diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2014-12-01 03:04:48 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2014-12-01 03:04:48 +0100 |
| commit | 5b1fefee9bf8564b32a1137975cb181d54ef6dff (patch) | |
| tree | 3ee810b15c545eb297aaf2158f8c092a0f91d974 | |
| parent | 992536c2bc0afa5da81e82cfcd8953663559ff59 (diff) | |
| download | mitmproxy-5b1fefee9bf8564b32a1137975cb181d54ef6dff.tar.gz mitmproxy-5b1fefee9bf8564b32a1137975cb181d54ef6dff.tar.bz2 mitmproxy-5b1fefee9bf8564b32a1137975cb181d54ef6dff.zip | |
add inline script example for websocket passthrough, fix #340
| -rw-r--r-- | examples/ignore_websocket.py | 27 | ||||
| -rw-r--r-- | libmproxy/protocol/http.py | 6 |
2 files changed, 33 insertions, 0 deletions
diff --git a/examples/ignore_websocket.py b/examples/ignore_websocket.py new file mode 100644 index 00000000..1ee81d38 --- /dev/null +++ b/examples/ignore_websocket.py @@ -0,0 +1,27 @@ +# This script makes mitmproxy switch to passthrough mode for all HTTP +# responses with "Connection: Upgrade" header. This is useful to make +# WebSockets work in untrusted environments. +# +# Note: Chrome (and possibly other browsers), when explicitly configured +# to use a proxy (i.e. mitmproxy's regular mode), send a CONNECT request +# to the proxy before they initiate the websocket connection. +# To make WebSockets work in these cases, supply +# `--ignore :80$` as an additional parameter. +# (see http://mitmproxy.org/doc/features/passthrough.html) + +from libmproxy.protocol.http import HTTPRequest +from libmproxy.protocol.tcp import TCPHandler +from libmproxy.protocol import KILL +from libmproxy.script import concurrent + +HTTPRequest._headers_to_strip_off.remove("Connection") +HTTPRequest._headers_to_strip_off.remove("Upgrade") + +@concurrent +def response(context, flow): + if flow.response.headers.get_first("Connection", None) == "Upgrade": + # We need to send the response manually now... + flow.client_conn.send(flow.response.assemble()) + # ...and then delegate to tcp passthrough. + TCPHandler(flow.live.c, log=False).handle_messages() + flow.reply(KILL)
\ No newline at end of file diff --git a/libmproxy/protocol/http.py b/libmproxy/protocol/http.py index 89af85b0..87af8e6d 100644 --- a/libmproxy/protocol/http.py +++ b/libmproxy/protocol/http.py @@ -1401,6 +1401,12 @@ class HTTPHandler(ProtocolHandler): # In practice, nobody issues a CONNECT request to send unencrypted HTTP requests afterwards. # If we don't delegate to TCP mode, we should always negotiate a SSL connection. + # + # FIXME: + # Turns out the previous statement isn't entirely true. Chrome on Windows CONNECTs to :80 + # if an explicit proxy is configured and a websocket connection should be established. + # We don't support websocket at the moment, so it fails anyway, but we should come up with + # a better solution to this if we start to support WebSockets. should_establish_ssl = ( address.port in self.c.config.ssl_ports or |