# Copyright (C) 2010 Aldo Cortesi
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
import re, os, subprocess, datetime, textwrap, errno
import optparse
def format_timestamp(s):
d = datetime.datetime.fromtimestamp(s)
return d.strftime("%Y-%m-%d %H:%M:%S")
def isBin(s):
"""
Does this string have any non-ASCII characters?
"""
for i in s:
i = ord(i)
if i < 9:
return True
elif i > 13 and i < 32:
return True
elif i > 126:
return True
return False
def cleanBin(s):
parts = []
for i in s:
o = ord(i)
if o > 31 and o < 127:
parts.append(i)
else:
parts.append(".")
return "".join(parts)
TAG = r"""
<\s*
(?!\s*[!"])
(?P\s*\/)?
(?P\w+)
(
[^'"\t >]+ |
"[^\"]*"['\"]* |
'[^']*'['\"]* |
\s+
)*
(?P\s*\/\s*)?
\s*>
"""
UNI = set(["br", "hr", "img", "input", "area", "link"])
INDENT = " "*4
def pretty_xmlish(s):
"""
A robust pretty-printer for XML-ish data.
Returns a list of lines.
"""
data, offset, indent, prev = [], 0, 0, None
for i in re.finditer(TAG, s, re.VERBOSE|re.MULTILINE):
start, end = i.span()
name = i.group("name")
if start > offset:
txt = []
for x in textwrap.dedent(s[offset:start]).split("\n"):
if x.strip():
txt.append(indent*INDENT + x)
data.extend(txt)
if i.group("close") and not (name in UNI and name==prev):
indent = max(indent - 1, 0)
data.append(indent*INDENT + i.group().strip())
offset = end
if not any([i.group("close"), i.group("selfcont"), name in UNI]):
indent += 1
prev = name
trail = s[offset:]
if trail.strip():
data.append(s[offset:])
return data
def hexdump(s):
"""
Returns a set of typles:
(offset, hex, str)
"""
parts = []
for i in range(0, len(s), 16):
o = "%.10x"%i
part = s[i:i+16]
x = " ".join(["%.2x"%ord(i) for i in part])
if len(part) < 16:
x += " "
x += " ".join([" " for i in range(16-len(part))])
parts.append(
(o, x, cleanBin(part))
)
return parts
def isStringLike(anobj):
try:
# Avoid succeeding expensively if anobj is large.
anobj[:0]+''
except:
return 0
else:
return 1
def isSequenceLike(anobj):
"""
Is anobj a non-string sequence type (list, tuple, iterator, or
similar)? Crude, but mostly effective.
"""
if not hasattr(anobj, "next"):
if isStringLike(anobj):
return 0
try:
anobj[:0]
except:
return 0
return 1
def _caseless(s):
return s.lower()
def try_del(dict, key):
try:
del dict[key]
except KeyError:
pass
class MultiDict:
"""
Simple wrapper around a dictionary to make holding multiple objects per
key easier.
Note that this class assumes that keys are strings.
Keys have no order, but the order in which values are added to a key is
preserved.
"""
# This ridiculous bit of subterfuge is needed to prevent the class from
# treating this as a bound method.
_helper = (str,)
def __init__(self):
self._d = dict()
def copy(self):
m = self.__class__()
m._d = self._d.copy()
return m
def clear(self):
return self._d.clear()
def get(self, key, d=None):
key = self._helper[0](key)
return self._d.get(key, d)
def __eq__(self, other):
return dict(self) == dict(other)
def __delitem__(self, key):
self._d.__delitem__(key)
def __getitem__(self, key):
key = self._helper[0](key)
return self._d.__getitem__(key)
def __setitem__(self, key, value):
if not isSequenceLike(value):
raise ValueError, "Cannot insert non-sequence."
key = self._helper[0](key)
return self._d.__setitem__(key, value)
def has_key(self, key):
key = self._helper[0](key)
return self._d.has_key(key)
def keys(self):
return self._d.keys()
def extend(self, key, value):
if not self.has_key(key):
self[key] = []
self[key].extend(value)
def append(self, key, value):
self.extend(key, [value])
def itemPairs(self):
"""
Yield all possible pairs of items.
"""
for i in self.keys():
for j in self[i]:
yield (i, j)
def get_state(self):
return list(self.itemPairs())
@classmethod
def from_state(klass, state):
md = klass()
for i in state:
md.append(*i)
return md
class Headers(MultiDict):
"""
A dictionary-like class for keeping track of HTTP headers.
It is case insensitive, and __repr__ formats the headers correcty for
output to the server.
