Commit Graph

69 Commits

Author SHA1 Message Date
anneborcherding
7fdcbb09e6
added add-ons that enhance the performance of web application scanners. (#3961)
* added add-ons that enhance the performance of web application scanners.

Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-05-04 10:37:13 +02:00
Thomas Kriechbaumer
5ea75a1a81 examples: reformat to prevent too long lines 2020-04-11 11:12:18 +02:00
Thomas Kriechbaumer
481970d9b8
Merge pull request #3846 from kimbo/kl/block-doh
Example for detecting/blocking DNS over HTTTPS queries
2020-04-05 09:09:37 +02:00
kimbo
83987f9b69 broke up long line into multiple lines 2020-04-04 21:27:58 -06:00
kimbo
f36a5b8aa8 replace scraping and DNS lookups with static list 2020-04-04 21:18:58 -06:00
Thomas Kriechbaumer
678be7a052 improve scripting docs 2020-04-04 15:36:13 +02:00
Maximilian Hils
420da96e92
lint! 2020-04-03 17:47:58 +02:00
Maximilian Hils
c56ca19d7d
fix nonblocking example
this fixes #3877
2020-04-03 17:18:35 +02:00
kimbo
a70ab62797 fix lint errors 2020-03-04 22:06:27 -07:00
kimbo
81113a0dcc add block doh example to examples/complex/README 2020-03-04 21:16:30 -07:00
kimbo
95d725cda9 example for blocking DNS queries over HTTPS 2020-03-04 21:16:02 -07:00
Shrub, Aliaksei
6e1cf33071 Fix converting to HAR in case of void response 2019-11-29 10:08:19 +03:00
Maximilian Hils
3550bdfe00
Merge pull request #3693 from typoon/fix-command-bar-issue-3259
Improve Command Bar UX
2019-11-21 14:13:08 +01:00
Maximilian Hils
cb22fc68d1 adjust remote debug example to latest pycharm version 2019-11-18 02:52:20 +01:00
Maximilian Hils
ac22aee2f5 cleanup mypy usage 2019-11-16 15:14:30 +01:00
Maximilian Hils
bdc15cbe0c update mypy 2019-11-12 04:38:13 +01:00
Thomas Kriechbaumer
53cb5bf40f bump deps 2019-09-28 17:37:43 +02:00
Thomas Kriechbaumer
a54954ee1e fix linting 2019-09-28 12:29:16 +02:00
Maximilian Hils
e97a804e89
make dict comprehension more readable 2019-09-05 22:13:49 +02:00
RamiBerm
4ce5e1386c
Updated har_dump,py timings dictionary function
the HAR file spec (http://www.softwareishard.com/blog/har-12-spec/#timings) states that timings that do not apply for a certain requests should be set to -1, this example may set -1000 as a timings value for certain requests.
This ends up producing invalid HAR files in many cases.

My proposed fix is to assign -1 into the dic and only multiply by 1000 for other values
2019-09-03 17:19:50 +03:00
Mickaël Schoentgen
3a2d7bb119 Fix several DeprecationWarning: invalid escape sequence
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-05 23:37:48 +01:00
Alex Lauerman
93cb73e2cd
Corrected keep_host_header usage option
I tested this locally to verify this change is correct.
2018-10-25 16:15:55 -05:00
David Kremer
e46e064df3 [examples/xss_scanner] replace relative import
test_xss_scanner.py was utterly failing because of a trouble (bug?)
with the `monkeypatch` fixture failing to replace `gethostbyname`
with the correct mock function.

Indeed, when stepping through the code, the `gethostbyname` presumably
mocked was reported as a builtin python function. The problem could
then come from the fact that it is hard to monkeypatch builtin function
in python.

Using absolute imports seems to resolve the problem.
2018-08-15 19:47:55 +02:00
Pierre Cavan
2326f973df
Update CLI usage instructions 2018-06-26 13:09:45 +02:00
madt1m
773c953514 View API slightly extended; codebase cleaned in some points 2018-06-13 11:56:14 +02:00
Thomas Kriechbaumer
976ab0c466 websocket: inject messages via flow 2018-05-16 21:50:15 +02:00
Thomas Kriechbaumer
e305a320a2 fix tcp example 2018-05-11 11:58:01 +02:00
Maximilian Hils
0c101a4bcc
Merge pull request #3106 from cortesi/noprint
Ditch the addon stdout wrapper
2018-05-08 15:24:02 +02:00
0xHJK
a46a317dca har_dump example cmdline invocation 2018-05-08 16:27:56 +08:00
Aldo Cortesi
af1a4ffdcd Ditch the addon stdout wrapper
This results in a 30% improvement in our core request throughput.

