Commit Graph

2381 Commits

Author SHA1 Message Date
Maximilian Hils
3f9441ac5f [sans-io] finalize upstream proxy mode 2020-12-12 21:24:19 +01:00
Maximilian Hils
549eb8df4b [sans-io] upstream proxy tests and fixes 2020-12-12 21:24:19 +01:00
Maximilian Hils
605da3afb6 [sans-io] refactor TLS layer to be a tunnel 2020-12-12 21:24:19 +01:00
Maximilian Hils
a30a6758f3 [sans-io] fixes, fixes, fixes 2020-12-12 21:24:18 +01:00
Maximilian Hils
b2060356b6 [sans-io] wip: tls establishment semantics 2020-12-12 21:24:18 +01:00
Maximilian Hils
7efe27be74 [sans-io] refactor 2020-12-12 21:24:18 +01:00
Maximilian Hils
0740c673bd [sans-io] implement http streaming, refine error handling 2020-12-12 21:24:18 +01:00
Maximilian Hils
5671012163 [sans-io] make hooks explicit 2020-12-12 21:24:18 +01:00
Maximilian Hils
03801aecb2 [sans-io] split http layer into smaller modules 2020-12-12 21:24:18 +01:00
Maximilian Hils
9e6548e581 [sans-io] tls: handle untrusted mitmproxy certs 2020-12-12 21:24:18 +01:00
Maximilian Hils
b075b7fc15 [sans-io] tls: handle invalid clienthellos 2020-12-12 21:24:18 +01:00
Maximilian Hils
6cf0bec912 [sans-io] tls: various improvements 2020-12-12 21:24:18 +01:00
Maximilian Hils
09b6257de0 [sans-io] tls tests++ 2020-12-12 21:24:18 +01:00
Maximilian Hils
7fbe8cece7 [sans-io] tls: test alpn 2020-12-12 21:24:18 +01:00
Maximilian Hils
6ee7802bf1 [sans-io] http tests++ 2020-12-12 21:24:18 +01:00
Maximilian Hils
1c80dfe17f [sans-io] tls layer++ 2020-12-12 21:24:18 +01:00
Maximilian Hils
2736c9c705 [sans-io] remove old implementations 2020-12-12 21:24:18 +01:00
Maximilian Hils
84287f928c [sans-io] improve testing story 2020-12-12 21:24:18 +01:00
Maximilian Hils
e0eb77a794 [sans-io] add transparent proxy, improve testing 2020-12-12 21:24:18 +01:00
Maximilian Hils
87a4d3efdb [sans-io] http implementation++ 2020-12-12 21:24:18 +01:00
Maximilian Hils
f76b751661 [sans-io] fix NextLayer race condition 2020-12-12 21:24:17 +01:00
Thomas Kriechbaumer
bc20b77c48 refactor websockets 2020-12-12 21:24:17 +01:00
Maximilian Hils
a860fe4a4b [sans-io] minor test improvements 2020-12-12 21:24:17 +01:00
Maximilian Hils
8938aec2c0 [sans-io] adjust tls tests 2020-12-12 21:24:17 +01:00
Maximilian Hils
b5a3343d03 [sans-io] add ALPN support to TLS layer, tests++ 2020-12-12 21:24:17 +01:00
Maximilian Hils
3f7b850268 [sans-io] test server tls 2020-12-12 21:24:17 +01:00
Maximilian Hils
4cd83ee0af [sans-io] minor test improvements 2020-12-12 21:24:17 +01:00
Maximilian Hils
c6262f9e9c [sans-io] remove hook reply
This is not desired as hooks modify the passed object itself
instead of returning a custom reply.
2020-12-12 21:24:17 +01:00
Maximilian Hils
1fa2e59734 [sans-io] add initial tls tests 2020-12-12 21:24:17 +01:00
Maximilian Hils
9ea0259bb7 [sans-io] improve ClientHello parsing, add tests 2020-12-12 21:24:17 +01:00
Ujjwal Verma
0cb06b428e Moved tests 2020-12-12 21:24:17 +01:00
Maximilian Hils
08ecb21a78
sans-io adjustments (#4342) 2020-12-12 16:09:11 +01:00
林玮 (Jade Lin)
380ac072aa
ASGIApp should ignore the HTTP flows loaded from somewhere (#4324) 2020-12-12 11:17:38 +01:00
Maximilian Hils
01f57346ee sans-io adjustments 2020-12-11 14:09:18 +01:00
Maximilian Hils
5c734b3cd6
Merge pull request #4333 from mhils/issue-4280
fix #4280
2020-12-10 09:55:29 +01:00
Maximilian Hils
009c124dc8 fix #4280 2020-12-10 09:24:28 +01:00
Maximilian Hils
c5eae9d752 drop support for Python 3.6 and 3.7
We require Python 3.8 for sans-io (#1775),
so we need to drop support for older versions.
