Commit Graph

384 Commits

Author SHA1 Message Date
Anne Borcherding
7f89a70edf moved addon for selenium authentication to examples/complex.
Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-07-14 16:43:48 +02:00
Vikas Gupta
1acbcc2437
add addon to check SSL-pinning on client (#3196) 2020-07-14 16:38:13 +02:00
Ed Medvedev
14dfdec8f4
Add a JSON dump script: write data into a file or send to an endpoint as JSON (#2861) 2020-07-14 16:35:03 +02:00
Thomas Kriechbaumer
46a0f69485
Merge pull request #4042 from sanlengjingvv/develop
support HTTP/2 trailers
2020-07-06 17:14:17 +02:00
Thomas Kriechbaumer
828ba0c2e7 refactor h2 trailer support
This allow's trailers without the initial Trailer header announcement. In HTTP/2 the stream ends with any frame containing END_SREAM. In the case of trailers, it is a final HEADERS frame after all the DATA frames. Therefore we do not need to explicitly check for the trailer announcement header, but can simply wait until the response message / stream has ended.
2020-07-06 01:05:26 +02:00
Maximilian Hils
96ce21687e blacklist -> blocklist 2020-07-04 12:09:51 +02:00
Thomas Kriechbaumer
288ce65d73 add h2 trailers example and fix sending 2020-07-03 12:49:31 +02:00
Maximilian Hils
08895e9ba6 restructure examples
- restructure examples (fix #4031)
 - remove example dependencies from setup.py,
   we do not need special dependencies for our supported addons.
 - unify how we generate docs from code
 - improve example docs
2020-06-23 16:00:14 +02:00
anneborcherding
7fdcbb09e6
added add-ons that enhance the performance of web application scanners. (#3961)
* added add-ons that enhance the performance of web application scanners.

Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-05-04 10:37:13 +02:00
senyuuri
5beeeae81d
Improve compatibility of wsgi_flask_app example on OS X 2020-04-29 11:35:24 +08:00
Thomas Kriechbaumer
5ea75a1a81 examples: reformat to prevent too long lines 2020-04-11 11:12:18 +02:00
Thomas Kriechbaumer
481970d9b8
Merge pull request #3846 from kimbo/kl/block-doh
Example for detecting/blocking DNS over HTTTPS queries
2020-04-05 09:09:37 +02:00
kimbo
83987f9b69 broke up long line into multiple lines 2020-04-04 21:27:58 -06:00
kimbo
f36a5b8aa8 replace scraping and DNS lookups with static list 2020-04-04 21:18:58 -06:00
Thomas Kriechbaumer
678be7a052 improve scripting docs 2020-04-04 15:36:13 +02:00
Maximilian Hils
420da96e92
lint! 2020-04-03 17:47:58 +02:00
Maximilian Hils
c56ca19d7d
fix nonblocking example
this fixes #3877
2020-04-03 17:18:35 +02:00
kimbo
a70ab62797 fix lint errors 2020-03-04 22:06:27 -07:00
kimbo
81113a0dcc add block doh example to examples/complex/README 2020-03-04 21:16:30 -07:00
kimbo
95d725cda9 example for blocking DNS queries over HTTPS 2020-03-04 21:16:02 -07:00
beth
f5b76d6230 Address lint 2020-01-20 13:47:14 -05:00
beth92
d573d4e5d7
Update WSGI example 2020-01-20 13:25:30 -05:00
Shrub, Aliaksei
6e1cf33071 Fix converting to HAR in case of void response 2019-11-29 10:08:19 +03:00
Maximilian Hils
3550bdfe00
Merge pull request #3693 from typoon/fix-command-bar-issue-3259
Improve Command Bar UX
2019-11-21 14:13:08 +01:00
Maximilian Hils
cb22fc68d1 adjust remote debug example to latest pycharm version 2019-11-18 02:52:20 +01:00
Maximilian Hils
ac22aee2f5 cleanup mypy usage 2019-11-16 15:14:30 +01:00
Maximilian Hils
bdc15cbe0c update mypy 2019-11-12 04:38:13 +01:00
Thomas Kriechbaumer
53cb5bf40f bump deps 2019-09-28 17:37:43 +02:00
Thomas Kriechbaumer
a54954ee1e fix linting 2019-09-28 12:29:16 +02:00
Maximilian Hils
e97a804e89
make dict comprehension more readable 2019-09-05 22:13:49 +02:00
RamiBerm
4ce5e1386c
Updated har_dump,py timings dictionary function
the HAR file spec (http://www.softwareishard.com/blog/har-12-spec/#timings) states that timings that do not apply for a certain requests should be set to -1, this example may set -1000 as a timings value for certain requests.
This ends up producing invalid HAR files in many cases.