"""
_helper = (_caseless,)
def __repr__(self):
"""
Returns a string containing a formatted header string.
"""
headerElements = []
for key in sorted(self.keys()):
for val in self[key]:
headerElements.append(key + ": " + val)
headerElements.append("")
return "\r\n".join(headerElements)
def match_re(self, expr):
"""
Match the regular expression against each header (key, value) pair.
"""
for k, v in self.itemPairs():
s = "%s: %s"%(k, v)
if re.search(expr, s):
return True
return False
def read(self, fp):
"""
Read a set of headers from a file pointer. Stop once a blank line
is reached.
"""
name = ''
while 1:
line = fp.readline()
if not line or line == '\r\n' or line == '\n':
break
if line[0] in ' \t':
# continued header
self[name][-1] = self[name][-1] + '\r\n ' + line.strip()
else:
i = line.find(':')
# We're being liberal in what we accept, here.
if i > 0:
name = line[:i]
value = line[i+1:].strip()
if self.has_key(name):
# merge value
self.append(name, value)
else:
self[name] = [value]
def pretty_size(size):
suffixes = [
("B", 2**10),
("kB", 2**20),
("M", 2**30),
]
for suf, lim in suffixes:
if size >= lim:
continue
else:
x = round(size/float(lim/2**10), 2)
if x == int(x):
x = int(x)
return str(x) + suf
class Data:
def __init__(self, name):
m = __import__(name)
dirname, _ = os.path.split(m.__file__)
self.dirname = os.path.abspath(dirname)
def path(self, path):
"""
Returns a path to the package data housed at 'path' under this
module.Path can be a path to a file, or to a directory.
This function will raise ValueError if the path does not exist.
"""
fullpath = os.path.join(self.dirname, path)
if not os.path.exists(fullpath):
raise ValueError, "dataPath: %s does not exist."%fullpath
return fullpath
data = Data(__name__)
def make_openssl_conf(path, countryName=None, stateOrProvinceName=None, localityName=None, organizationName=None, organizationalUnitName=None, commonName=None, emailAddress=None, ca=False):
cnf = open(path, "w")
cnf.write("[ req ]\n")
cnf.write("prompt = no\n")
cnf.write("distinguished_name = req_distinguished_name\n")
if ca:
cnf.write("x509_extensions = v3_ca # The extentions to add to the self signed cert\n")
cnf.write("\n")
cnf.write("[ req_distinguished_name ]\n")
if countryName is not None:
cnf.write("countryName = %s\n" % (countryName) )
cnf.write("stateOrProvinceName = %s\n" % (stateOrProvinceName) )
cnf.write("localityName = %s\n" % (localityName) )
cnf.write("organizationName = %s\n" % (organizationName) )
cnf.write("organizationalUnitName = %s\n" % (organizationalUnitName) )
cnf.write("commonName = %s\n" % (commonName) )
cnf.write("emailAddress = %s\n" % (emailAddress) )
cnf.write("\n")
cnf.write("[ v3_ca ]\n")
cnf.write("subjectKeyIdentifier=hash\n")
cnf.write("authorityKeyIdentifier=keyid:always,issuer\n")
if ca:
cnf.write("basicConstraints = critical,CA:true\n")
cnf.write("keyUsage = cRLSign, keyCertSign\n")
#cnf.write("nsCertType = sslCA, emailCA\n")
#cnf.write("subjectAltName=email:copy\n")
#cnf.write("issuerAltName=issuer:copy\n")
def make_bogus_cert(certpath, countryName=None, stateOrProvinceName=None, localityName=None, organizationName="mitmproxy", organizationalUnitName=None, commonName="Dummy Certificate", emailAddress=None, ca=None, newca=False):
# Generates a bogus certificate like so:
# openssl req -config template -x509 -nodes -days 9999 -newkey rsa:1024 \
# -keyout cert.pem -out cert.pem
(path, ext) = os.path.splitext(certpath)
d = os.path.dirname(path)
if not os.path.exists(d):
os.makedirs(d)
cnf = open(path+".cnf", "w")
cnf.write("[ req ]\n")
cnf.write("prompt = no\n")
cnf.write("distinguished_name = req_distinguished_name\n")
if newca:
cnf.write("x509_extensions = v3_ca\n")
cnf.write("req_extensions = v3_ca_req\n")
else:
cnf.write("x509_extensions = v3_cert\n")
cnf.write("req_extensions = v3_cert_req\n")
cnf.write("\n")
cnf.write("[ req_distinguished_name ]\n")
if countryName is not None:
cnf.write("countryName = %s\n" % (countryName) )
if stateOrProvinceName is not None:
cnf.write("stateOrProvinceName = %s\n" % (stateOrProvinceName) )