2020-12-06 00:25:09 +01:00
Maximilian Hils
4b8fcc8650 use OpenSSL's keylog callback for SSLKEYLOGFILE, refs #3994 2020-11-27 23:49:04 +01:00
Maximilian Hils
b01d574d8b
Merge pull request #4309 from jrblixt/InformUnderscoreFormat-Issue_4054
Inform user when underscore-formatted options are used.
2020-11-26 18:39:45 +01:00
Maximilian Hils
6d8a315c5d assume keep-alive for HTTP/2 2020-11-24 14:48:22 +01:00
jrblixt
ce528a9ff3 Inform user when underscore-formatted options are used. 2020-11-24 01:37:54 -07:00
Maximilian Hils
bce8bf5f81 make individual coverage checker happy 2020-11-21 20:19:47 +01:00
Maximilian Hils
9b0c4e2338 debug: dump asyncio tasks 2020-11-21 20:06:11 +01:00
Maximilian Hils
9b7dfb0fc9 add asyncio_utils 2020-11-21 20:01:11 +01:00
Thomas Kriechbaumer
38cca379df pyupgrade --py36-plus mitmproxy/**/*.py 2020-11-20 19:25:26 +01:00
Thomas Kriechbaumer
44a1848799
Merge pull request #4292 from Kriechi/fix-4287
command-history: fail-safe file handling
2020-11-18 22:45:22 +01:00
Thomas Kriechbaumer
3c50523025 command-history: fail-safe file handling 2020-11-17 23:08:57 +01:00
Maximilian Hils
4351262c95
Merge pull request #4294 from mhils/sans-io-adjustments
Add a switch for sans-io proxy core
2020-11-17 21:58:27 +01:00
Maximilian Hils
1490d665fe lint! 2020-11-17 20:20:38 +01:00
Maximilian Hils
77758cff93 skip async tests on old python versions 2020-11-17 19:15:24 +01:00
Maximilian Hils
739b5b0b74 sans-io compat++ 2020-11-17 17:29:33 +01:00
Felix Yan
0b0a6cfef6
Replace asynctest with stdlib mock
This is an implementation of
https://github.com/mitmproxy/mitmproxy/issues/4020

Tested to work fine here with Python 3.8.6.
2020-11-14 05:27:35 +08:00
Thomas Kriechbaumer
6289d9bca8 refactor and remove dead code 2020-11-08 13:07:44 +01:00
Thomas Kriechbaumer
488be14412
Merge pull request #4283 from Kriechi/decouple++
websocket: decouple from pathod
2020-11-07 17:15:04 +01:00
Thomas Kriechbaumer
f47bf6fe4f websocket: decouple from pathod 2020-11-07 17:04:57 +01:00
Maximilian Hils
b45147e91d
Merge pull request #4271 from jpstotz/asgi-query
asgiapp.py: fix query parameters
2020-11-07 09:48:56 +01:00
Thomas Kriechbaumer
232c71b2e0
Merge pull request #4268 from Kriechi/cleanup
detangle custom websockets implementation and replace it with mostly …
2020-11-06 22:21:24 +01:00
Thomas Kriechbaumer
c8f9823704 detangle custom websockets implementation and replace it with mostly wsproto 2020-11-06 22:08:14 +01:00
Jan Peter Stotz
66322c57e1 unit test for issue #4270 added 2020-11-06 11:32:19 +01:00
Maximilian Hils
02fad34239 update verification certs 2020-11-03 08:04:15 +01:00
Maximilian Hils
2ead32652e fix option checks 2020-11-03 07:19:05 +01:00
Maximilian Hils
f8b3874034 sync minor sans-io changes 2020-11-03 07:10:13 +01:00
Maximilian Hils
dd8d338a62 update cryptography, change test cert generation to use different CNs 2020-11-01 01:38:10 +01:00
Thomas Kriechbaumer
0f7f4ba949 various trailer-related fixes 2020-10-31 17:30:15 +01:00
Thomas Kriechbaumer
c0e846b700 fix invididual test coverage 2020-10-31 11:59:51 +01:00
Thomas Kriechbaumer
a415c218ea fix http trailer tests 2020-10-31 11:42:26 +01:00
Shiva
f4b9930b05 Added support to echo http trailers in dumper addon 2020-10-31 11:04:56 +01:00
Thomas Kriechbaumer
730ee85469
Merge branch 'master' into send-http1-trailers 2020-10-21 20:17:24 +02:00
Thomas Kriechbaumer
b167f9fd2d http2: fix missing END_STREAM flag on requests without body