My proposed fix is to assign -1 into the dic and only multiply by 1000 for other values
2019-09-03 17:19:50 +03:00
Maximilian Hils
82bc8c7ca2
Merge pull request #3444 from BoboTiG/fix-resource-leaks
Fix ResourceWarning: unclosed file, prevent resource leaks
2019-01-06 17:43:47 +01:00
Mickaël Schoentgen
c03b07930c Fix ResourceWarning: unclosed file, prevent resource leaks
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-06 15:06:30 +01:00
Mickaël Schoentgen
3a2d7bb119 Fix several DeprecationWarning: invalid escape sequence
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-05 23:37:48 +01:00
Alex Lauerman
93cb73e2cd
Corrected keep_host_header usage option
I tested this locally to verify this change is correct.
2018-10-25 16:15:55 -05:00
jbrule
57868ef5fa Added link_expander.py example to simple examples (#3348) 2018-10-12 21:56:58 +02:00
Thomas Kriechbaumer
13e1f8b421 add websocket example 2018-10-09 18:34:57 +02:00
David Kremer
e46e064df3 [examples/xss_scanner] replace relative import
test_xss_scanner.py was utterly failing because of a trouble (bug?)
with the `monkeypatch` fixture failing to replace `gethostbyname`
with the correct mock function.

Indeed, when stepping through the code, the `gethostbyname` presumably
mocked was reported as a builtin python function. The problem could
then come from the fact that it is hard to monkeypatch builtin function
in python.

Using absolute imports seems to resolve the problem.
2018-08-15 19:47:55 +02:00
Aldo Cortesi
9829fe150e
Merge pull request #3186 from andersonvom/master
Add scripting example to intercept & change requests
2018-07-11 10:24:52 +12:00
Pierre Cavan
2326f973df
Update CLI usage instructions 2018-06-26 13:09:45 +02:00
madt1m
773c953514 View API slightly extended; codebase cleaned in some points 2018-06-13 11:56:14 +02:00
Anderson Mesquita
4fdc3d9e15 Rename scripting file
In order to add the more scripting examples, it makes sense to rename
this file and avoid confusion.
2018-06-08 08:04:53 +02:00
Miroslav
06e12f56e2 typo 2018-05-27 19:40:26 +03:00
Thomas Kriechbaumer
976ab0c466 websocket: inject messages via flow 2018-05-16 21:50:15 +02:00
Aldo Cortesi
2db223decb docs: console key binding docs and example 2018-05-15 10:34:55 +12:00
Joaquin
f4a6153f2e Fixing Typos 2018-05-13 17:31:20 -05:00
Thomas Kriechbaumer
e305a320a2 fix tcp example 2018-05-11 11:58:01 +02:00
Maximilian Hils
0c101a4bcc
Merge pull request #3106 from cortesi/noprint
Ditch the addon stdout wrapper
2018-05-08 15:24:02 +02:00
0xHJK
a46a317dca har_dump example cmdline invocation 2018-05-08 16:27:56 +08:00
Aldo Cortesi
af1a4ffdcd Ditch the addon stdout wrapper
This results in a 30% improvement in our core request throughput.

Fixes #3102
2018-05-08 14:26:41 +12:00
Aldo Cortesi
76a7883c8b events: document behaviour of done() more fully 2018-05-08 11:09:10 +12:00
Aldo Cortesi
9e283b2779
Merge pull request #3097 from cortesi/examp
Revamp dup_and_replay example
2018-05-05 10:05:43 +12:00
Aldo Cortesi
f5dc0aace1 Revamp dup_and_replay example
- Exposes view.add as a command
- Copes with cases where a view addon isn't present
- Avoids infinite loop caused by replaying replays