if localityName is not None:
cnf.write("localityName = %s\n" % (localityName) )
if organizationName is not None:
cnf.write("organizationName = %s\n" % (organizationName) )
if organizationalUnitName is not None:
cnf.write("organizationalUnitName = %s\n" % (organizationalUnitName) )
if commonName is not None:
cnf.write("commonName = %s\n" % (commonName) )
if emailAddress is not None:
cnf.write("emailAddress = %s\n" % (emailAddress) )
cnf.write("\n")
cnf.write("[ v3_ca ]\n")
cnf.write("subjectKeyIdentifier=hash\n")
cnf.write("authorityKeyIdentifier=keyid:always,issuer\n")
cnf.write("basicConstraints = critical,CA:true\n")
cnf.write("keyUsage = cRLSign, keyCertSign\n")
cnf.write("nsCertType = sslCA\n")
#cnf.write("subjectAltName=email:copy\n")
#cnf.write("issuerAltName=issuer:copy\n")
cnf.write("\n")
cnf.write("[ v3_ca_req ]\n")
cnf.write("basicConstraints = critical,CA:true\n")
cnf.write("keyUsage = cRLSign, keyCertSign\n")
cnf.write("nsCertType = sslCA\n")
#cnf.write("subjectAltName=email:copy\n")
cnf.write("\n")
cnf.write("[ v3_cert ]\n")
cnf.write("basicConstraints = CA:false\n")
cnf.write("keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n")
cnf.write("nsCertType = server\n")
cnf.write("subjectKeyIdentifier=hash\n")
cnf.write("authorityKeyIdentifier=keyid:always,issuer\n")
cnf.write("\n")
cnf.write("[ v3_cert_req ]\n")
cnf.write("basicConstraints = CA:false\n")
cnf.write("keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n")
cnf.write("nsCertType = server\n")
cnf.write("\n")
cnf.close()
if ca is None:
# Create a new selfsigned certificate + key
cmd = [
"openssl",
"req",
"-new",
"-x509",
"-config", path+".cnf",
"-nodes",
"-days", "9999",
"-out", certpath,
"-newkey", "rsa:1024",
"-keyout", certpath,
]
#print " ".join(cmd)
subprocess.call(
cmd,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE
)
else:
# Create a dummy signed certificate. Uses same key as the signing CA
cmd = [
"openssl",
"req",
"-new",
"-config", path+".cnf",
"-out", path+".req",
"-key", ca,
]
#print " ".join(cmd)
subprocess.call(
cmd,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE
)
cmd = [
"openssl",
"x509",
"-req",
"-in", path+".req",
"-days", "9999",
"-out", certpath,
"-CA", ca,
"-CAcreateserial",
"-extfile", path+".cnf"
]
if newca:
cmd.extend([
"-extensions", "v3_ca",
])
else:
cmd.extend([
"-extensions", "v3_cert",
])
#print " ".join(cmd)
subprocess.call(
cmd,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE
)
def mkdir_p(path):
try:
os.makedirs(path)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
raise
def certificate_option_group(parser):
group = optparse.OptionGroup(parser, "SSL")
group.add_option(
"--cert", action="store",
type = "str", dest="cert", default="~/.mitmproxy/default.pem",
help = "SSL certificate file."
)
group.add_option(
"-c", "--cacert", action="store",
type = "str", dest="cacert", default="~/.mitmproxy/ca.pem",
help = "SSL CA certificate file."
)
group.add_option(
"--certpath", action="store",
type = "str", dest="certpath", default="~/.mitmproxy/",
help = "SSL certificate store path."
)
group.add_option(
"--ciphers", action="store",
type = "str", dest="ciphers", default=None,
help = "SSL ciphers."
)
parser.add_option_group(group)
def process_certificate_option_group(options):
if options.cert is not None:
options.cert = os.path.expanduser(options.cert)
if not os.path.exists(options.cert):
print >> sys.stderr, "Creating bogus certificate at %s"%options.cert
utils.make_bogus_cert(options.cert)
if options.cacert is not None:
options.cacert = os.path.expanduser(options.cacert)
if not os.path.exists(options.cacert):
print >> sys.stderr, "Creating bogus CA certificate at %s"%options.cacert
utils.make_bogus_cert(options.cacert, newca=True, commonName="Dummy CA")
if options.certpath is not None:
options.certpath = os.path.expanduser(options.certpath)
elif options.cacert is not None:
options.certpath = os.path.dirname(options.cacert)
if options.cache is not None:
options.cache = os.path.expanduser(options.cache)