Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 08:11:00 +00:00
Code Issues Projects Releases Wiki Activity
594 Commits 1 Branch 67 Tags 50 MiB
Python 83.2%
TypeScript 10.2%
JavaScript 5.1%
Less 0.7%
HTML 0.4%
Other 0.3%
5af9df326a
Go to file
Maximilian Hils 5af9df326a fix certificate verification 
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:

 1. Exactly mirror the host names presented by the server in the
    spoofed certificate presented to the client.
 2. Require the client to send the TLS Server Name Indication
    extension. While this does not work with older clients,
    we can validate the hostname on the proxy.

Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
netlib fix certificate verification 2015-11-01 18:15:30 +01:00
test fix certificate verification 2015-11-01 18:15:30 +01:00
tools cleanup code with autopep8 2015-05-27 11:19:11 +02:00
.appveyor.yml update appveyor 2015-09-21 01:13:59 +02:00
.coveragerc always use py.test 2015-09-21 01:08:19 +02:00
.env update .env 2015-09-01 18:58:18 +02:00
.gitignore python3++ 2015-09-20 19:40:09 +02:00
.landscape.yml synchronize metadata files across projects 2015-06-26 23:43:08 +02:00
.travis.yml always use py.test 2015-09-21 01:08:19 +02:00
check_coding_style.sh improve meta code 2015-06-15 11:58:24 +02:00
LICENSE Add an explicit license file. 2014-02-26 10:09:36 +13:00
MANIFEST.in distutils -> setuptools 2014-10-01 23:22:53 +02:00
README.mkd remove implementation badge 2015-06-18 11:33:43 +02:00
requirements.txt remove pathod as dependency 2015-09-13 14:33:45 +02:00
setup.py fix certificate verification 2015-11-01 18:15:30 +01:00

README.mkd

Build Status Code Health Coverage Status Downloads Latest Version Supported Python versions

Netlib is a collection of network utility classes, used by the pathod and mitmproxy projects. It differs from other projects in some fundamental respects, because both pathod and mitmproxy often need to violate standards. This means that protocols are implemented as small, well-contained and flexible functions, and are designed to allow misbehaviour when needed.

Requirements

  • Python 2.7.x or a compatible version of pypy.
  • Third-party packages listed in setup.py

Hacking

If you'd like to work on netlib, check out the instructions in mitmproxy's README.