Add connection cipher info to pathod server log

author: Aldo Cortesi <aldo@nullcube.com> 2014-03-02 22:10:49 +1300
committer: Aldo Cortesi <aldo@nullcube.com> 2014-03-02 22:10:49 +1300
commit: 944f213ebca3bb70e0dc920d7095ae888cee2c8c (patch)
tree: 9be58d004128ce79db2bb950cb7b9411e58da1ab
parent: 602e400cccd10b7a790c7d353d508fe36f560f60 (diff)
download: mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.tar.gz
mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.tar.bz2
mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.zip
2 files changed, 30 insertions, 20 deletions
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index 0e3cca59..9730834a 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -53,7 +53,7 @@ class PathodHandler(tcp.BaseHandler):
     def handle_sni(self, connection):
         self.sni = connection.get_servername()
 
-    def serve_crafted(self, crafted, request_log):
+    def serve_crafted(self, crafted):
         c = self.server.check_policy(crafted, self.server.request_settings)
         if c:
             err = language.make_error_response(c)
@@ -68,14 +68,9 @@ class PathodHandler(tcp.BaseHandler):
             crafted = crafted.freeze(self.server.request_settings, None)
             self.info(">> Spec: %s"%crafted.spec())
         response_log = language.serve(crafted, self.wfile, self.server.request_settings, None)
-        log = dict(
-                type = "crafted",
-                request=request_log,
-                response=response_log
-            )
         if response_log["disconnect"]:
-            return False, log
-        return True, log
+            return False, response_log
+        return True, response_log
 
     def handle_request(self):
         """
@@ -141,15 +136,21 @@ class PathodHandler(tcp.BaseHandler):
                 keyinfo = self.clientcert.keyinfo,
             )
 
-        request_log = dict(
-            path = path,
-            method = method,
-            headers = headers.lst,
-            httpversion = httpversion,
-            sni = self.sni,
-            remote_address = self.address(),
-            clientcert = clientcert
+        retlog = dict(
+            type = "crafted",
+            request = dict(
+                path = path,
+                method = method,
+                headers = headers.lst,
+                httpversion = httpversion,
+                sni = self.sni,
+                remote_address = self.address(),
+                clientcert = clientcert,
+            ),
+            cipher = None,
         )
+        if self.ssl_established:
+            retlog["cipher"] = self.get_current_cipher()
 
         try:
             content = http.read_http_body(
@@ -164,7 +165,8 @@ class PathodHandler(tcp.BaseHandler):
             if i[0].match(path):
                 self.info("crafting anchor: %s"%path)
                 aresp = language.parse_response(self.server.request_settings, i[1])
-                return self.serve_crafted(aresp, request_log)
+                again, retlog["response"] = self.serve_crafted(aresp)
+                return again, retlog
 
         if not self.server.nocraft and path.startswith(self.server.craftanchor):
             spec = urllib.unquote(path)[len(self.server.craftanchor):]
@@ -177,7 +179,8 @@ class PathodHandler(tcp.BaseHandler):
                         "Parse Error",
                         "Error parsing response spec: %s\n"%v.msg + v.marked()
                     )
-            return self.serve_crafted(crafted, request_log)
+            again, retlog["response"] = self.serve_crafted(crafted)
+            return again, retlog
         elif self.server.noweb:
             crafted = language.make_error_response("Access Denied")
             language.serve(crafted, self.wfile, self.server.request_settings)
diff --git a/test/test_pathod.py b/test/test_pathod.py
index c98e1408..1ab33095 100644
--- a/test/test_pathod.py
+++ b/test/test_pathod.py
@@ -94,7 +94,7 @@ class TestNohang(tutils.DaemonTests):
         r = self.get("200:p0,0")
         assert r.status_code == 800
         l = self.d.last_log()
-        assert "Pauses have been disabled" in l["msg"]
+        assert "Pauses have been disabled" in l["response"]["msg"]
 
 
 class TestHexdump(tutils.DaemonTests):
@@ -113,7 +113,7 @@ class CommonTests(tutils.DaemonTests):
         r = self.get("200:b@1g")
         assert r.status_code == 800
         l = self.d.last_log()
-        assert "too large" in l["msg"]
+        assert "too large" in l["response"]["msg"]
 
     def test_preline(self):
         r = self.pathoc(r"get:'/p/200':i0,'\r\n'")
@@ -219,3 +219,10 @@ class TestDaemonSSL(CommonTests):
         assert l["type"] == "error"
         assert "SSL" in l["msg"]
 
+    def test_ssl_cipher(self):
+        r = self.pathoc(r"get:/p/202")
+        assert r.status_code == 202
+        assert self.d.last_log()["cipher"][1] > 0
+
+
+
author	Aldo Cortesi <aldo@nullcube.com>	2014-03-02 22:10:49 +1300
committer	Aldo Cortesi <aldo@nullcube.com>	2014-03-02 22:10:49 +1300
commit	944f213ebca3bb70e0dc920d7095ae888cee2c8c (patch)
tree	9be58d004128ce79db2bb950cb7b9411e58da1ab
parent	602e400cccd10b7a790c7d353d508fe36f560f60 (diff)
download	mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.tar.gz mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.tar.bz2 mitmproxy-944f213ebca3bb70e0dc920d7095ae888cee2c8c.zip