Commit Graph

55 Commits

Author SHA1 Message Date
Aldo Cortesi
8b841bc9e3 Factor out cert operations in to certutils.py. 2012-02-29 13:20:53 +13:00
Aldo Cortesi
764724748b Fix cert generation harder. 2012-02-27 15:59:29 +13:00
Aldo Cortesi
2c73e8f816 Fix problems with SANs and certificate generation. 2012-02-27 15:36:19 +13:00
Aldo Cortesi
2ba8296843 Better certificate parsing. 2012-02-27 15:21:05 +13:00
Aldo Cortesi
00942c1431 Add upstream certificate lookup.
This initiates a connection to the server to obtain certificate information to
generate interception certificates. At the moment, the information used is the
Common Name, and the list of Subject Alternative Names.
2012-02-27 15:05:45 +13:00
Aldo Cortesi
7aa79b89e8 Firm up what we consider to be a valid proxy spec. 2012-02-18 16:29:02 +13:00
Aldo Cortesi
6ad8b1a15d Firm up reverse proxy specification.
- Extract proxy spec parsing and unparsing functions.
- Add a status indicator in mitmproxy.
- Add the "R" keybinding for changing the reverse proxy from within mitmproxy.
2012-02-18 16:27:09 +13:00
Aldo Cortesi
a7df6e1503 Refactor reverse proxying
- Retain the specification from the Host header as a Request's description.
- Expand upstream proxy specifications to include the scheme. We now say https://hostname:port
- Move the "R" revert keybinding to "v" to make room for a reverse proxy
binding that matches the command-line flag.
2012-02-18 14:45:22 +13:00
Aldo Cortesi
2709441d5b Add get_query and set_query methods to Request. 2012-02-09 16:40:31 +13:00
Aldo Cortesi
76f2595df7 KVEditor: "e" shortcut spawns an external editor on a field. 2012-02-08 18:25:00 +13:00
Aldo Cortesi
c6150cc198 Address an issue that allows a malicious client to place certificate files in arbitrary directories.
Thanks to David Black (disclosure@d1b.org) for pointing this out.
2012-01-21 14:26:36 +13:00
Aldo Cortesi
d5e3722c97 Fix an issue caused by some editors when editing a request/response body.
Many editors make it hard save a file without a terminating newline on the last
line. When editing message bodies, this can cause problems. For now, I just
strip the newlines off the end of the body when we return from an editor.
2012-01-21 12:43:00 +13:00
Aldo Cortesi
67f2610032 Add HTTP body size limit specification to command-line tools. 2011-09-09 15:27:31 +12:00
Aldo Cortesi
e5bded7dee Improve robustness against invalid data. 2011-09-05 07:47:47 +12:00
András Veres-Szentkirályi
b1dc418a53 Replaced unnecessary lists with generators 2011-08-18 23:29:57 +02:00
Aldo Cortesi
b51aac8a86 Code cleanliness - appease pychecker. 2011-08-04 10:34:34 +12:00
Aldo Cortesi
57c653be5f Move all HTTP objects to flow.py
That's Request, Response, ClientConnect, ClientDisconnect, Error, and Headers.
2011-08-03 22:41:38 +12:00
Aldo Cortesi
1ff6a767d0 Unit test++ 2011-08-02 16:52:47 +12:00
Aldo Cortesi
357502fe03 General cleanup.
Cut out unused variables and code, generally shut up pychecker as much as is
reasonable.
2011-08-02 16:14:33 +12:00
Stephen Altamirano
78049abac1 Changes replace logic to function in both Python 2.6.x and 2.7.x
Tests now only assume Python 2.6.x rather than requiring 2.7.x. This does not preclude the use of flags as a kwarg in replace
2011-07-26 22:47:08 -07:00
Aldo Cortesi
1b961fc4ad Add utility functions to search and replace strings in flows
This is a common task in pentesting scenarios. This commit adds the following
functions:

utils.Headers.replace
proxy.Request.replace
proxy.Response.replace
flow.Flow.replace
2011-07-22 17:48:42 +12:00
Aldo Cortesi
5936a48e59 Drop cert expiry time to avoid a bug in some OpenSSL versions. 2011-07-22 11:11:45 +12:00
Aldo Cortesi
94ae720a22 Add a pretty-printing mode for urlencoded form data. 2011-07-15 16:46:54 +12:00
Aldo Cortesi
1c9e7b982a Rewrite Headers object to preserve order and case. 2011-07-14 16:01:54 +12:00
Aldo Cortesi
18d4c3a9e9 JSON pretty-printing.
Also rename the display modes ("pretty" instead of "indent"), and expand the
built-in documentation.
2011-06-30 13:27:27 +12:00
Aldo Cortesi
0a642f2441 Make the certificate wait time configurable.
Since OpenSSL doesn't let us set certificate start times in the past, the
client and proxy machine time must be synchronized, or the client might reject
the certificate. We can bodgy over small discrepancies by waiting a few seconds
after a new certificate is generated (i.e. the first time an SSL domain is contacted).

