diff options
author | Maximilian Hils <git@maximilianhils.com> | 2018-01-13 00:43:07 +0100 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2018-01-13 01:49:20 +0100 |
commit | d9e3fcf5ef0c82cba8a28b31f45b01b6c549b203 (patch) | |
tree | 5acb1dea238100935ead56a221c8bac30d92cadd /mitmproxy/connections.py | |
parent | 96a5ed9dff60c245cc74c98e87caf37942cf0ee2 (diff) | |
download | mitmproxy-d9e3fcf5ef0c82cba8a28b31f45b01b6c549b203.tar.gz mitmproxy-d9e3fcf5ef0c82cba8a28b31f45b01b6c549b203.tar.bz2 mitmproxy-d9e3fcf5ef0c82cba8a28b31f45b01b6c549b203.zip |
store ClientHello extensions with client connection
Diffstat (limited to 'mitmproxy/connections.py')
-rw-r--r-- | mitmproxy/connections.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/mitmproxy/connections.py b/mitmproxy/connections.py index d1869157..86565b7b 100644 --- a/mitmproxy/connections.py +++ b/mitmproxy/connections.py @@ -1,11 +1,13 @@ import time import os +import typing import uuid -from mitmproxy import stateobject +from mitmproxy import stateobject, exceptions from mitmproxy import certs from mitmproxy.net import tcp +from mitmproxy.net import tls from mitmproxy.utils import strutils @@ -26,6 +28,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject): cipher_name: The current used cipher alpn_proto_negotiated: The negotiated application protocol tls_version: TLS version + tls_extensions: TLS ClientHello extensions """ def __init__(self, client_connection, address, server): @@ -51,6 +54,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject): self.cipher_name = None self.alpn_proto_negotiated = None self.tls_version = None + self.tls_extensions = None def connected(self): return bool(self.connection) and not self.finished @@ -96,6 +100,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject): cipher_name=str, alpn_proto_negotiated=bytes, tls_version=str, + tls_extensions=typing.List[typing.Tuple[int, bytes]], ) def send(self, message): @@ -125,9 +130,19 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject): cipher_name=None, alpn_proto_negotiated=None, tls_version=None, + tls_extensions=None, )) def convert_to_tls(self, cert, *args, **kwargs): + # Unfortunately OpenSSL provides no way to expose all TLS extensions, so we do this dance + # here and use our Kaitai parser. + try: + client_hello = tls.ClientHello.from_file(self.rfile) + except exceptions.TlsProtocolException: # pragma: no cover + pass # if this fails, we don't want everything to go down. + else: + self.tls_extensions = client_hello.extensions + super().convert_to_tls(cert, *args, **kwargs) self.timestamp_tls_setup = time.time() self.mitmcert = cert |