diff options
author | Aldo Cortesi <aldo@nullcube.com> | 2011-03-20 17:31:54 +1300 |
---|---|---|
committer | Aldo Cortesi <aldo@nullcube.com> | 2011-03-20 17:31:54 +1300 |
commit | c726519e73761e5df3a20a1a92c1655497dd49c0 (patch) | |
tree | 4eaf05e205d9613de3aa499f8225e75d28f3d30f /doc-src/sticky.html | |
parent | 4f877cde6a9a6b99c3bf452f2164ab09abc64d50 (diff) | |
download | mitmproxy-c726519e73761e5df3a20a1a92c1655497dd49c0.tar.gz mitmproxy-c726519e73761e5df3a20a1a92c1655497dd49c0.tar.bz2 mitmproxy-c726519e73761e5df3a20a1a92c1655497dd49c0.zip |
Add a stickyauth option.
This allows us to replay an HTTP Authorization header, in the same way as we
replay cookies using stickycookies. This lets us conveniently get at HTTP Basic
Auth protected resources through the proxy, but is not enough to do the same
for HTTP Digest auth. We'll put that on the todo list.
Diffstat (limited to 'doc-src/sticky.html')
-rw-r--r-- | doc-src/sticky.html | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc-src/sticky.html b/doc-src/sticky.html new file mode 100644 index 00000000..32ccdd2d --- /dev/null +++ b/doc-src/sticky.html @@ -0,0 +1,24 @@ + +When the __stickycookie__ option is set, __mitmproxy__ will add the cookie most +recently set by the server to any cookie-less request. Consider a service that +sets a cookie to track the session after authentication. Using sticky cookies, +you can fire up mitmproxy, and authenticate to a service as you usually would +using a browser. After authentication, you can request authenticated resources +through mitmproxy as if they were unauthenticated, because mitmproxy will +automatically add the session tracking cookie to requests. Among other things, +this lets you script interactions with authenticated resources (using tools +like wget or curl) without having to worry about authentication. + +Sticky cookies are especially powerful when used in conjunction with [client +replay](@!urlTo("clientreplay.html")!@) - you can record the authentication +process once, and simply replay it on startup every time you need to interact +with the secured resources. + + +## Sticky auth + +The __stickyauth__ option is analagous to the __stickycookie__ option, in that +HTTP __Authorization__ headers are simply replayed to the server once they have +been seen. This is enough to allow you to access a server resource using HTTP +Basic authentication through the proxy. Note that __mitmproxy__ doesn't (yet) +support replay of HTTP Digest authentication. |