Aldo Cortesi
705559d65e
Refactor to prepare for SNI fixes.
2013-02-24 17:35:24 +13:00
Aldo Cortesi
d0639e8925
Handle server disconnects better.
...
Server connections can be closed for legitimate reasons, like timeouts. If
we've already pumped data over a server connection, we reconnect on error. If
not, we treat it as a legitimate error and pass it on to the client.
Fixes #85
2013-02-24 14:04:56 +13:00
Aldo Cortesi
269780c577
Unit test dummy response functions.
2013-02-23 16:34:59 +13:00
Aldo Cortesi
7800b7c910
Refactor proxy core communications to be clearer.
2013-02-23 14:10:27 +13:00
Aldo Cortesi
aaf892e3af
Significantly refactor the master/slave message passing interface.
2013-02-17 12:42:48 +13:00
Aldo Cortesi
782bbee8c0
Unit tests for ServerConnectionPool
2013-01-29 11:35:57 +13:00
Aldo Cortesi
2aa175a6ca
Stub implementation of a server connection pool.
2013-01-29 10:55:19 +13:00
Aldo Cortesi
a74ca40660
Unravel enormously long read_request into three distinct methods.
2013-01-28 22:26:25 +13:00
Aldo Cortesi
57f01ffb07
Test suite, remove extraneous code.
2013-01-28 21:59:03 +13:00
Aldo Cortesi
25cb9471f0
Add tests for client certificate support.
2013-01-20 22:39:28 +13:00
Aldo Cortesi
6600c589ab
Rudimentary testing for client certs.
2013-01-18 17:08:30 +13:00
Aldo Cortesi
7a79eeb143
Merge branch 'master' of ssh.github.com:cortesi/mitmproxy
...
Conflicts:
test/test_server.py
2013-01-18 14:50:31 +13:00
Rouli
446f9f0a0f
Merge remote-tracking branch 'upstream/master'
2013-01-17 17:33:29 +02:00
Rouli
20fa6a3083
changing requests and responses to have two timestamps, one marking their initiation, and the other their complete
2013-01-17 17:32:56 +02:00
Aldo Cortesi
d0ee4d60d0
Unit tests and minor code refactoring for ServerConnection.
2013-01-05 19:44:12 -08:00
Aldo Cortesi
060e3198bc
Remove cert_wait_time flag.
...
We now cater for this by generating certs with a commencement date an hour in
the past in netlib.
2013-01-06 01:18:47 +13:00
Aldo Cortesi
891c441a6d
Use new netlib certificate store implementation.
2013-01-06 01:16:08 +13:00
Aldo Cortesi
46ab6ed491
Minor cleanups of proxy request handling.
2013-01-04 14:19:32 +13:00
Aldo Cortesi
09f664cdea
Refactor proxy auth a bit
...
- Remove authentication scheme option. We only support basic at the moment -
we'll add the option back when we diversify.
- Add some meta variables to make printout nicer
2013-01-02 17:35:44 +13:00
Aldo Cortesi
e42136a6ef
Better error handling for transparent mode remote address resolution.
2013-01-01 11:24:11 +13:00
Aldo Cortesi
5347cb9c26
More work on proxy auth
...
- Strip auth header if auth succeeds, so it's not passed upstream
- Actually use realm specification to BasicProxyAuth, and make it mandatory
- Cleanups and unit tests
2012-12-31 10:56:44 +13:00
Aldo Cortesi
018c229ae4
Start solidifying proxy authentication
...
- Add a unit test file
- Remove some extraneous methods
- Change the auth API to make the authenticate method take a header object.
2012-12-31 09:15:56 +13:00
israel
440a9f6bda
adding some simple authetication code to limit proxy access
2012-12-30 01:41:58 -08:00
Aldo Cortesi
21f74efa10
Stub out ctypes structures for OSX transparent mode.
2012-09-17 11:05:20 +12:00
Aldo Cortesi
54cee9db7f
Catch a potential exception on connection finalization.
