mitmproxy/CHANGELOG
2015-07-26 14:21:18 +12:00

388 lines
13 KiB
Plaintext

24 July 2015: mitmproxy 0.13
* Upstream certificate validation. See the --verify-upstream-cert,
--upstream-trusted-cadir and --upstream-trusted-ca parameters. Thanks to
Kyle Morton (github.com/kyle-m) for his work on this.
* Add HTTP transparent proxy mode. This uses the host headers from HTTP
traffic (rather than SNI and IP address information from the OS) to
implement perform transparent proxying. Thanks to github.com/ijiro123 for
this feature.
* Add ~src and ~dst REGEX filters, allowing matching on source and
destination addresses in the form of <IP>:<Port>
* mitmproxy console: change g/G keyboard shortcuts to match less. Thanks to
Jose Luis Honorato (github.com/jlhonora).
* mitmproxy console: Flow marking and unmarking. Marked flows are not
deleted when the flow list is cleared. Thanks to Jake Drahos
(github.com/drahosj).
* mitmproxy console: add marking of flows
* Remove the certforward feature. It was added to allow exploitation of
#gotofail, which is no longer a common vulnerability. Permitting this
hugely increased the complexity of packaging and distributing mitmproxy.
3 June 2015: mitmproxy 0.12.1
* mitmproxy console: mouse interaction - scroll in the flow list, click on
flow to view, click to switch between tabs.
* Update our crypto defaults: SHA256, 2048 bit RSA, 4096 bit DH parameters.
* BUGFIX: crash under some circumstances when copying to clipboard.
* BUGFIX: occasional crash when deleting flows.
18 May 2015: mitmproxy 0.12
* mitmproxy console: Significant revamp of the UI. The major changes are
listed below, and in addition almost every aspect of the UI has
been tweaked, and performance has improved significantly.
* mitmproxy console: A new options screen has been created ("o" shortcut),
and many options that were previously manipulated directly via a
keybinding have been moved there.
* mitmproxy console: Big improvement in palettes. This includes improvements
to all colour schemes. Palettes now set the terminal background colour by
default, and a new --palette-transparent option has been added to disable
this.
* mitmproxy console: g/G shortcuts throughout mitmproxy console to jump
to the beginning/end of the current view.
* mitmproxy console: switch palettes on the fly from the options screen.
* mitmproxy console: A cookie editor has been added for mitmproxy console
at long last.
* mitmproxy console: Various components of requests and responses can be
copied to the clipboard from mitmproxy - thanks to @marceloglezer.
* Support for creating new requests from scratch in mitmproxy console (@marceloglezer).
* SSLKEYLOGFILE environment variable to specify a logging location for TLS
master keys. This can be used with tools like Wireshark to allow TLS
decoding.
* Server facing SSL cipher suite specification (thanks to Jim Shaver).
* Official support for transparent proxying on FreeBSD - thanks to Mike C
(http://github.com/mike-pt).
* Many other small bugfixes and improvemenets throughout the project.
29 Dec 2014: mitmproxy 0.11.2:
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
.mitmproxy directory.
* Better handling of servers that reject connections that are not SNI.
* Many other small bugfixes and improvements.
15 November 2014: mitmproxy 0.11.1:
* Bug fixes: connection leaks some crashes
7 November 2014: mitmproxy 0.11:
* Performance improvements for mitmproxy console
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
* Data streaming for response bodies exceeding a threshold
(bradpeabody@gmail.com)
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
untouched
* Finer-grained control of traffic replay, including options to ignore
contents or parameters when matching flows (marcelo.glezer@gmail.com)
* Pass arguments to inline scripts
* Configurable size limit on HTTP request and response bodies
* Per-domain specification of interception certificates and keys (see
--cert option)
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
--cert-forward)
* Search and highlighting for HTTP request and response bodies in
mitmproxy console (pedro@worcel.com)
* Transparent proxy support on Windows
* Improved error messages and logging
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
* Content view mode for WBXML (davidshaw835@air-watch.com)
* Better documentation, with a new section on proxy modes
* Generic TCP proxy mode
* Countless bugfixes and other small improvements
28 January 2014: mitmproxy 0.10:
* Support for multiple scripts and multiple script arguments
* Easy certificate install through the in-proxy web app, which is now
enabled by default
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
* Reverse proxy now works with SSL
* Search within a request/response using the "/" and "n" shortcut keys
* A view that beatifies CSS files if cssutils is available
* Bug fix, documentation improvements, and more.
25 August 2013: mitmproxy 0.9.2:
* Improvements to the mitmproxywrapper.py helper script for OSX.
* Don't take minor version into account when checking for serialized file
compatibility.
* Fix a bug causing resource exhaustion under some circumstances for SSL
connections.
* Revamp the way we store interception certificates. We used to store these
on disk, they're now in-memory. This fixes a race condition related to
cert handling, and improves compatibility with Windows, where the rules
governing permitted file names are weird, resulting in errors for some
valid IDNA-encoded names.
* Display transfer rates for responses in the flow list.
* Many other small bugfixes and improvements.
16 June 2013: mitmproxy 0.9.1:
* Use "correct" case for Content-Type headers added by mitmproxy.
* Make UTF environment detection more robust.
* Improved MIME-type detection for viewers.
* Always read files in binary mode (Windows compatibility fix).
