- No output to stdout on load in examples - they muck up the test suite.
- Use the odict module directly, rather than aliasing it. The small convenience
this gives to scripters is not worth it.
- Move the cookie tests from the flow test module to the protocol_http test
module.
This initiates a connection to the server to obtain certificate information to
generate interception certificates. At the moment, the information used is the
Common Name, and the list of Subject Alternative Names.
- Extract proxy spec parsing and unparsing functions.
- Add a status indicator in mitmproxy.
- Add the "R" keybinding for changing the reverse proxy from within mitmproxy.
- Retain the specification from the Host header as a Request's description.
- Expand upstream proxy specifications to include the scheme. We now say https://hostname:port
- Move the "R" revert keybinding to "v" to make room for a reverse proxy
binding that matches the command-line flag.
This is a common task in pentesting scenarios. This commit adds the following
functions:
utils.Headers.replace
proxy.Request.replace
proxy.Response.replace
flow.Flow.replace
Two different strategies here:
- Use a simple heuristic to detect if we're looking at XML data when indent
mode is used. On non-XML data we can hang even on small documents.
- Only view partial data for large bodies. At the moment the cutoff is
100k. I might finetune this later.
- The OpenSSL x509 has no way to explicitly set the notBefore value on
certificates.
- If two systems have the same configured time, it's possible to return a
certificate before the validity start time has arrived.
- We "solve" this by waiting for one second when a certificate is first
generated before returning the cert. The alternative is to rewrite pretty much
all of our certificate generation, a thought too horrible to contemplate.
We now create three different files in the .mitmproxy directory when a dummy CA
is made:
mitmproxy-ca.pem - the CA, including private key
mitmproxy-ca-cert.p12 - A pkcs12 version of the certificate, for distribution to Windows.
mitmproxy-ca-cert.pem - A PEM version of the certificate, for distribution to everyone else.
- Computing the view of a large body is expensive, so we introduce an LRU cache
to hold the latest 20 results.
- Use ListView more correctly, passing it individual urwid.Text snippets,
rather than a single large one. This hugely improves render time.