fixes #4231
2020-10-17 16:59:24 +02:00
Blake Burkhart
21330f511e is_http10 and is_http11 properties to requests 2020-10-13 09:21:15 -05:00
Blake Burkhart
b17857c7ae Send http/1 request and response trailer headers 2020-10-08 20:43:28 -05:00
Miro Karvonen
abbdc31ad3 Review comment fixes, passphrase is now always required to be bytes in add_cert_file and from_store. 2020-08-31 09:01:45 +03:00
mirosyn
3ef1f966d2
Merge branch 'master' into issue-4178-passphrase 2020-08-28 17:16:12 +03:00
Miro Karvonen
adc2e8d2b6 new commandline argument --cert-passphrase added. For decrypting the private key that is provided with the --certs command 2020-08-28 16:58:20 +03:00
Chase Kelley
2aacf94a63
update raw export to not remove headers (#4181) 2020-08-28 12:41:22 +02:00
Maximilian Hils
327e933faf intercept: tests++ 2020-08-27 11:37:35 +02:00
Maximilian Hils
e31f69ff4a fix windows tests failing due to tornado bug 2020-08-27 00:25:08 +02:00
Maximilian Hils
67885320c0 add ASGI support for embedded apps
This commit replaces our WSGI implementation with a new ASGI one,
which then uses `asgiref`'s compatibility mode to still support WSGI applications.
The ASGI implementation is a bit bare-bone, but good enough for our purposes.

The major changes are:

  - We now support ASGI apps.
  - Instead of taking connections out of mitmproxy's normal processing,
    we now just set flow.response and let things continue as usual.
    This allows users to see responses in mitmproxy, use the response hook
    to modify app responses, etc. Also important for us,
    this makes the new implementation work for shenanigans like sans-io.
2020-08-13 17:22:31 +02:00
Maximilian Hils
20f6f823ac revamp onboarding app
- improve and simplify layout
- revise install instructions
- ditch fontawesome to reduce file size
2020-08-13 08:12:49 +02:00
Alexander Prinzhorn
2fe8f3a218 Use @charset to decode CSS files if available 2020-08-06 15:01:23 +02:00
Thomas Kriechbaumer
04d2b0ab35
Merge pull request #4097 from rbdixon/fix_compat_flow_no_response
Fix incompatibility reading version 7 files when flow has no response.
2020-07-22 18:47:36 +02:00
Maximilian Hils
647eab557b lint! 2020-07-22 18:28:40 +02:00
Brad Dixon
742a5d812d Add test case for flow with no response. 2020-07-22 10:05:03 -04:00
Tom Hacohen
5fd702934c Add a msgpack content viewer. 2020-07-22 16:47:08 +03:00
Maximilian Hils
46fbba639d
Merge pull request #4088 from mhils/http-authority
HTTPRequest -> http.Request, add request.authority
2020-07-19 11:43:43 +02:00
Maximilian Hils
366014d0a3
Merge pull request #4069 from mplattner/maplocal-addon
MapLocal addon
2020-07-18 14:24:45 +02:00
Maximilian Hils
fb743c7da7 map local: minor fixes 2020-07-18 14:12:45 +02:00
Martin Plattner
c98f12c4f3 map addons: fix tests 2020-07-17 19:55:34 +02:00
Martin Plattner
b3c809c45a map local: improve candidate generation (url dec.) 2020-07-17 17:29:36 +02:00
Martin Plattner
627a03c8e0 move parse_spec to util.spec 2020-07-17 14:56:33 +02:00
Maximilian Hils
06734f498d fix flaky test socket 2020-07-16 22:13:48 +02:00
Thomas Kriechbaumer
04abe6b85b match HTTP-WebSocket handshake flow with ~websocket
fixes #3990
2020-07-16 17:49:47 +02:00
Maximilian Hils
5af57cfa99 HTTPRequest -> http.Request, add request.authority 2020-07-16 16:55:15 +02:00
Maximilian Hils
e39b52b159
Merge pull request #3989 from nikitastupin/master
Add minimal TCP interception and modification!
