mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2025-01-31 15:28:50 +00:00
c726519e73
This allows us to replay an HTTP Authorization header, in the same way as we replay cookies using stickycookies. This lets us conveniently get at HTTP Basic Auth protected resources through the proxy, but is not enough to do the same for HTTP Digest auth. We'll put that on the todo list.
25 lines
1.3 KiB
HTML
25 lines
1.3 KiB
HTML
|
|
When the __stickycookie__ option is set, __mitmproxy__ will add the cookie most
|
|
recently set by the server to any cookie-less request. Consider a service that
|
|
sets a cookie to track the session after authentication. Using sticky cookies,
|
|
you can fire up mitmproxy, and authenticate to a service as you usually would
|
|
using a browser. After authentication, you can request authenticated resources
|
|
through mitmproxy as if they were unauthenticated, because mitmproxy will
|
|
automatically add the session tracking cookie to requests. Among other things,
|
|
this lets you script interactions with authenticated resources (using tools
|
|
like wget or curl) without having to worry about authentication.
|
|
|
|
Sticky cookies are especially powerful when used in conjunction with [client
|
|
replay](@!urlTo("clientreplay.html")!@) - you can record the authentication
|
|
process once, and simply replay it on startup every time you need to interact
|
|
with the secured resources.
|
|
|
|
|
|
## Sticky auth
|
|
|
|
The __stickyauth__ option is analagous to the __stickycookie__ option, in that
|
|
HTTP __Authorization__ headers are simply replayed to the server once they have
|
|
been seen. This is enough to allow you to access a server resource using HTTP
|
|
Basic authentication through the proxy. Note that __mitmproxy__ doesn't (yet)
|
|
support replay of HTTP Digest authentication.
|