Fixes #3096
2018-05-05 09:34:22 +12:00
Aldo Cortesi
f380a77dee Remove the tick event
Mitmproxy: the tickless wonder.
2018-05-02 14:29:15 +12:00
oscure76
0e984e1442 fix Python 3.6 variable type annotations #3053 2018-04-14 16:24:41 -07:00
Thomas Kriechbaumer
fe699e555f fix example filename 2018-04-13 09:09:24 +02:00
Barry Lee
b35311441f
Typo fix 2018-03-10 23:24:56 +08:00
Aldo Cortesi
ded9423764
Merge pull request #2922 from kajojify/new_example
Replaces upsidedown with mirror reflection
2018-02-26 08:48:52 +13:00
Miroslav
3b134df77f Replace upsidedown with mirror reflection 2018-02-25 21:17:08 +02:00
luz.paz
afbb7f117b Misc. typos
Found via `codespell -q 3 -I ../mitmproxy-word-whitelist.txt`
Where whitelist contains:
```
cas
doubleclick
nd
ot
seeked
statics
te
thru
```
2018-02-24 21:45:11 -05:00
Aldo Cortesi
982508d30f All new documentation
This patch does a lot.

- Ditch sphinx in favor of hugo. This gives us complete control of the layout
and presentation of our docs. Henceforth, docs will be hosted on our website
rather than ReadTheDocs.
- Create a simple, clean doc layout and theme.
- Remove large parts of the documentaion. I've ditched anything that was a)
woefully out of date, b) too detailed, or c) too hard to maintain in the long
term.
- Huge updates to the docs themselves: completely rewrite addons documentation,
add docs for core concepts like commands and options, and revise and tweak a
lot of the existing docs.

With this patch, we're also changing the way we publish and maintain the docs.
From now on, we don't publish docs for every release. Instead, the website will
contain ONE set of docs for each major release. The online docs will be updated
if needed as minor releases are made. Docs are free to improve during minor
releases, but anything that changes behaviour sufficiently to require a doc
change warrants a new major release. This also leaves us free to progressively
update and improve docs out of step with our release cadence.

With this new scheme, I feel CI over the docs is less important. I've removed
it for now, but won't object if someone wants to add it back in.
2018-02-22 18:07:58 +13:00
Maximilian Hils
95c160ac13
Merge pull request #2884 from kajojify/hotkeys-cleanup
Hotkeys cleanup. #2877
2018-02-20 21:45:48 +01:00
Maximilian Hils
3934dbb5ad
update log_events example documentation 2018-02-20 17:15:35 +01:00
Maximilian Hils
29ef663aa1
add documentation for custom_option.py 2018-02-20 17:14:21 +01:00
Miroslav
aea6fd28c8 Hotkeys cleanup 2018-02-20 16:25:39 +02:00
Arushit Mudgal
91834f98cc Extend mypy checking, fix #2194 (#2819) 2018-02-03 21:37:33 +01:00
Aniket Panjwani
71494c6a06 Fix mistakes in examples/simple/Readme.md.
1. Delete row for script_arguments.py.
2. Add row for custom_option.py, using script_arguments.py's Description.
2018-01-29 12:06:38 -06:00
Thomas Kriechbaumer
9aae3213b9 rename TLS/SSL-related attributes
SSL is an outdated protocol superseeded by TLS. Although the commonly
used library is called OpenSSL, it is no reason to still use outdated
language for attributes.
2018-01-06 10:43:47 +01:00
David Dworken
04a06eb6b5 Added scanning for CSS injection and iframe injection 2017-10-17 23:39:33 -04:00
Suraj Tripathi
781369a326 fix #2477 (#2556) 2017-09-01 23:08:34 +02:00
Ujjwal Verma
6367dcab8e update streaming docs 2017-07-04 10:53:23 +02:00
Maximilian Hils
eb5f37a7d1 fix mypy annotations 2017-05-26 16:14:20 +02:00
harsh vijay
e24b4cc1b6 Extend Mypy checking to pathod
* mypy checking pathod

* initial commit , fixed errors

* tox: mypy checking to pathod

* Fixed mypy test failed

* issue was with args in custom_contentview.py

* tox: mypy checking to #2221

* follow-import=skip since we cant provide args to custom_contentview.py during mypy testing

