mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
35 lines
1.6 KiB
HTML
35 lines
1.6 KiB
HTML
|
|
## Sticky cookies
|
|
|
|
- command-line: _-t_ (sticky cookies on all requests)
|
|
- command-line: _-T filt_ (sticky cookies on requests matching filt)
|
|
- mitmproxy shortcut: _t_
|
|
|
|
When the sticky cookie option is set, __mitmproxy__ will add the cookie most
|
|
recently set by the server to any cookie-less request. Consider a service that
|
|
sets a cookie to track the session after authentication. Using sticky cookies,
|
|
you can fire up mitmproxy, and authenticate to a service as you usually would
|
|
using a browser. After authentication, you can request authenticated resources
|
|
through mitmproxy as if they were unauthenticated, because mitmproxy will
|
|
automatically add the session tracking cookie to requests. Among other things,
|
|
this lets you script interactions with authenticated resources (using tools
|
|
like wget or curl) without having to worry about authentication.
|
|
|
|
Sticky cookies are especially powerful when used in conjunction with [client
|
|
replay](@!urlTo("clientreplay.html")!@) - you can record the authentication
|
|
process once, and simply replay it on startup every time you need to interact
|
|
with the secured resources.
|
|
|
|
|
|
## Sticky auth
|
|
|
|
- command-line: _-u_ (sticky auth on all requests)
|
|
- command-line: _-U filt_ (sticky auth on requests matching filt)
|
|
- mitmproxy shortcut: _u_
|
|
|
|
The sticky auth option is analogous to the sticky cookie option, in that HTTP
|
|
__Authorization__ headers are simply replayed to the server once they have been
|
|
seen. This is enough to allow you to access a server resource using HTTP Basic
|
|
authentication through the proxy. Note that __mitmproxy__ doesn't (yet) support
|
|
replay of HTTP Digest authentication.
|