2012-09-14 09:40:13 +12:00
Aldo Cortesi
1b7990897e
Command-line options for header setting.
2012-08-19 00:14:16 +12:00
Maximilian Hils
ed389d8f05
use argparse instead of optparse
2012-08-17 19:11:59 +02:00
Jim Lloyd
0ef18a7cba
Adds --dummy-certs option to specify certdir
...
If --dummy-certs=CERTSDIR is provided, use CERTSDIR as the location
for generating/finding the dummy certs. And in this case, preserve
the CERTSDIR directory on exit.
2012-08-06 14:09:35 -07:00
Aldo Cortesi
87d05a95ff
Handle invalid headers.
2012-07-30 12:54:50 +12:00
Aldo Cortesi
f93a621856
Only log real errors in WSGI apps.
2012-07-24 16:18:22 +12:00
Chris Neasbitt
525a8f6a16
Fixed a bug causing an AttributeError when request is set to false but response not None in ProxyHandler.handle_request
2012-07-17 13:24:15 -04:00
Aldo Cortesi
1d09a558a7
Fix a subtle termination condition when there's an error in a WSGI app.
2012-07-11 07:16:06 +12:00
Aldo Cortesi
04d9ec8c3c
Make WSGI apps work in transparent mode.
2012-07-10 15:53:53 +12:00
Aldo Cortesi
79af9e89c4
Test replay corner cases. Fix discovered bugs.
2012-07-09 11:18:03 +12:00
Aldo Cortesi
097b566e54
Handle new netlib.tcp.NetLibDisconnect exception.
2012-07-08 23:49:44 +12:00
Aldo Cortesi
837fcc65f5
Make upstream-cert the default. There's now a --no-upstream-cert option to turn it off.
2012-07-03 22:56:25 +12:00
Aldo Cortesi
fe86194cc2
Fix Python coredump (!!) on SNI IDNA decoding.
2012-07-03 22:55:02 +12:00
Aldo Cortesi
9c30e2e86d
Correct handing of IDNA encoding of internationalized domain names.
...
- Use IDNA encoding for hostnames gleaned by upstream-cert sniffing
- Use IDNA decoding for URL display in mitmproxy and mitmdump.
2012-07-03 22:27:16 +12:00
Aldo Cortesi
ef986202ee
Make server version configurable.
2012-07-03 14:12:52 +12:00
Aldo Cortesi
90365e270e
Catch and handle SSL connection errors.
2012-07-01 12:10:32 +12:00
Aldo Cortesi
4e9d4e8ddd
Tweak upstream SNI.
2012-07-01 11:53:46 +12:00
Aldo Cortesi
d74a341e5d
Beef up logging substantially.
2012-07-01 00:15:03 +12:00
Aldo Cortesi
f070e4523a
Handle invalid data more gracefully.
...
Fixes #47
2012-06-30 15:59:42 +12:00
Aldo Cortesi
38ebc81590
Add error when -T is passed on an unsupported platform.
2012-06-30 11:24:41 +12:00
Aldo Cortesi
243e0efefc
Adjust for new get_remote_cert API.
2012-06-28 10:02:14 +12:00
Aldo Cortesi
35ee0c098f
Remove certutils from mitmproxy.
2012-06-27 16:43:33 +12:00
Aldo Cortesi
49dedd361c
Fix replay.
2012-06-27 16:22:25 +12:00
Aldo Cortesi
dd55a3e0b6
Use SNI-indicated hostname for cert generation when not using upstream certs.
2012-06-27 12:12:11 +12:00
Aldo Cortesi
ceef6ee6be
Enable SSL in transparent mode.
2012-06-26 23:51:38 +12:00
Aldo Cortesi
e6cdbefb3b
Add transparent mode platform module for Linux.
2012-06-26 20:49:34 +12:00
Aldo Cortesi
ad893ad134
Transparent proxy command-line flag stub.
2012-06-26 20:08:24 +12:00
Aldo Cortesi
015a74fd14
We no longer store scheme on ServerConnection.
