Commit Graph

9611 Commits

Author SHA1 Message Date
Maximilian Hils
9688618bbd clarify that IS_WINDOWS includes WSL 2021-10-11 18:29:42 +02:00
Maximilian Hils
aad92c9d5a
Merge pull request #4847 from mhils/flowfilter
Flowfilter Improvements
2021-10-09 18:38:56 +02:00
Maximilian Hils
e3640801a5 lint! 2021-10-09 18:34:29 +02:00
Vinh Quang Tran
0b48fdfc29
Prevent connection lost in mitmweb when pressing Download button. (#4849) 2021-10-09 18:32:07 +02:00
Maximilian Hils
25bdf2f9d8 web: update filters 2021-10-08 18:39:22 +02:00
Maximilian Hils
c2d8674a7b web: minor fixes 2021-10-08 18:39:22 +02:00
Maximilian Hils
c43a2ef8dc improve flowfilter api: raise on invalid input, add ~all 2021-10-08 17:45:47 +02:00
Maximilian Hils
adfccb90a5 minor fixes 2021-10-08 17:36:16 +02:00
Brad Dixon
9346002e0f
Add client_playback_concurrency option (#4842)
* nowait

* docs, tests, flake8

* we ideally support other values in the future

Co-authored-by: Maximilian Hils <github@maximilianhils.com>
2021-10-08 13:08:36 +02:00
Maximilian Hils
79896e23b7 contentview example: be explicit about passed metadata 2021-10-07 15:21:46 +02:00
Aaron Tan
278611bf77
Fix websocket view jumps to top bug (#4845) 2021-10-06 17:06:01 +02:00
Thomas Kriechbaumer
7a66231253
fix import errors caused by coverage.py (#4843)
* fix import errors caused by coverage.py

* LINT

Co-authored-by: Maximilian Hils <github@maximilianhils.com>
2021-10-05 19:32:11 +00:00
Maximilian Hils
aa2f935dbb
Don't allow server.via change for live connections (#4841)
* don't allow `server.via` change for live connections

* return early if no tls context was set
2021-10-05 21:19:51 +02:00
Thomas Kriechbaumer
6be24f452e
Merge pull request #4810 from mhils/h2-fuzzing
Improve h2 Fuzzing Setup
2021-10-05 21:15:57 +02:00
Thomas Kriechbaumer
9e8b96a5cc bump h2 to v4.1 for fixes 2021-10-05 20:56:23 +02:00
Maximilian Hils
25c5da1857 return early if no tls context was set 2021-10-05 19:49:35 +02:00
Maximilian Hils
0f5b8c88af don't allow server.via change for live connections 2021-10-05 19:45:52 +02:00
Maximilian Hils
3cb89069b9 fix compat with upcoming cryptography release 2021-10-05 08:19:37 +02:00
Maximilian Hils
b2a760b4e9
Merge pull request #4829 from mitmproxy/requires-io-main
[requires.io] dependency update on main branch
2021-09-29 12:11:11 +02:00
Maximilian Hils
1919c0de59
Don't set 'content-length' with 'transfer-encoding' (#4827)
* Don't set 'content-length' with 'transfer-encoding'

When updating the response content for a response, avoid adding the
'content-length' header if the response contains a 'transfer-encoding'
header, from the spec [1]:

> When a message does not have a Transfer-Encoding header field, a
Content-Length header field can provide the anticipated size, as a
decimal number of octets, for a potential payload body

Note the 'transfer-encoding' header is not used with HTTP/2

https://httpwg.org/specs/rfc7230.html#header.content-length

* don't crash when sending content-length+transfer-encoding

Co-authored-by: Maximilian Hils <git@maximilianhils.com>
2021-09-28 18:38:25 +02:00
Maximilian Hils
4a3fefdf25 don't crash when sending content-length+transfer-encoding 2021-09-28 18:31:08 +02:00
Matthew Hughes
60a056a2d8 Don't set 'content-length' with 'transfer-encoding'
When updating the response content for a response, avoid adding the
'content-length' header if the response contains a 'transfer-encoding'
header, from the spec [1]:

> When a message does not have a Transfer-Encoding header field, a
Content-Length header field can provide the anticipated size, as a
decimal number of octets, for a potential payload body

Note the 'transfer-encoding' header is not used with HTTP/2

https://httpwg.org/specs/rfc7230.html#header.content-length
2021-09-28 18:31:08 +02:00
Maximilian Hils
18d3144b39
[requires.io] dependency update (#4826)
Co-authored-by: requires.io <support@requires.io>
2021-09-27 17:43:43 +02:00
Ikko Ashimine
80bc6e147e
Fix typo in optmanager.py (#4825)
assigment -> assignment
2021-09-25 17:09:30 +02:00
Maximilian Hils
7e24e77ac4
improve handling of flows with invalid content-lengths (#4819) 2021-09-23 18:03:52 +00:00
Matthew Hughes
7b4e219c4e
mitmweb: handle {en,de}coding on server-side (#4811)
* mitmweb: handle {en,de}coding on server-side

Handle this server-side rather than passing the message content encoding
details back when fetching flow content. If {en,de}coding fails, return
the raw request contents.

