error return when generation fails.

- When the user explicitly specifies a certificate, we don't generate it, but
fail if it doesn't exist.
2011-02-20 12:17:10 +13:00
Henrik Nordstrom
7758385ac1 Extract common SSL certificate option processing 2011-02-16 15:50:44 +01:00
Aldo Cortesi
d9374ff97b Extract common SSL certificate options into a group.
Use this only in mitmdump and mitmproxy for now.
2011-02-16 23:09:42 +13:00
Henrik Nordstrom
32adee8743 Implement a dummy CA 2011-02-10 02:59:51 +01:00
Henrik Nordstrom
4ffaadd435 Allow specifying the accepted ciphersuites 2011-02-10 02:59:51 +01:00
Henrik Nordstrom
061cea89da Import cache store control into console controller 2011-02-10 02:59:51 +01:00
Aldo Cortesi
44dc3a052e Add option to tell mitmproxy which interfaces to bind to. 2011-02-06 10:52:54 +13:00
Aldo Cortesi
091db9cdf2 Prompt user on quit. 2011-01-28 12:55:02 +13:00
Aldo Cortesi
96e714a74c Handle nonexistent load files gracefully.
Also improve IOError statusbar messages.
2011-01-27 15:20:07 +13:00
Aldo Cortesi
345ac0f2a0 Refine flow saving shortcuts.
"S" to save all flows.

"s" to save just the current flow.
2011-01-27 15:03:53 +13:00
Aldo Cortesi
efe11a0782 Kill deadlock that sometimes occurred on shutdown. 2011-01-27 13:32:24 +13:00
Aldo Cortesi
bd6c0499fb Fix UI sync bugs introduced by flow serialization. 2011-01-26 22:17:42 +13:00
Aldo Cortesi
7983dbb26a Abstract flow management out of the interactive code. 2011-01-25 15:02:48 +13:00
Aldo Cortesi
f457342aab Add mitmproxy command line flags for a number of filter expressions.
For now, these are supported: intercept, limit, sticky cookies, beep
2010-03-01 15:42:38 +13:00
Aldo Cortesi
0188cf8a1a Just make using the user's terminal background the default.
This just makes sense. Later on, we'll have a config file in which users can
set the palette, so that they can over-ride the default background if they
really want.
2010-03-01 14:50:35 +13:00
Aldo Cortesi
b91156723b Split mitmproxy and mitmdump - mitmdump is the non-interactive verison of mitmproxy. 2010-03-01 14:48:06 +13:00
Aldo Cortesi
a7cea1749b Make beeping more general.
- The "B" key now sets a filter pattern. Whenever the filter matches, the
  terminal beeps.
- The beep specification is now stored in the State object, where I want to
  keep all mutable state.
- I've removed the startup flags for beeping for now. We probably want to let
  users specify a number of options on startup, including interception patterns
  and limits. When we do this, we should also separate out the dumping and
  curses programs, because many of these options will only make sense in one of
  the two.
- This isn't an exact replacement for the beep functionality I ripped out,
  because specifying beeping on intercept is slightly cumbersome (you need to
  re-specify the intercept pattern using B). Sorry - we'll add a better way
  soon.
2010-03-01 13:56:28 +13:00
Thomas Roth
a5f87657e1 Added beeping. --bireq and --bires enables beeping on intercepted requests/responses. 2010-02-26 14:01:38 +01:00
Thomas Roth
0e76f0f341 Added a 'keep terminal background' option (-t), so that you can use it with your own background color. (Foreground color following.) 2010-02-26 00:20:49 +01:00
Aldo Cortesi
cb0e328709 Initial checkin. 2010-02-16 17:09:07 +13:00