2012-06-26 18:29:12 +12:00
Aldo Cortesi
52d0536d2c
Use new TCPClient.convert_to_ssl API.
2012-06-25 15:53:26 +12:00
Aldo Cortesi
e08f91c237
Port to explicit netlib connection API.
2012-06-25 11:37:12 +12:00
Aldo Cortesi
eac3b29d5f
Factor read_response out into netlib.
2012-06-24 22:01:11 +12:00
Aldo Cortesi
4db2abc01c
read_headers now returns an ODictCaseless object.
2012-06-24 21:49:59 +12:00
Aldo Cortesi
e7c75933e7
read_http_body -> read_http_body_request/response
2012-06-23 15:08:01 +12:00
Aldo Cortesi
874649f134
Adapt for API changes in netlib.
2012-06-23 14:06:34 +12:00
Aldo Cortesi
7cb242c168
Move wsgi to netlib.
2012-06-19 10:42:55 +12:00
Aldo Cortesi
1b1ccab8b7
Extract protocol and tcp server implementations into netlib.
2012-06-19 09:58:50 +12:00
Aldo Cortesi
7b9756f48e
Refactor protocol.py to remove dependence on flow and utils.
2012-06-17 10:52:39 +12:00
Aldo Cortesi
aae8a9959c
Pull out protocol components into protocol.py
2012-06-16 21:23:32 +12:00
Aldo Cortesi
d5a0099f49
Test suite and refactoring for netlib.
2012-06-16 16:22:51 +12:00
Aldo Cortesi
18a03c063e
Simplify netlib and improve API.
2012-06-16 13:53:24 +12:00
Aldo Cortesi
4e53f1ee90
Rename our tcpserver to netlib, expand to include client network functions.
2012-06-16 13:38:10 +12:00
Aldo Cortesi
8ae64337ed
Create our own TCP server class.
...
We're going to need more control for advanced features and speed, and we can
also ditch some of the idiocies in the SocketServer module.
2012-06-16 11:40:44 +12:00
Aldo Cortesi
8ae3270807
Basic transparent mode.
2012-06-15 09:47:04 +12:00
Aldo Cortesi
a9495dc02f
Refactor test suite to make room for transparent mode tests.
2012-06-15 09:20:10 +12:00
Aldo Cortesi
176d819559
Move server comms to OpenSSL.
2012-06-14 21:57:55 +12:00
Aldo Cortesi
8dabf88ae5
Remove ability to specify SSL ciphers.
...
We can re-introduce this if there's demand - the feature needs a bit more thought.
2012-06-14 15:29:54 +12:00
Aldo Cortesi
8a9352b3f7
First draft conversion of server to PyOpenSSL.
2012-06-13 18:16:47 +12:00
Aldo Cortesi
d60fa9918b
Localise client connection object manipulation.
...
This simplifies the call signature for a bunch of functions.
2012-06-10 16:49:59 +12:00
Aldo Cortesi
1f659948cd
Refactor request processing at mitmproxy's core.
...
Gradually cleaning up towards a state machine model.
2012-06-10 16:02:48 +12:00
Aldo Cortesi
6ba5f0f35b
Add HTTP version to response objects.
...
Another change in the serialization format.
2012-06-10 13:27:43 +12:00
Aldo Cortesi
52779d9db9
Refactoring of proxy.py
...
- Correctly pass HTTP request version on to upstream servers
- Adjust tests not to hang due to a pathod response with no content-length
2012-06-10 13:17:18 +12:00
Aldo Cortesi
55ddf853cd
Add HTTP version to flow.Request
...
This is a serialization format change, that makes us incompatible with previous
versions.
2012-06-10 10:46:22 +12:00
Aldo Cortesi
a3b47e0cb5
Consolidate HTTP major and minor versions into a single variable.
2012-06-10 10:31:04 +12:00
Aldo Cortesi
8254187bf3
Add proxy.should_connection_close, and strip out unused code.
2012-06-10 10:10:46 +12:00
Aldo Cortesi
0c458e2f1a
Refactor ServerConnection API.
