Commit Graph

4044 Commits

Author SHA1 Message Date
Maximilian Hils
5af9df326a fix certificate verification
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:

 1. Exactly mirror the host names presented by the server in the
    spoofed certificate presented to the client.
 2. Require the client to send the TLS Server Name Indication
    extension. While this does not work with older clients,
    we can validate the hostname on the proxy.

Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
Maximilian Hils
b4eb4eab92 adjust test certificate generation 2015-11-01 17:48:34 +01:00
Maximilian Hils
5e90459569 Merge pull request #810 from gecko655/ctrl_fb
Use ctrl+f and ctrl+b to scroll a page
2015-10-31 18:00:14 +01:00
gecko655
6aa7454f92 Use ctrl+f and ctrl+b to scroll a page 2015-10-30 12:48:38 +09:00
Chris Czub
88451ef245 Declare & define insufficient_priv 2015-10-29 16:01:24 -04:00
Chris Czub
70c28f5d34 Better error handling/reporting for pfctl failures on OS X 2015-10-29 15:56:43 -04:00
Maximilian Hils
65c08ec899 Merge pull request #791 from tunz/master
Prevent flowview from creating duplicated windows
2015-10-28 13:10:38 +01:00
Maximilian Hils
8e9cd77b55 Merge pull request #805 from Badg/patch-1
Update ubuntu installation to includ libjpeg
2015-10-23 03:25:23 +02:00
Nick Badger
4537d561c6 Ubuntu install missing libjpeg8-dev, zlib1g-dev
As per https://pillow.readthedocs.org/en/3.0.0/installation.html#linux-installation, to avoid missing install dependencies.
2015-10-22 18:11:06 -07:00
Nick Badger
a6fee43384 Update ubuntu installation to includ libjpeg
Otherwise install fails with error "--enable-jpeg requested but jpeg not found"
2015-10-22 17:38:55 -07:00
Maximilian Hils
ed56eadd28 Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2015-10-22 02:38:14 +02:00
Maximilian Hils
726b70ccdc fix #800 2015-10-22 02:38:00 +02:00
Maximilian Hils
267837f441 add test certificate generator 2015-10-16 18:12:36 +02:00
Maximilian Hils
4d772d7ce0 Merge pull request #801 from ben-lerner/doc_fix
doc typo fix
2015-10-14 09:37:24 +02:00
Ben Lerner
22191d63ab doc typo fix 2015-10-13 21:09:56 -04:00
Maximilian Hils
7d8191ee37 update web builds, use watchify 2015-10-08 12:43:55 +02:00
Maximilian Hils
442f079e0b Merge pull request #797 from colinbendell/colinbendell-patch-1
server_conn.address might not yet be established
2015-10-08 12:37:43 +02:00
Choongwoo Han
9c0efdf2ec Refresh flowview instead of reopen the same flowview 2015-10-08 11:31:33 +09:00
Colin Bendell
a85e4bc75c default should not be None
Fixed default value when self.address has not been set
2015-10-07 21:46:08 -04:00
Colin Bendell
77aeac11a9 Check if server connection hasn't yet been initiated
This fixes #761 when NoneType error is thrown when non-TLS requests initiate a client request but the server connection hasn't yet been initiated.
2015-10-07 20:30:31 -04:00
Maximilian Hils
09e36fae4e Merge pull request #792 from tunz/patch-1
Correct a wrong link in CONTRIBUTING.md
2015-10-04 10:36:52 +02:00
Choongwoo Han
3ffc3404b0 Update CONTRIBUTING.md
Wrong link
2015-10-04 14:49:41 +09:00
Choongwoo Han
45494d1c79 Prevent flowview from creating duplicated windows 2015-10-04 14:21:51 +09:00
Maximilian Hils
ce38a05a20 Merge remote-tracking branch 'origin/master' 2015-10-03 23:59:13 +02:00
Maximilian Hils
26631621ee fix #786 2015-10-03 14:48:51 +02:00
Maximilian Hils
d67f4fa3cc Merge pull request #788 from sethp-jive/patch-1
Allow reading scripts from an anonymous pipe
2015-10-01 00:59:25 +02:00
sethp-jive
fd8c921a2f Allow reading scripts from an anonymous pipe
Bash (and many other shells) provide a nifty feature in "anonymous pipe" or "anonymous fifo" whereby the output of a subshell may be treated as a simple file by the parent shell: http://unix.stackexchange.com/a/156088

Unfortunately, libmproxy complains because that "file" is not a regular file, as os.path.isfile checks, e.g. giving the error "Not a file: /dev/fd/11". This patch is intended to provide for the following use-case:

```
mitmdump -s <(echo "def response(context, flow):\n  flow.response.headers['newheader'] = [`hostname`]")
```

where `hostname` may be replaced with a more complicated lookup.
2015-09-30 15:55:43 -07:00
Maximilian Hils
c6811bd0e8 fix #773 2015-09-28 14:55:13 +02:00
Maximilian Hils
0f9a72580a fix coverage collection 2015-09-28 14:16:06 +02:00
Maximilian Hils
86ef19b450 fix tests 2015-09-28 14:04:41 +02:00
Maximilian Hils
2e1f7ecd55 fix tests 2015-09-28 14:04:25 +02:00
Maximilian Hils
c11ab3676d Merge branch 'http-models' 2015-09-28 13:54:53 +02:00
Maximilian Hils
67229fbdf7 Merge branch 'http-models' 2015-09-28 13:53:59 +02:00
Maximilian Hils
5261bcdf4b properly adjust tests for 87566da3ba 2015-09-28 11:46:18 +02:00
Maximilian Hils
87566da3ba fix mitmproxy/mitmproxy#784 2015-09-28 11:18:00 +02:00
Maximilian Hils
6661770d4e handle Expect: 100-continue header, fix #770 2015-09-28 10:59:10 +02:00
Maximilian Hils
6075957a97 move tests to netlib 2015-09-27 00:50:14 +02:00
Maximilian Hils
23d13e4c12 test response model, push coverage to 100% branch cov 2015-09-27 00:49:41 +02:00
Maximilian Hils
466888b01a improve request tests, coverage++ 2015-09-26 20:07:11 +02:00
Maximilian Hils
1b6ea5caf3 adjust to netlib response changes + docs 2015-09-26 17:41:14 +02:00
Maximilian Hils
fa722e0290 adjust to netlib changes 2015-09-26 17:40:22 +02:00
Maximilian Hils
49ea8fc0eb refactor response model 2015-09-26 17:39:50 +02:00
Maximilian Hils
b13acd7956 adjust to netlib request changes + docs 2015-09-26 01:23:59 +02:00
Maximilian Hils
a163dba582 adjust to netlib request model changes 2015-09-26 00:40:01 +02:00
Maximilian Hils
106f7046d3 refactor request model 2015-09-26 00:39:04 +02:00
Maximilian Hils
45f2ea33b2 minor fixes 2015-09-25 18:24:18 +02:00
Maximilian Hils
c7b8322500 also accept bytes as arguments 2015-09-22 01:56:09 +02:00
Maximilian Hils
f937522773 Headers: return str on all Python versions 2015-09-22 01:48:35 +02:00
Maximilian Hils
a978c6b9ce fix tests 2015-09-21 23:39:22 +02:00
Maximilian Hils
2536e1d3e7 appveyor: use py.test 2015-09-21 23:05:12 +02:00