Commit Graph

343 Commits

Author SHA1 Message Date
Anne Borcherding
d4db078312 [contrib addons] updated imports and style. 2020-11-20 09:10:08 +01:00
Thomas Kriechbaumer
6289d9bca8 refactor and remove dead code 2020-11-08 13:07:44 +01:00
Blake Burkhart
21330f511e is_http10 and is_http11 properties to requests 2020-10-13 09:21:15 -05:00
Blake Burkhart
b17857c7ae Send http/1 request and response trailer headers 2020-10-08 20:43:28 -05:00
Maximilian Hils
67885320c0 add ASGI support for embedded apps
This commit replaces our WSGI implementation with a new ASGI one,
which then uses `asgiref`'s compatibility mode to still support WSGI applications.
The ASGI implementation is a bit bare-bone, but good enough for our purposes.

The major changes are:

  - We now support ASGI apps.
  - Instead of taking connections out of mitmproxy's normal processing,
    we now just set flow.response and let things continue as usual.
    This allows users to see responses in mitmproxy, use the response hook
    to modify app responses, etc. Also important for us,
    this makes the new implementation work for shenanigans like sans-io.
2020-08-13 17:22:31 +02:00
Maximilian Hils
5af57cfa99 HTTPRequest -> http.Request, add request.authority 2020-07-16 16:55:15 +02:00
Maximilian Hils
dfcc1578e5
Merge pull request #3962 from anneborcherding/feature/selenium-auth-addon
Added add-on with support for proxy authentication using selenium.
2020-07-15 13:54:48 +02:00
Maximilian Hils
83c6ab1393 move selenium example into contrib 2020-07-14 16:46:36 +02:00
Anne Borcherding
57f46fa099 moved addon for selenium authentication to new sub-folder of examples/complex.
Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-07-14 16:43:48 +02:00
Anne Borcherding
7f89a70edf moved addon for selenium authentication to examples/complex.
Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-07-14 16:43:48 +02:00
Vikas Gupta
1acbcc2437
add addon to check SSL-pinning on client (#3196) 2020-07-14 16:38:13 +02:00
Ed Medvedev
14dfdec8f4
Add a JSON dump script: write data into a file or send to an endpoint as JSON (#2861) 2020-07-14 16:35:03 +02:00
Thomas Kriechbaumer
46a0f69485
Merge pull request #4042 from sanlengjingvv/develop
support HTTP/2 trailers
2020-07-06 17:14:17 +02:00
Thomas Kriechbaumer
828ba0c2e7 refactor h2 trailer support
This allow's trailers without the initial Trailer header announcement. In HTTP/2 the stream ends with any frame containing END_SREAM. In the case of trailers, it is a final HEADERS frame after all the DATA frames. Therefore we do not need to explicitly check for the trailer announcement header, but can simply wait until the response message / stream has ended.
2020-07-06 01:05:26 +02:00
Maximilian Hils
96ce21687e blacklist -> blocklist 2020-07-04 12:09:51 +02:00
Thomas Kriechbaumer
288ce65d73 add h2 trailers example and fix sending 2020-07-03 12:49:31 +02:00
Maximilian Hils
08895e9ba6 restructure examples
- restructure examples (fix #4031)
 - remove example dependencies from setup.py,
   we do not need special dependencies for our supported addons.
 - unify how we generate docs from code
 - improve example docs
2020-06-23 16:00:14 +02:00
anneborcherding
7fdcbb09e6
added add-ons that enhance the performance of web application scanners. (#3961)
* added add-ons that enhance the performance of web application scanners.

Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-05-04 10:37:13 +02:00
senyuuri
5beeeae81d
Improve compatibility of wsgi_flask_app example on OS X 2020-04-29 11:35:24 +08:00
Thomas Kriechbaumer
5ea75a1a81 examples: reformat to prevent too long lines 2020-04-11 11:12:18 +02:00
Thomas Kriechbaumer
481970d9b8
Merge pull request #3846 from kimbo/kl/block-doh
Example for detecting/blocking DNS over HTTTPS queries
2020-04-05 09:09:37 +02:00
kimbo
83987f9b69 broke up long line into multiple lines 2020-04-04 21:27:58 -06:00
kimbo
f36a5b8aa8 replace scraping and DNS lookups with static list 2020-04-04 21:18:58 -06:00
Thomas Kriechbaumer
678be7a052 improve scripting docs 2020-04-04 15:36:13 +02:00
Maximilian Hils
420da96e92
lint! 2020-04-03 17:47:58 +02:00
Maximilian Hils
c56ca19d7d
fix nonblocking example
this fixes #3877
2020-04-03 17:18:35 +02:00
kimbo
a70ab62797 fix lint errors 2020-03-04 22:06:27 -07:00
kimbo
81113a0dcc add block doh example to examples/complex/README 2020-03-04 21:16:30 -07:00
kimbo
95d725cda9 example for blocking DNS queries over HTTPS 2020-03-04 21:16:02 -07:00
beth
f5b76d6230 Address lint 2020-01-20 13:47:14 -05:00
beth92
d573d4e5d7
Update WSGI example 2020-01-20 13:25:30 -05:00
Shrub, Aliaksei
6e1cf33071 Fix converting to HAR in case of void response 2019-11-29 10:08:19 +03:00
Maximilian Hils
3550bdfe00
Merge pull request #3693 from typoon/fix-command-bar-issue-3259
Improve Command Bar UX
2019-11-21 14:13:08 +01:00
Maximilian Hils
cb22fc68d1 adjust remote debug example to latest pycharm version 2019-11-18 02:52:20 +01:00
Maximilian Hils
ac22aee2f5 cleanup mypy usage 2019-11-16 15:14:30 +01:00
Maximilian Hils
bdc15cbe0c update mypy 2019-11-12 04:38:13 +01:00
Thomas Kriechbaumer
53cb5bf40f bump deps 2019-09-28 17:37:43 +02:00
Thomas Kriechbaumer
a54954ee1e fix linting 2019-09-28 12:29:16 +02:00
Maximilian Hils
e97a804e89
make dict comprehension more readable 2019-09-05 22:13:49 +02:00
RamiBerm
4ce5e1386c
Updated har_dump,py timings dictionary function
the HAR file spec (http://www.softwareishard.com/blog/har-12-spec/#timings) states that timings that do not apply for a certain requests should be set to -1, this example may set -1000 as a timings value for certain requests.
This ends up producing invalid HAR files in many cases.

My proposed fix is to assign -1 into the dic and only multiply by 1000 for other values
2019-09-03 17:19:50 +03:00
Maximilian Hils
82bc8c7ca2
Merge pull request #3444 from BoboTiG/fix-resource-leaks
Fix ResourceWarning: unclosed file, prevent resource leaks
2019-01-06 17:43:47 +01:00
Mickaël Schoentgen
c03b07930c Fix ResourceWarning: unclosed file, prevent resource leaks
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-06 15:06:30 +01:00
Mickaël Schoentgen
3a2d7bb119 Fix several DeprecationWarning: invalid escape sequence
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-05 23:37:48 +01:00
Alex Lauerman
93cb73e2cd
Corrected keep_host_header usage option
I tested this locally to verify this change is correct.
2018-10-25 16:15:55 -05:00
jbrule
57868ef5fa Added link_expander.py example to simple examples (#3348) 2018-10-12 21:56:58 +02:00
Thomas Kriechbaumer
13e1f8b421 add websocket example 2018-10-09 18:34:57 +02:00
David Kremer
e46e064df3 [examples/xss_scanner] replace relative import
test_xss_scanner.py was utterly failing because of a trouble (bug?)
with the `monkeypatch` fixture failing to replace `gethostbyname`
with the correct mock function.

Indeed, when stepping through the code, the `gethostbyname` presumably
mocked was reported as a builtin python function. The problem could
then come from the fact that it is hard to monkeypatch builtin function
in python.

Using absolute imports seems to resolve the problem.
2018-08-15 19:47:55 +02:00
Aldo Cortesi
9829fe150e
Merge pull request #3186 from andersonvom/master
Add scripting example to intercept & change requests
2018-07-11 10:24:52 +12:00
Pierre Cavan
2326f973df
Update CLI usage instructions 2018-06-26 13:09:45 +02:00
madt1m
773c953514 View API slightly extended; codebase cleaned in some points 2018-06-13 11:56:14 +02:00