2012-06-10 08:13:50 +12:00
Aldo Cortesi
987f443b5d
Ignore incorrectnesses in traffic if they don't affect us.
2012-06-09 21:45:22 +12:00
Aldo Cortesi
9130cd63d3
Significant cleanup of proxy internals.
...
Dispense with the loose parsing of client requests that we had before. We now
have service modes ("proxy" and "reverse proxy" for now), and we only accept
requests that are appropriate for the mode we're in.
2012-06-09 21:27:43 +12:00
Aldo Cortesi
05492baf8d
Move from requests to human_curl.
...
It turns out that _none_ of the Python stdlib or anything that relies on it
supports CONNECT through a proxy. Beggars belief, but there you go.
2012-06-09 16:17:51 +12:00
Aldo Cortesi
22192d1a46
Nose mopup: docs, no cover pragmas, a few missing path specs.
2012-06-09 13:55:55 +12:00
Aldo Cortesi
e9109812e1
Split parsing of intial line into separate protocols.
2012-06-03 06:04:57 -07:00
Aldo Cortesi
0a25c2263d
Factor out conversion to SSL connection.
2012-06-03 01:54:11 -07:00
Aldo Cortesi
491f9bdcee
Add unit tests for console/help.py
2012-06-03 01:11:07 -07:00
Paul
5f8855df55
Added a switch to send client certificates to hosts
2012-05-23 23:09:03 +02:00
Aldo Cortesi
0c2d894cea
Add the ability to flag content as missing in a request or a response.
...
We'll use this in a number of situations. First, we'll soon have response
streaming that directly pipes responses to clients. These will be content-less
from mitmproxy's perspective. Second, we'll be growing new events that fire
after headers are received, but before content is read.
2012-05-16 15:42:58 +12:00
Aldo Cortesi
c8d2b2594b
Add a WSGI adapter that lets us serve a WSGI app out of mitmproxy.
...
This commit adds:
- A WSGI App adapter for mitmproxy
- An app registry in the proxy instance that lets us link WSGI apps with
(hostname, port) combinations.
- Fixes for a number of bugs discovered while creating this feature.
2012-04-24 14:52:29 +12:00
Aldo Cortesi
ab1d8fa350
Expand SSL cert support
...
- Capture the remote SSL certificate
- Expose the remote cert as an attribute on Response
- Expand the certutils.SSLCert interface to expose more cert info
2012-04-02 16:21:23 +12:00
Aldo Cortesi
c02fdb2463
Refactor proxy.Server to fix a crash when replaying with -n
2012-04-02 13:24:51 +12:00
Aldo Cortesi
d57a1d6035
Merge remote-tracking branch 'meeee/master'
2012-03-10 13:48:13 +13:00
Michael Frister
23f7214fc3
Fix SSL requests with Transfer-Encoding: chunked
...
Add size parameter to FileLike.readline, used by read_chunked.
2012-03-08 23:10:21 +01:00
Michael Frister
e67dbf6123
Handle Transfer-Encoding header values case insensitive
...
According to HTTP/1.1 RFC 2616 Section 3.6.
2012-03-08 23:09:19 +01:00
Aldo Cortesi
e1356dd2b6
Create an SSL certificate class.
2012-03-05 10:22:47 +13:00
Aldo Cortesi
8b841bc9e3
Factor out cert operations in to certutils.py.
2012-02-29 13:20:53 +13:00
Aldo Cortesi
0bed5fae27
Rationalise upstream cert flag and variable names.
2012-02-28 11:37:48 +13:00
Aldo Cortesi
00942c1431
Add upstream certificate lookup.
...
This initiates a connection to the server to obtain certificate information to
generate interception certificates. At the moment, the information used is the
Common Name, and the list of Subject Alternative Names.
2012-02-27 15:05:45 +13:00
Aldo Cortesi
554047da85
License notifications, minor docs.
2012-02-23 15:52:01 +13:00
Aldo Cortesi
1af26bb915
Minor docs and example script fixes.
2012-02-21 12:32:56 +13:00