2020-07-15 21:55:43 +02:00
Nikita Stupin
7d9e3dd9a3 Add tests for TCP flow interception 2020-07-15 22:36:00 +03:00
Martin Plattner
257c178bbe map local: fix tests 2020-07-10 20:44:23 +02:00
Maximilian Hils
fe1b76bdef refactor spec parsing, map_local candidate generation 2020-07-10 13:23:13 +02:00
Martin Plattner
41c99810ef maplocal addon: improve tests 2020-07-08 23:52:22 +02:00
Martin Plattner
53644de820 maplocal addon: add some tests 2020-07-08 01:34:48 +02:00
Martin Plattner
1b6b3cd96c add MapLocal addon draft 2020-07-07 16:12:23 +02:00
Thomas Kriechbaumer
46a0f69485
Merge pull request #4042 from sanlengjingvv/develop
support HTTP/2 trailers
2020-07-06 17:14:17 +02:00
Thomas Kriechbaumer
c0f62cc559 fix missing message body and end_stream for trailers 2020-07-06 17:04:16 +02:00
gorogoroumaru
0e998e9b52
Fix typespec_to_str funcion to process typing.Optional[int] (#4066)
* Fix typespec_to_str funcion to process typing.Optional[int]

* Add test

* Add test

Co-authored-by: gorogoroumaru <zokutyou2@gmail.com>
2020-07-05 11:20:39 +02:00
Maximilian Hils
65318603ae
Merge pull request #4058 from Vane11ope/vane11ope/fix
List was not cycled right for tab auto-completion
2020-07-05 04:04:44 +02:00
Vane11ope
ecf076cb24 Add tests for list completer 2020-07-05 10:40:48 +09:00
Maximilian Hils
0ee0cf5668 minor addon improvements, fix tests 2020-07-04 11:19:23 +02:00
Martin Plattner
89fad1e2b1 add mapremote addon to modify request URLs 2020-07-03 14:27:37 +02:00
Thomas Kriechbaumer
ebb061796c unify HTTP trailers APIs 2020-07-02 18:31:47 +02:00
sanlengjingvv
d589f13a1d fix lint error 2020-07-02 18:46:38 +08:00
Martin Plattner
a782bb47a7 fix linting error 2020-07-02 12:42:14 +02:00
sanlengjingvv
22eb492a13 update FLOW_FORMAT_VERSION version
fix error when dump flow with http trailers
add testcase for http trailers
2020-07-02 18:32:12 +08:00
Martin Plattner
aee1b81260 fix test coverage 2020-07-01 23:51:55 +02:00
Martin Plattner
2a408c9379 refactor modify addons
Use a universal ModifySpec class to represent rules.
ModifyHeaders now supports reading the header value from a  file.
2020-07-01 13:25:28 +02:00
Martin Plattner
0a12479399 modify addons: cleanup redundant code and error handling 2020-06-30 16:20:06 +02:00
Martin Plattner
48dcc6e073 revert modify headers parameter order 2020-06-30 14:57:46 +02:00
Martin Plattner
b263b0dece replacements addon: rename to ModifyBody 2020-06-26 20:10:57 +02:00
Martin Plattner
96e756ead0 remove not needed replacement code 2020-06-26 19:04:22 +02:00
Martin Plattner
b608b0ef3e replacements addon: improve namings 2020-06-26 18:58:17 +02:00
Maximilian Hils
8783630ac3 minor: rename pytest fixture
tctx clashes with an omnipresent fixture on sans-io and my IDE
is not smart enough to figure out which one is which.
2020-06-26 01:01:25 +02:00
Martin Plattner
781e0a2e7c rename SetHeaders addon to ModifyHeaders 2020-06-25 18:08:48 +02:00
Martin Plattner
ccf7182a11 setheaders addon: removal of existing headers 2020-06-25 16:46:24 +02:00
Martin Plattner
b6c70950c3 setheaders addon: change pattern order 2020-06-25 15:33:42 +02:00
Maximilian Hils
ed68e0a1ba
Merge pull request #4040 from mhils/restructure-examples
Restructure examples
2020-06-23 20:21:48 +02:00
Maximilian Hils
08895e9ba6 restructure examples
- restructure examples (fix #4031)
 - remove example dependencies from setup.py,
   we do not need special dependencies for our supported addons.
 - unify how we generate docs from code
 - improve example docs
2020-06-23 16:00:14 +02:00
Brad Dixon
75ec05c85e HTTP2 response reason is None, render as '' in property.
Fixes an error triggered when displaying an HTTP2 response loaded
from a file.
2020-06-08 09:09:09 -04:00
anneborcherding
7fdcbb09e6
added add-ons that enhance the performance of web application scanners. (#3961)
* added add-ons that enhance the performance of web application scanners.

Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-05-04 10:37:13 +02:00
root
4dd9abd6a9 add test for console error 2020-05-01 16:07:29 +05:30
Maximilian Hils
3c1a184c5d
Merge pull request #3929 from sarthak212/colorizejson
colorize json
2020-04-19 17:44:17 +02:00
Maximilian Hils
ca74ec3c77 json contentview: minor improvements 2020-04-19 16:51:16 +02:00
root
454f1779f0 colorize json 2020-04-19 12:49:09 +02:00
Maximilian Hils
8cd5e2d25b lint, mypy, tests++ 2020-04-12 01:50:34 +02:00
Maximilian Hils
b5e3f736c0 minor improvements, tests++ 2020-04-09 08:25:22 +02:00
Kevin Cui
4d2cb321d6 #3911 Support keybinding for different contexts with different commands 2020-04-07 16:10:26 +02:00
Maximilian Hils
fbe296aaba
Merge pull request #3893 from matosconsulting/mitmenhancedhostcheck
#3885 handle hyphens in domain name, enhance validation checks
2020-04-06 22:39:56 +02:00
Marcus R. Matos
901c0f6ede #3885 implement simpler regex for host validation 2020-04-05 15:50:28 -05:00
Maximilian Hils
5e0a89dbc8 don't force host header on outgoing requests 2020-04-04 16:19:24 +02:00
Maximilian Hils
9897ca7227 sync sans-io adjustments 2020-04-04 15:08:12 +02:00
Marcus R. Matos
2722f4fd76 #3885 handle hyphens in domain name, enhance validation checks, linter updates 2020-04-03 20:15:50 -05:00
Marcus R. Matos
1039d09ed6 #3885 handle hyphens in domain name, enhance validation checks 2020-04-03 19:56:54 -05:00
Maximilian Hils
3c09e1a516
Merge pull request #3692 from mhils/tls13
Update cryptography, enable TLS 1.3
2020-04-03 17:10:32 +02:00
Maximilian Hils
1e3f1b4d2b fix tls test on Windows 2020-04-03 12:05:06 +02:00
Maximilian Hils
3046a628fd
Merge pull request #3849 from sarthak212/errorhandling
Fix:Addon OptionsError is neither logged, nor does it stop mitmproxy
2020-04-02 10:13:30 +02:00
root
79b8fcc052 Changes 2020-03-31 10:07:53 +05:30
root
61617919ff remove whitespace 2020-03-11 01:46:29 +05:30
root
42ea9a2d49 test case option error 2020-03-11 01:36:47 +05:30
Maximilian Hils
1930578f05
remove duplicate test 2020-03-09 22:26:45 +01:00
naivekun
2a5164351f extend tests for headers.replace() 2020-03-02 01:29:47 +08:00
Rohan Fletcher
e25e464acb http2: added test for all stream reset types 2020-02-12 09:36:39 +13:00
Maximilian Hils
be4ba3f1c6 fix #3801 2020-02-04 19:26:14 +01:00
Maximilian Hils
89c3675741 mitmproxy --version: incorporate non-annotated tags 2019-12-21 02:18:26 +01:00
Maximilian Hils
a58b8c9cdb
Merge pull request #3724 from typoon/command-history-file
Save user executed commands to a history file
2019-12-12 15:12:37 +01:00
Yoav Shai
4ffa1ed7b6 Add flow to ContentView metadata 2019-12-06 00:13:20 +02:00
Henrique
2177eb9e35 Fixed small issue 2019-11-27 09:27:38 -05:00
Henrique
8eb173b44e Fixed small bugs on command_history and tests 2019-11-27 09:21:30 -05:00
Maximilian Hils
819d5e6317 command history: start adjusting tests 2019-11-26 02:43:09 +01:00
Henrique
68b016e180 Addressing comments from review 2019-11-25 14:37:49 -05:00
Henrique
4464648c38 Logic to handle multiple instances using CommandHistory. 2019-11-25 13:08:09 -05:00
Henrique
5b582a76a8 Make windows happy once again 2019-11-25 10:48:42 -05:00
Henrique
1c8abaed78 Make windows happy 2019-11-25 10:39:36 -05:00
Henrique
ed7f0b4b39 Making windows happy 2019-11-25 10:24:46 -05:00