Fixes #3102
2018-05-08 14:26:41 +12:00
Aldo Cortesi
f5dc0aace1 Revamp dup_and_replay example
- Exposes view.add as a command
- Copes with cases where a view addon isn't present
- Avoids infinite loop caused by replaying replays

Fixes #3096
2018-05-05 09:34:22 +12:00
oscure76
0e984e1442 fix Python 3.6 variable type annotations #3053 2018-04-14 16:24:41 -07:00
luz.paz
afbb7f117b Misc. typos
Found via `codespell -q 3 -I ../mitmproxy-word-whitelist.txt`
Where whitelist contains:
```
cas
doubleclick
nd
ot
seeked
statics
te
thru
```
2018-02-24 21:45:11 -05:00
Arushit Mudgal
91834f98cc Extend mypy checking, fix #2194 (#2819) 2018-02-03 21:37:33 +01:00
Thomas Kriechbaumer
9aae3213b9 rename TLS/SSL-related attributes
SSL is an outdated protocol superseeded by TLS. Although the commonly
used library is called OpenSSL, it is no reason to still use outdated
language for attributes.
2018-01-06 10:43:47 +01:00
David Dworken
04a06eb6b5 Added scanning for CSS injection and iframe injection 2017-10-17 23:39:33 -04:00
Suraj Tripathi
781369a326 fix #2477 (#2556) 2017-09-01 23:08:34 +02:00
Ujjwal Verma
6367dcab8e update streaming docs 2017-07-04 10:53:23 +02:00
Aldo Cortesi
2a46f3851a Merge pull request #2265 from cortesi/addons
Addons and addon testing
2017-04-27 07:40:14 +12:00
Maximilian Hils
ab07b79138 Merge pull request #2270 from F1ashhimself/master
Update readme for complex examples
2017-04-26 17:15:34 +02:00
Maksim Beloborodko
90a5b90b0d Update readme for complex examples 2017-04-26 17:14:41 +03:00
Maximilian Hils
87610cc8b2 fix #2250, add type info to cookie module 2017-04-26 14:17:14 +02:00
Aldo Cortesi
5327756377 Addons and addon testing
- Fix some loading sequence bugs affecting command-line script invocation
- Allow addons to over-ride existing options (with a warning). We need this for
reloading.
- Convert har_dump to new-style arguments, fix and re-instate its test suite.
- Covnert miscelaneous other exmples to new-style args.
2017-04-26 19:56:33 +12:00
Aldo Cortesi
e6eeab6094 Revamp how addons work
- Addons now nest, which means that addons can manage addons. This has a number
of salutary effects - the scripts addon no longer has to poke into the global
addons list, we no longer have to replace/remove/boot-outof parent addons when
we load scripts, and this paves the way for making our top-level tools into
addons themselves.
- All addon calls are now wrapped in a safe execution environment where
exceptions are caught, and output to stdout/stderr are intercepted and turned
into logs.
- We no longer support script arguments in sys.argv - creating an option
properly is the only way to pass arguments. This means that all scripts are
always directly controllable from interctive tooling, and that arguments are
type-checked.

For now, I've disabled testing of the har dump example - it needs to be moved
to the new argument handling, and become a class addon. I'll address that in a
separate patch.
2017-04-25 22:13:44 +12:00
Aldo Cortesi
65f0885bd6 addon loader: add boot_into, which replaces returning from start()
While we're here, expand test coverage for addonmanager to 100%, and promote to
individual coverage.
2017-03-25 10:48:12 +13:00
Aldo Cortesi
541c1e8b9f addons: start -> load throughout 2017-03-25 10:48:12 +13:00
Aldo Cortesi
1410cbb4b6 Remove test handlers by using taddons.RecordingMaster
This also means expanding and tweaking the recording master API, which we
reflect through the current test suite
2017-03-16 18:05:57 +13:00
Aldo Cortesi
0c6663d0d5 Enable custom options for addons
- Add an options parameter to the start() event. This is to be used by addons
on startup to add custom options.
- Add a running() event that is called once the proxy is up and running.
- With the new paradigm we can't log during master __init__, so add a tiny
termstatus addon to print proxy status to terminal once we're running.
2017-03-14 08:32:19 +13:00
Maximilian Hils
927b5707fe fix tcp.Address leftovers
this fixes the issue described in https://github.com/mitmproxy/mitmproxy/issues/2119#issuecomment-285067292
2017-03-08 16:18:34 +01:00
Nikhil Soni
0081d9b828 Merge branch 'master' into on-issues 2017-03-03 12:58:44 +05:30