Add upstream proxy authentication

4 files changed, 22 insertions, 1 deletions

diff --git a/mitmproxy/cmdline.py b/mitmproxy/cmdline.py
index 3e9fa011..e6f0bc20 100644
--- a/mitmproxy/cmdline.py
+++ b/mitmproxy/cmdline.py
@@ -370,6 +370,14 @@ def proxy_options(parser):
             If your OpenSSL version supports ALPN, HTTP/2 is enabled by default.
         """
     )
+    parser.add_argument(
+        "--upstream-auth",
+        action="store", dest="upstream_auth", default=None,
+        help="""
+            Proxy Authentication:
+            username:password
+        """
+    )
     rawtcp = group.add_mutually_exclusive_group()
     rawtcp.add_argument("--raw-tcp", action="store_true", dest="rawtcp")
     rawtcp.add_argument("--no-raw-tcp", action="store_false", dest="rawtcp",
diff --git a/mitmproxy/models/http.py b/mitmproxy/models/http.py
index 394fe51a..5d79306b 100644
--- a/mitmproxy/models/http.py
+++ b/mitmproxy/models/http.py
@@ -2,6 +2,7 @@ from __future__ import (absolute_import, print_function, division)
 import Cookie
 import copy
 import warnings
+import base64
 from email.utils import parsedate_tz, formatdate, mktime_tz
 import time
 
@@ -192,6 +193,10 @@ class HTTPRequest(MessageMixin, Request):
     def __hash__(self):
         return id(self)
 
+    def set_auth(self, auth):
+        auth_str = "Basic" + " " + base64.b64encode(auth)
+        self.data.headers.set_all("Proxy-Authorization", (auth_str,))
+
     def replace(self, pattern, repl, *args, **kwargs):
         """
             Replaces a regular expression pattern with repl in the headers, the
diff --git a/mitmproxy/protocol/http.py b/mitmproxy/protocol/http.py
index 13d7903b..81e59fbb 100644
--- a/mitmproxy/protocol/http.py
+++ b/mitmproxy/protocol/http.py
@@ -179,6 +179,9 @@ class HttpLayer(Layer):
             try:
                 flow = HTTPFlow(self.client_conn, self.server_conn, live=self)
                 flow.request = request
+                # set upstream auth
+                if self.mode == "upstream" and self.config.upstream_auth is not None:
+                    flow.request.set_auth(self.config.upstream_auth)
                 self.process_request_hook(flow)
 
                 if not flow.response:
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py
index 490cf20c..149d4710 100644
--- a/mitmproxy/proxy/config.py
+++ b/mitmproxy/proxy/config.py
@@ -53,6 +53,7 @@ class ProxyConfig:
             body_size_limit=None,
             mode="regular",
             upstream_server=None,
+            upstream_auth = None,
             authenticator=None,
             ignore_hosts=tuple(),
             tcp_hosts=tuple(),
@@ -77,8 +78,10 @@ class ProxyConfig:
         self.mode = mode
         if upstream_server:
             self.upstream_server = ServerSpec(upstream_server[0], Address.wrap(upstream_server[1]))
+            self.upstream_auth = upstream_auth
         else:
             self.upstream_server = None
+            self.upstream_auth = None
 
         self.check_ignore = HostMatcher(ignore_hosts)
         self.check_tcp = HostMatcher(tcp_hosts)
@@ -110,7 +113,7 @@ def process_proxy_options(parser, options):
     body_size_limit = utils.parse_size(options.body_size_limit)
 
     c = 0
-    mode, upstream_server = "regular", None
+    mode, upstream_server, upstream_auth  = "regular", None, None
     if options.transparent_proxy:
         c += 1
         if not platform.resolver:
@@ -127,6 +130,7 @@ def process_proxy_options(parser, options):
         c += 1
         mode = "upstream"
         upstream_server = options.upstream_proxy
+        upstream_auth = options.upstream_auth
     if c > 1:
         return parser.error(
             "Transparent, SOCKS5, reverse and upstream proxy mode "
@@ -189,6 +193,7 @@ def process_proxy_options(parser, options):
         body_size_limit=body_size_limit,
         mode=mode,
         upstream_server=upstream_server,
+        upstream_auth=upstream_auth,
         ignore_hosts=options.ignore_hosts,
         tcp_hosts=options.tcp_hosts,
         http2=options.http2,