Henrique
640bec24e5 Oops, forgot to add the tests for the CommandHistory addon 2019-11-25 10:23:51 -05:00
Henrique
7b386d5393 Fixed the logic according to some tests, added new tests 2019-11-24 20:13:25 -05:00
Maximilian Hils
e768f5ba83 use OpenSSL's hostname validation 2019-11-23 18:02:45 +01:00
Maximilian Hils
0f868e9924 update cryptography 2019-11-23 01:06:23 +01:00
Henrique
16b55f9476 Implemented feature to save command history to a file. This allows users
to reuse their commands the next time they open mitmproxy
2019-11-22 10:00:17 -05:00
Maximilian Hils
3550bdfe00
Merge pull request #3693 from typoon/fix-command-bar-issue-3259
Improve Command Bar UX
2019-11-21 14:13:08 +01:00
Maximilian Hils
fa100b9d16 lint! 2019-11-19 21:11:49 +01:00
Maximilian Hils
228e1c74c2 fix tests 2019-11-19 18:37:47 +01:00
Maximilian Hils
c7eedcbc1a fix 'set' to only accept a single argument 2019-11-19 18:29:22 +01:00
Maximilian Hils
76e6484107 fix lexing, sort of 2019-11-19 18:21:14 +01:00
Maximilian Hils
e92b957e3a
Use Github Actions for CI (#3713)
switch to github actions for CI
2019-11-19 18:15:08 +01:00
Maximilian Hils
74f5fa6a77 wip 2019-11-18 22:03:51 +01:00
Maximilian Hils
dd556f052b coverage++ 2019-11-18 04:34:23 +01:00
Maximilian Hils
da0755106d adjust test 2019-11-18 03:54:18 +01:00
Maximilian Hils
f75a95acea fix vararg handling 2019-11-18 03:45:16 +01:00
Maximilian Hils
cb723c53fa revamp command processing
- Display the parameter name instead of the parameter type
  whenver users interact with commands. This makes it easy to
  enter commands just by their signature. We may want to expose type
  information in the command list, but some quick testing showed that
  this are rather intuitive anyways.
- Add shift tab backward cycling for the command completion.
- Use inspect.Signature instead of homebrew argument matching solution.
  This gets rid of quite a bit of cruft.
- Remove some type checking hacks in mitmproxy.types
2019-11-18 03:05:41 +01:00
Henrique
8b52ea248e Added coverage for the changes made 2019-11-17 11:26:20 -05:00
Henrique
13fe07f48f Brought coverage up to 94% on test_commander.py 2019-11-16 20:14:38 -05:00
Henrique
7779eef572 Various changes to address PR comments
Made a change to make `CommandManager.execute` the main entry point for
executing commands and made `call_strings` into a private method.
2019-11-16 17:01:47 -05:00
Henrique
79caf3a458 Fixing issues pointed during PR review 2019-11-16 09:16:50 -05:00
Maximilian Hils
8158349db5
Merge branch 'master' into master 2019-11-16 12:07:22 +01:00
Maximilian Hils
d1eec4d807
Merge pull request #3705 from mhils/issue-3469
Fix #3469
2019-11-16 12:06:13 +01:00
Maximilian Hils
5c0be1de4a
Merge pull request #3448 from cript0nauta/master
Fix command injection vulnerability when exporting to curl or httpie
2019-11-16 12:03:34 +01:00
Michael McKeirnan
a6e8b930c9 Adding raw_request and raw_response to export
This is a proposed change for
https://github.com/mitmproxy/mitmproxy/issues/3701 which alters the
behavior of a raw http export to include both the request and the
response. Additionally, this introduces two new export options
"raw_request" and "raw_response" which allow for exporting the raw HTTP
request or response individually.