* Lint , Typo Fixed

* code style: module import
2017-05-02 05:19:25 +05:30
harsh vijay
789fbd00d2 Fixed lint error 2017-04-29 03:54:00 +05:30
harsh vijay
6e03231d25 lint error fixed 2017-04-29 03:49:08 +05:30
harsh vijay
36118973d9 extend mypy example/simple 2017-04-29 03:26:14 +05:30
Aldo Cortesi
2a46f3851a Merge pull request #2265 from cortesi/addons
Addons and addon testing
2017-04-27 07:40:14 +12:00
Maximilian Hils
ab07b79138 Merge pull request #2270 from F1ashhimself/master
Update readme for complex examples
2017-04-26 17:15:34 +02:00
Maksim Beloborodko
90a5b90b0d Update readme for complex examples 2017-04-26 17:14:41 +03:00
Maximilian Hils
87610cc8b2 fix #2250, add type info to cookie module 2017-04-26 14:17:14 +02:00
Aldo Cortesi
5327756377 Addons and addon testing
- Fix some loading sequence bugs affecting command-line script invocation
- Allow addons to over-ride existing options (with a warning). We need this for
reloading.
- Convert har_dump to new-style arguments, fix and re-instate its test suite.
- Covnert miscelaneous other exmples to new-style args.
2017-04-26 19:56:33 +12:00
Aldo Cortesi
b72f139093 configure(options, updated) -> configure(updated)
Options are now available globally on ctx, so the first argument of configure
is redundant.
2017-04-26 11:01:27 +12:00
Aldo Cortesi
e6eeab6094 Revamp how addons work
- Addons now nest, which means that addons can manage addons. This has a number
of salutary effects - the scripts addon no longer has to poke into the global
addons list, we no longer have to replace/remove/boot-outof parent addons when
we load scripts, and this paves the way for making our top-level tools into
addons themselves.
- All addon calls are now wrapped in a safe execution environment where
exceptions are caught, and output to stdout/stderr are intercepted and turned
into logs.
- We no longer support script arguments in sys.argv - creating an option
properly is the only way to pass arguments. This means that all scripts are
always directly controllable from interctive tooling, and that arguments are
type-checked.

For now, I've disabled testing of the har dump example - it needs to be moved
to the new argument handling, and become a class addon. I'll address that in a
separate patch.
2017-04-25 22:13:44 +12:00
Maximilian Hils
482c1579f2 proxapp -> proxapp.local
Chrome doesn't like it if there's no TLD.
2017-03-26 15:02:47 +02:00
Aldo Cortesi
65f0885bd6 addon loader: add boot_into, which replaces returning from start()
While we're here, expand test coverage for addonmanager to 100%, and promote to
individual coverage.
2017-03-25 10:48:12 +13:00
Aldo Cortesi
541c1e8b9f addons: start -> load throughout 2017-03-25 10:48:12 +13:00
Aldo Cortesi
1410cbb4b6 Remove test handlers by using taddons.RecordingMaster
This also means expanding and tweaking the recording master API, which we
reflect through the current test suite
2017-03-16 18:05:57 +13:00
Aldo Cortesi
b745428b5c Enable custom options in config files
We also now ignore unknown options in config files by default, and print a
warning if verbosity is incremented.
2017-03-14 09:40:33 +13:00
Aldo Cortesi
c24f7d8e12 Optmanager: handle unknown options in value sets 2017-03-14 08:32:19 +13:00
Aldo Cortesi
0c6663d0d5 Enable custom options for addons
- Add an options parameter to the start() event. This is to be used by addons
on startup to add custom options.
- Add a running() event that is called once the proxy is up and running.
- With the new paradigm we can't log during master __init__, so add a tiny
termstatus addon to print proxy status to terminal once we're running.
2017-03-14 08:32:19 +13:00
Maximilian Hils
927b5707fe fix tcp.Address leftovers
this fixes the issue described in https://github.com/mitmproxy/mitmproxy/issues/2119#issuecomment-285067292
2017-03-08 16:18:34 +01:00
Nikhil Soni
0081d9b828 Merge branch 'master' into on-issues 2017-03-03 12:58:44 +05:30
Nikhil Soni
317d183ba4 Changes dns_spoofing example to use --keep-host-header 2017-03-03 12:34:36 +05:30
David Dworken
99b584ad7d added XSS scanner example (#1907) 2017-02-27 18:22:39 +01:00
Ujjwal Verma
e723a58af5 Remove pytz in hardump 2017-02-25 23:07:47 +05:30
Thomas Kriechbaumer
36352c9539 protobuf: coverage++ 2017-02-19 14:29:09 +01:00
Maximilian Hils
b9e31f213f .headers["host"] -> .host_header 2017-02-18 00:13:14 +01:00
Maximilian Hils
5acdd78b15 fix typo 2017-02-14 17:45:54 +01:00
Ujjwal Verma
c622622c59 Encoding fixes and tests 2017-02-05 18:59:01 +05:30
Ammonite
aaff9dfd32 Reset the host header to the correct destination 2017-01-30 23:41:47 +01:00