This addresses https://github.com/mitmproxy/mitmproxy/issues/4809

* fix typo

Co-authored-by: Maximilian Hils <github@maximilianhils.com>
2021-09-23 15:55:43 +02:00
Maximilian Hils
c1003ee332
[requires.io] dependency update on main branch (#4814)
* [requires.io] dependency update

* [requires.io] dependency update

Co-authored-by: requires.io <support@requires.io>
2021-09-21 22:33:42 +02:00
Maximilian Hils
b5de2d75b5
ci: update ubuntu version used for builds 2021-09-21 22:31:58 +02:00
Maximilian Hils
667d4e0474 catch more tls errors where we know it's a trust issue 2021-09-16 13:38:37 +02:00
Maximilian Hils
eeb8a47806
add 7.0.3 changelog 2021-09-16 12:07:19 +02:00
Maximilian Hils
a124b1eceb improve h2 fuzzing setup 2021-09-16 11:55:37 +02:00
Maximilian Hils
cf32b18d2f
hyper-h2: catch IndexError as well 2021-09-16 11:41:52 +02:00
Maximilian Hils
b41416b729
Merge pull request from GHSA-22gh-3r9q-xf38
This commit makes mitmproxy hard-fail when it encounters any attempts
at request/response smuggling.

For details, see https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38
2021-09-16 11:12:59 +02:00
Matthew Hughes
d9cac6fbcd
Make Cert.not{before,after} timezone aware (#4805)
I noticed when running tests the output of
`web/src/js/__tests__/ducks/_tflow.ts` would change depending on how I
set my timezone, e.g.

    $ TZ=America/Los_Angeles pytest --quiet \
        test/mitmproxy/tools/web/test_app.py >/dev/null \
        && grep --extended-regexp 'not(after|before)' web/src/js/__tests__/ducks/_tflow.ts
                "notafter": 2235132207,
                "notbefore": 1604415807,
    $ TZ=Asia/Tokyo pytest --quiet \
        test/mitmproxy/tools/web/test_app.py >/dev/null \
        && grep --extended-regexp 'not(after|before)'  web/src/js/__tests__/ducks/_tflow.ts
                "notafter": 2235074607,
                "notbefore": 1604354607

It looks like this is because the `cert_to_json` function simply calls
`timestamp` the `datetime` object from
`x509.Certificate.not_valid_before`, however, this `datetime` object is
not timestamp aware, from the docs [1]:

> A naïve datetime representing the beginning of the validity period for
the certificate in UTC

So when serializing to JSON, first convert the `datetime` to UTC then
call `timestamp`.

A test was added by inspecting one of the test certs with:

    $ openssl x509 -in test/mitmproxy/net/data/text_cert_2 -text

Extracting the date and asserting on that.

The corresponding test has also been re-run so that `_tflow.ts` was
regenerated with it's correct value. Snapshots were also updated via:

    $(npm bin)/jest --updateSnapshot

[1] https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.not_valid_after
2021-09-16 10:53:36 +02:00
Maximilian Hils
3bdc5ca0d1
protobuf: accept older versions 2021-09-16 10:50:15 +02:00
Maximilian Hils
38b0d27ad7
[requires.io] dependency update on main branch (#4807)
* [requires.io] dependency update

* [requires.io] dependency update

Co-authored-by: requires.io <support@requires.io>
2021-09-16 10:49:50 +02:00
Maximilian Hils
31f089cb8d
make urwid work with ProactorEventLoop (#4806) 2021-09-14 12:59:35 +00:00
Matthew Hughes
8c03f7bf8b
Fix warning in pytest (#4803)
Escape backslashes in pydocs containing '\*' (markdown escape sequence).
This removes the one warning I saw when running `pytest`:

    /mitmproxy/mitmproxy/http.py:97: DeprecationWarning: invalid escape sequence \*
2021-09-13 20:10:56 +00:00
Maximilian Hils
35596bd5e4
[requires.io] dependency update on main branch (#4801)
* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* Update setup.py

Co-authored-by: requires.io <support@requires.io>
2021-09-13 15:25:35 +00:00
Maximilian Hils
4229253a6e
bump installbuilder (#4800) 2021-09-13 15:02:15 +00:00
Maximilian Hils
e3556fbaad
Create SECURITY.md 2021-09-13 16:34:33 +02:00
Maximilian Hils
017344dfe4 tls: api docs++ 2021-09-04 17:03:26 +02:00
Maximilian Hils
7fd887a553 move tls hook data to mitmproxy.tls 2021-09-04 16:37:39 +02:00
Maximilian Hils
bdf4e31c58 move ClientHello to mitmproxy.tls 2021-09-04 16:10:39 +02:00
Maximilian Hils
9f39e2f387 tests++ 2021-09-04 16:03:06 +02:00
Maximilian Hils
98a3e33477 tls: add tls_handshake, ignore-after-clienthello
this fixes #4702
2021-09-04 00:24:41 +02:00
Maximilian Hils
0437d2935e make flake8 happy 2021-09-04 00:23:45 +02:00
Maximilian Hils
75ccd44c42 add more benchmark/memoryleak tooling 2021-09-03 21:34:53 +02:00
Maximilian Hils
4e5a0ae71d
charset detection: ignore case when searching in HTML (#4785) 2021-08-31 09:13:28 +00:00
Maximilian Hils
d5bba9878b
Merge pull request #4780 from mhils/socks5-auth
Support SOCKS5 Authentication
2021-08-27 10:30:54 +02:00