2019-11-16 01:20:50 -08:00
Maximilian Hils
248034c528 tests++ 2019-11-15 21:17:29 +01:00
Maximilian Hils
484e099eb1 test coverage++ 2019-11-15 20:57:03 +01:00
Henrique M. D
021a141521
Merge branch 'master' into fix-command-bar-issue-3259 2019-11-15 13:59:57 -05:00
Henrique
8972250167 Removed the custom lexer in favor of using pyparsing. 2019-11-15 13:07:12 -05:00
Maximilian Hils
698f7e2e17
Merge pull request #3420 from rjt-gupta/multipart-fix
multipart-fix
2019-11-15 19:04:47 +01:00
Maximilian Hils
01ddda75e8 improve curl/httpie export 2019-11-15 19:02:59 +01:00
Maximilian Hils
0873566ff0 Merge remote-tracking branch 'origin/master' into pr-3448 2019-11-15 18:10:42 +01:00
Michael McKeirnan
dae01ad623 Adding export raw http response
Adding a new export type for raw http response, and changing export raw to export
raw_request to distinguish between the two. This is a proposed change for https://github.com/mitmproxy/mitmproxy/issues/3701
2019-11-15 01:21:54 -08:00
Henrique
f2b118817e Added a new test to test that the issue from the previous commit won't
happen anymore
2019-11-13 10:32:17 -05:00
Henrique
875adb2ba8 Added tests to reach 100% coverage 2019-11-13 09:32:51 -05:00
Henrique
d90262ad35 Getting 100% coverage in the lexer 2019-11-12 23:16:52 -05:00
Henrique
eee4b24e98 Fixing issues reported by the linter 2019-11-12 22:50:33 -05:00
Henrique
578eb7239c Tests for the new lexer 2019-11-12 22:09:04 -05:00
Henrique
561d6d91d1 Fixed test to use the new method to get the lexer 2019-11-12 22:08:10 -05:00
Henrique
c7ffc22819 Fix for issues when using \ and " on the commander bar 2019-11-12 18:57:39 -05:00
Maximilian Hils
dac0bfe786
Merge pull request #3691 from mhils/sans-io-adjustments
Update mypy, sans-io adjustments
2019-11-12 05:04:05 +01:00
Maximilian Hils
bdc15cbe0c update mypy 2019-11-12 04:38:13 +01:00
Maximilian Hils
f97996126f minor improvements and sans-io adjustments 2019-11-11 18:35:06 +01:00
Maximilian Hils
8e64ac0575
Merge pull request #3679 from tomlabaude/pf_ipv6
Added support for IPv6 in pf.py for macOS
2019-11-07 18:32:26 +01:00
Maximilian Hils
80963966b2 make duration formatting more forgiving 2019-11-07 18:19:50 +01:00
Tom
ff628e783e pfctl state output always have 2 lines for each socket. Adding outgoing lines in data which matches lines before incoming ones. Also adding IPv6 data and tests 2019-11-05 20:27:00 +01:00
Yoann L
3370740361 several fixes on command exports has several problems: #3676
* authority can usually rely on actual URL. as `:authority` headers will
break curl command. (advise if it's better to change them to Host, or if
it should be reported on curl side)
* `content-length`: 0 is added for each request. if it's found in the
curl argument list, it'll try to fetch an empty body (and crash).
also trying to guess on accept-encoding header to add the
`--compress` option when fetching potentially compressed content.
* ditto for httpie
2019-10-28 17:51:59 +01:00
Maximilian Hils
902ef59d01
Move onboardingapp from tornado to flask (#3661) 2019-10-06 14:41:46 +02:00
vin01
93f9e30728 Add key_size option to define rsa key size (#3657) 2019-09-30 19:19:52 +02:00
Thomas Kriechbaumer
ace79afefc bump more deps 2019-09-28 23:29:13 +02:00
Thomas Kriechbaumer
53cb5bf40f bump deps 2019-09-28 17:37:43 +02:00
Thomas Kriechbaumer
7d60dde76c
Merge pull request #3464 from rjt-gupta/url-fix
Non ascii characters in url
2019-09-28 11:46:58 +02:00
Thomas Kriechbaumer
76bd3ef82d
Merge pull request #3486 from rjt-gupta/unicode-filter
filter unicode fix
2019-09-28 11:44:15 +02:00
Thomas Kriechbaumer
26e55b0a7f
Merge pull request #3526 from pierlon/feature/allow-hosts
Add --allow_hosts option
2019-09-28 11:40:18 +02:00
Maximilian Hils
a08c22dcdd
Merge pull request #3631 from mhils/lint
Fix CI
2019-09-05 23:20:54 +02:00
Maximilian Hils
e77f375186 lint 2019-09-05 22:08:21 +02:00
Tero Saaristo
dd3589ce34 encoding: add support for zstd (zstandard)
Handles zstandard-compressed bodies labeled as zstd.