* Some developer documentation.
15 May 2013: mitmproxy 0.9:
* Upstream certs mode is now the default.
* Add a WSGI container that lets you host in-proxy web applications.
* Full transparent proxy support for Linux and OSX.
* Introduce netlib, a common codebase for mitmproxy and pathod
(http://github.com/cortesi/netlib).
* Full support for SNI.
* Color palettes for mitmproxy, tailored for light and dark terminal
backgrounds.
* Stream flows to file as responses arrive with the "W" shortcut in
mitmproxy.
* Extend the filter language, including ~d domain match operator, ~a to
match asset flows (js, images, css).
* Follow mode in mitmproxy ("F" shortcut) to "tail" flows as they arrive.
* --dummy-certs option to specify and preserve the dummy certificate
directory.
* Server replay from the current captured buffer.
* Huge improvements in content views. We now have viewers for AMF, HTML,
JSON, Javascript, images, XML, URL-encoded forms, as well as hexadecimal
and raw views.
* Add Set Headers, analagous to replacement hooks. Defines headers that are set
on flows, based on a matching pattern.
* A graphical editor for path components in mitmproxy.
* A small set of standard user-agent strings, which can be used easily in
the header editor.
* Proxy authentication to limit access to mitmproxy
5 April 2012: mitmproxy 0.8:
* Detailed tutorial for Android interception. Some features that land in
this release have finally made reliable Android interception possible.
* Upstream-cert mode, which uses information from the upstream server to
generate interception certificates.
* Replacement patterns that let you easily do global replacements in flows
matching filter patterns. Can be specified on the command-line, or edited
interactively.
* Much more sophisticated and usable pretty printing of request bodies.
Support for auto-indentation of Javascript, inspection of image EXIF
data, and more.
* Details view for flows, showing connection and SSL cert information (X
keyboard shortcut).
* Server certificates are now stored and serialized in saved traffic for
later analysis. This means that the 0.8 serialization format is NOT
compatible with 0.7.
* Many other improvements, including bugfixes, and expanded scripting API,
and more sophisticated certificate handling.
20 February 2012: mitmproxy 0.7:
* New built-in key/value editor. This lets you interactively edit URL query
strings, headers and URL-encoded form data.
* Extend script API to allow duplication and replay of flows.
* API for easy manipulation of URL-encoded forms and query strings.
* Add "D" shortcut in mitmproxy to duplicate a flow.
* Reverse proxy mode. In this mode mitmproxy acts as an HTTP server,
forwarding all traffic to a specified upstream server.
* UI improvements - use unicode characters to make GUI more compact,
improve spacing and layout throughout.
* Add support for filtering by HTTP method.
* Add the ability to specify an HTTP body size limit.
* Move to typed netstrings for serialization format - this makes 0.7
backwards-incompatible with serialized data from 0.6!
* Significant improvements in speed and responsiveness of UI.
* Many minor bugfixes and improvements.
7 August 2011: mitmproxy 0.6:
* New scripting API that allows much more flexible and fine-grained
rewriting of traffic. See the docs for more info.
* Support for gzip and deflate content encodings. A new "z"
keybinding in mitmproxy to let us quickly encode and decode content, plus
automatic decoding for the "pretty" view mode.
* An event log, viewable with the "v" shortcut in mitmproxy, and the
"-e" command-line flag in mitmdump.
* Huge performance improvements: mitmproxy interface, loading
large numbers of flows from file.
* A new "replace" convenience method for all flow objects, that does a
universal regex-based string replacement.
* Header management has been rewritten to maintain both case and order.
* Improved stability for SSL interception.
* Default expiry time on generated SSL certs has been dropped to avoid an
OpenSSL overflow bug that caused certificates to expire in the distant
past on some systems.
* A "pretty" view mode for JSON and form submission data.
* Expanded documentation and examples.
* Countless other small improvements and bugfixes.
27 June 2011: mitmproxy 0.5:
* An -n option to start the tools without binding to a proxy port.
* Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
save files.
* Regularize command-line options for mitmproxy and mitmdump.
* Add an "SSL exception" to mitmproxy's license to remove possible
distribution issues.
* Add a --cert-wait-time option to make mitmproxy pause after a new SSL
certificate is generated. This can pave over small discrepancies in
system time between the client and server.
* Handle viewing big request and response bodies more elegantly. Only
render the first 100k of large documents, and try to avoid running the
XML indenter on non-XML data.
* BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
flow has been replayed.
* BUGFIX: Repair a problem that sometimes caused SSL connections to consume
100% of CPU.
30 March 2011: mitmproxy 0.4
* Full serialization of HTTP conversations
* Client and server replay
* On-the-fly generation of dummy SSL certificates
* mitmdump has "grown up" into a powerful tcpdump-like tool for HTTP/S
* Dozens of improvements to the mitmproxy console interface
* Python scripting hooks for programmatic modification of traffic
1 March 2010: mitmproxy 0.2
* Big speed and responsiveness improvements, thanks to Thomas Roth
* Support urwid 0.9.9
* Terminal beeping based on filter expressions
* Filter expressions for terminal beeps, limits, interceptions and sticky
cookies can now be passed on the command line.
* Save requests and responses to file
* Split off non-interactive dump functionality into a new tool called
mitmdump
* "A" will now accept all intercepted connections
* Lots of bugfixes