Make this a configurable option, and turn it off by default.
2011-06-27 16:10:17 +12:00
Aldo Cortesi
f004326855 Try not to hang when user views large request & response bodies
Two different strategies here:

    - Use a simple heuristic to detect if we're looking at XML data when indent
    mode is used. On non-XML data we can hang even on small documents.

    - Only view partial data for large bodies. At the moment the cutoff is
    100k. I might finetune this later.
2011-06-27 15:59:17 +12:00
Aldo Cortesi
7d7803a4d9 Add a hideous kludge to fix not-yet-valid certificates.
- The OpenSSL x509 has no way to explicitly set the notBefore value on
certificates.

- If two systems have the same configured time, it's possible to return a
certificate before the validity start time has arrived.

- We "solve" this by waiting for one second when a certificate is first
generated before returning the cert. The alternative is to rewrite pretty much
all of our certificate generation, a thought too horrible to contemplate.
2011-06-11 15:16:16 +12:00
Aldo Cortesi
e22fd74d06 Revamp key generation.
We now create three different files in the .mitmproxy directory when a dummy CA
is made:

mitmproxy-ca.pem - the CA, including private key

mitmproxy-ca-cert.p12 - A pkcs12 version of the certificate, for distribution to Windows.

mitmproxy-ca-cert.pem - A PEM version of the certificate, for distribution to everyone else.
2011-03-18 16:45:31 +13:00
Aldo Cortesi
4893e5e5a4 We have to pass -CAcreateserial after all. 2011-03-18 09:24:04 +13:00
Aldo Cortesi
e983253ecc Docs, minor cert tweaks. 2011-03-18 09:04:49 +13:00
Aldo Cortesi
fe1e2f16ff Improve responsiveness of request and response viewing.
- Computing the view of a large body is expensive, so we introduce an LRU cache
to hold the latest 20 results.

- Use ListView more correctly, passing it individual urwid.Text snippets,
rather than a single large one. This hugely improves render time.
2011-03-15 13:05:33 +13:00
Aldo Cortesi
897bd5c2b8 We no longer use pytz. 2011-03-14 13:47:51 +13:00
Aldo Cortesi
18d25ec1a1 Fix stickycookie setting, indented view traceback. 2011-03-13 11:43:55 +13:00
Aldo Cortesi
897c4bfc52 Think harder about timestamps. Just save seconds since the epoch as a float. 2011-03-09 12:18:08 +13:00
Aldo Cortesi
765871bd11 Store timestamps on flow components as a UTC time tuple.
Format is:

(tm_year,tm_mon,tm_mday,tm_hour,tm_min, tm_sec,tm_wday,tm_yday,tm_isdst)
2011-03-07 13:46:02 +13:00
Aldo Cortesi
57f96c5fe0 Minor housekeeping - unused code, nocover directives.
95% test coverage.
2011-02-24 15:44:08 +13:00
Aldo Cortesi
79039eb5d2 More mature sticky cookie primitive. Use it in console.py. 2011-02-24 15:26:34 +13:00
Aldo Cortesi
aa16194518 Clean up and strip down netstrings module. 2011-02-20 14:03:32 +13:00
Aldo Cortesi
c2ae8285f4 Revamp SSL configuration.
- Move option parsing utiliities to proxy.py

- Don't have a global config object. Pass it as an argument to ProxyServer.

- Simplify certificate generation logic.
2011-02-20 12:53:42 +13:00
Aldo Cortesi
4fc807cedd Clean up certificate generation.
- Use templates for config files. We can re-introduce customization of the
certificate attributes when we need them.

- Split CA and cert generation into separate functions.

- Generation methods provide an error return when generation fails.

- When the user explicitly specifies a certificate, we don't generate it, but
fail if it doesn't exist.
2011-02-20 12:17:10 +13:00
Aldo Cortesi
f0f1fb4b55 Add file writing to mitmdump. 2011-02-17 10:18:38 +13:00
Henrik Nordstrom
7758385ac1 Extract common SSL certificate option processing 2011-02-16 15:50:44 +01:00
Aldo Cortesi
d9374ff97b Extract common SSL certificate options into a group.
Use this only in mitmdump and mitmproxy for now.
2011-02-16 23:09:42 +13:00
Henrik Nordstrom
32adee8743 Implement a dummy CA 2011-02-10 02:59:51 +01:00
Henrik Nordstrom
061cea89da Import cache store control into console controller 2011-02-10 02:59:51 +01:00
Henrik Nordstrom
4cf3392e50 Sort header names for a predictable result 2011-02-10 02:59:51 +01:00
Henrik Nordstrom
bd01126b2b Move try_del to utils 2011-02-10 02:59:51 +01:00
Aldo Cortesi
a4eaafab5a Further fine-tuning for pretty_xmlish. 2011-02-06 16:56:13 +13:00
Aldo Cortesi
7156d1a73a Rip out BeautifulSoup, and use a custom XML-ish prettyprinter. 2011-02-06 14:17:30 +13:00