2019-09-05 17:52:04 +03:00
Pierre Gordon
1b3f86e709 Verify ignore_hosts & allow_hosts are mutually exclusive 2019-04-19 13:10:39 -05:00
Pierre Gordon
8d0c800d15 Add --allow_hosts option
Closes #3295
2019-04-19 12:39:53 -05:00
Anthony Biondo
a8489466c1 update formatdate for cookies and tests to use GMT formatting 2019-04-16 22:11:27 -04:00
rjt-gupta
6e153b2c01 filter unicode fix 2019-02-24 01:45:45 +05:30
rjt-gupta
580ba356ad test coverage improved 2019-02-06 03:42:07 +05:30
rjt-gupta
d08d2185ea multipart encoder and tests 2019-02-06 03:42:07 +05:30
rjt-gupta
4df325335b multipart-fix 2019-02-06 03:42:07 +05:30
rjt-gupta
cec8c67465 non ascii fix and tests 2019-02-03 00:49:53 +05:30
Thomas Kriechbaumer
67aa1b63f9
Merge pull request #3437 from yan12125/fix-tests-on-mojave
Fix a failing test on macOS Mojave
2019-01-26 14:57:41 +01:00
Matías Lang
e6da62a50a Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2019-01-13 23:55:27 -03:00
Matías Lang
eab4174b87 Fix command injection when exporting to httpie
The command generated by `export.clip httpie @focus` or `export.file
httpie @focus /path/to/file` wasn't being properly escaped so it could
contain a malicious command instead of just a simple httpie call.
2019-01-13 23:45:28 -03:00
Matías Lang
d027891cec Fix command injection when exporting to curl
The command generated by `export.clip curl @focus` or `export.file curl
@focus /path/to/file` wasn't being properly escaped so it could contain
a malicious command instead of just a simple curl.
2019-01-13 23:39:50 -03:00
Maximilian Hils
82bc8c7ca2
Merge pull request #3444 from BoboTiG/fix-resource-leaks
Fix ResourceWarning: unclosed file, prevent resource leaks
2019-01-06 17:43:47 +01:00
Mickaël Schoentgen
c03b07930c Fix ResourceWarning: unclosed file, prevent resource leaks
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-06 15:06:30 +01:00
Mickaël Schoentgen
3a2d7bb119 Fix several DeprecationWarning: invalid escape sequence
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-05 23:37:48 +01:00
Chih-Hsuan Yen
cc33f40f29
Fix a failing test on macOS Mojave 2018-12-29 21:24:46 +08:00
Rajat Gupta
e2bcca47b1 charset in meta tags (#3411)
original contribution from @0xHJK in https://github.com/mitmproxy/mitmproxy/pull/3150
2018-12-13 15:34:12 +01:00
Rajat Gupta
db658b12ed fix query array
fixes #3072 
closes #3254
2018-12-03 22:05:59 +01:00
Thomas Kriechbaumer
2fb2b48a06 bump dependencies 2018-12-02 15:48:20 +01:00
Abhigyan Khaund
cda4248610 Change variable o to organization for generated certficates. 2018-11-11 10:58:14 +05:30
Abcdefghijklmnopqrstuvwxyzxyz
d4f4cfe225 Add Organization field for the generated certificate (#3376)
add organization field for the generated certificate
2018-11-09 09:06:04 +01:00
Jessica Favin
0cbbcffd89 test_dumper.py - Add sio_err everywhere + adjust test_simple 2018-11-04 17:24:34 +01:00
Jessica Favin
312f922316 Fix test_dumper.py - Dumper constructor 2018-11-04 16:26:51 +01:00
Jessica Favin
ade136dc4d Update test_dumper.py 2018-11-04 16:06:17 +01:00
Maximilian Hils
28551e9655
use skip_windows decorator consistently 2018-10-23 15:24:59 +02:00
Fred Miller
bf3570b3b9
Skip file permission test on Windows 2018-10-23 08:53:51 +08:00
Fred Miller
f16621a38b
Make private keys readable only by the owner 2018-10-22 22:53:58 +08:00
Miroslav
ed9e3d5137 keys.yaml priority over defaultkeys.py. Test for this. 2018-09-29 15:54:17 +03:00
Maximilian Hils
e15619f34e
Merge pull request #3319 from mhils/issue-3316
Fix #3316
2018-09-07 10:34:55 +02:00
Maximilian Hils
1b6a8d6acd fix #3316 2018-09-07 10:24:28 +02:00
David Kremer
dcd8ba34ab [test/xss_scanner] add fixtures in tests
The previous version of that script made a repetitive use
of the  pytest builtin fixture, with always
the same arguments.

This is a small refactoring and cleanup, mainly adding the 'function'
scope to ensure proper cleaning and using the @pytest.fixture
decorator where I could.
2018-08-15 19:47:55 +02:00
madt1m
a52451900c session: implemented changes requested after PR review. 2018-08-05 21:57:55 +02:00
madt1m
e9c2b12dab tests: Full coverage. Everything working, ready for review 2018-08-03 16:32:50 +02:00
madt1m
4e0c10b88b tests: 97% coverage reached. Session opportunely patched after emerged defects. 2018-08-02 05:55:35 +02:00