diff options
| author | smill <smill@cuckoo.sh> | 2016-09-04 01:30:27 +0000 |
|---|---|---|
| committer | smill <smill@cuckoo.sh> | 2016-09-04 01:30:27 +0000 |
| commit | fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d (patch) | |
| tree | b064696ab20a9f831c02e342b8ed02a2d8c93b15 | |
| parent | 377921fa99e5c602ff04ed412be76072abc1d1c0 (diff) | |
| download | mitmproxy-fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d.tar.gz mitmproxy-fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d.tar.bz2 mitmproxy-fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d.zip | |
Improved error-handling / supplemented documention.
| -rw-r--r-- | docs/transparent.rst | 16 | ||||
| -rw-r--r-- | examples/mitmproxy_shim.c (renamed from mitmproxy/contrib/mitmproxy_shim.c) | 0 | ||||
| -rw-r--r-- | mitmproxy/cmdline.py | 2 | ||||
| -rw-r--r-- | mitmproxy/protocol/base.py | 13 | ||||
| -rw-r--r-- | netlib/exceptions.py | 3 | ||||
| -rw-r--r-- | netlib/tcp.py | 8 |
6 files changed, 33 insertions, 9 deletions
diff --git a/docs/transparent.rst b/docs/transparent.rst index eb77c76c..dc41f40f 100644 --- a/docs/transparent.rst +++ b/docs/transparent.rst @@ -1,5 +1,6 @@ .. _transparent: +==================== Transparent Proxying ==================== @@ -20,5 +21,20 @@ destination of the TCP connection. At the moment, mitmproxy supports transparent proxying on OSX Lion and above, and all current flavors of Linux. +Fully transparent mode +======= +By default mitmproxy will use its own local ip address for its server-side connections. +In case this isn't desired, the --spoof-source-address argument can be used to +use the client's ip address for server-side connections. + +This mode does require root privileges though. There's a wrapper in the examples directory +called 'mitmproxy_shim.c', which will enable you to use this mode with dropped priviliges. +It can be used as follows: + +gcc examples/mitmproxy_shim.c -o mitmproxy_shim -lcap +sudo chown root:root mitmproxy_shim +sudo chmod u+s mitmproxy_shim +./mitmproxy_shim $(which mitmproxy) -T --spoof-source-address + .. _iptables: http://www.netfilter.org/ .. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\) diff --git a/mitmproxy/contrib/mitmproxy_shim.c b/examples/mitmproxy_shim.c index 9688bb41..9688bb41 100644 --- a/mitmproxy/contrib/mitmproxy_shim.c +++ b/examples/mitmproxy_shim.c diff --git a/mitmproxy/cmdline.py b/mitmproxy/cmdline.py index 2191cd95..09866f5b 100644 --- a/mitmproxy/cmdline.py +++ b/mitmproxy/cmdline.py @@ -478,7 +478,7 @@ def proxy_options(parser): group.add_argument( "--spoof-source-address", action="store_true", dest="spoof_source_address", - help="Use client's IP for the server-side connection" + help="Use the client's IP for server-side connections" ) def proxy_ssl_options(parser): diff --git a/mitmproxy/protocol/base.py b/mitmproxy/protocol/base.py index eed0b292..206999ef 100644 --- a/mitmproxy/protocol/base.py +++ b/mitmproxy/protocol/base.py @@ -117,9 +117,11 @@ class ServerConnectionMixin(object): self.server_conn = None if self.config.options.spoof_source_address: - self.server_conn = models.ServerConnection(server_address, (self.ctx.client_conn.address.host, 0), True) + self.server_conn = models.ServerConnection( + server_address, (self.ctx.client_conn.address.host, 0), True) else: - self.server_conn = models.ServerConnection(server_address, (self.config.options.listen_host, 0)) + self.server_conn = models.ServerConnection( + server_address, (self.config.options.listen_host, 0)) self.__check_self_connect() @@ -162,10 +164,11 @@ class ServerConnectionMixin(object): self.channel.tell("serverdisconnect", self.server_conn) if self.config.options.spoof_source_address: - self.server_conn = models.ServerConnection(address, (self.ctx.client_conn.address.host, 0), True) + self.server_conn = models.ServerConnection( + address, (self.ctx.client_conn.address.host, 0), True) else: - self.server_conn = models.ServerConnection(address, (self.server_conn.source_address.host, 0)) - + self.server_conn = models.ServerConnection( + address, (self.server_conn.source_address.host, 0)) def connect(self): """ diff --git a/netlib/exceptions.py b/netlib/exceptions.py index dec79c22..795926f1 100644 --- a/netlib/exceptions.py +++ b/netlib/exceptions.py @@ -58,3 +58,6 @@ class InvalidCertificateException(TlsException): class Timeout(TcpException): pass + +class ProtocolException(NetlibException): + pass diff --git a/netlib/tcp.py b/netlib/tcp.py index aaea9459..37460743 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -731,10 +731,11 @@ class TCPClient(_Connection): try: connection = socket.socket(self.address.family, socket.SOCK_STREAM) if self.spoof_source_address: - if os.geteuid() != 0: - raise RuntimeError("Insufficient privileges to set socket option") - else: + try: connection.setsockopt(socket.SOL_IP, 19, 1) + except socket.error as e: + raise exceptions.ProtocolException( + "Failed to spoof the source address: " + e.strerror) if self.source_address: connection.bind(self.source_address()) connection.connect(self.address()) @@ -874,6 +875,7 @@ class BaseHandler(_Connection): class Counter: + def __init__(self): self._count = 0 self._lock = threading.Lock() |