diff options
| author | Pierre Gordon <pierregordon@protonmail.com> | 2019-04-19 12:39:53 -0500 |
|---|---|---|
| committer | Pierre Gordon <pierregordon@protonmail.com> | 2019-04-19 12:39:53 -0500 |
| commit | 8d0c800d15039ff0a880051f4271acf668904e12 (patch) | |
| tree | db51d8bc2f2138aa0ce008e6c4e8c6ce98630da2 /mitmproxy/proxy | |
| parent | 8353f4a55afeec9d30727d91d642e8b8af4040f8 (diff) | |
| download | mitmproxy-8d0c800d15039ff0a880051f4271acf668904e12.tar.gz mitmproxy-8d0c800d15039ff0a880051f4271acf668904e12.tar.bz2 mitmproxy-8d0c800d15039ff0a880051f4271acf668904e12.zip | |
Add --allow_hosts option
Closes #3295
Diffstat (limited to 'mitmproxy/proxy')
| -rw-r--r-- | mitmproxy/proxy/config.py | 25 | ||||
| -rw-r--r-- | mitmproxy/proxy/root_context.py | 12 |
2 files changed, 24 insertions, 13 deletions
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index f32d3086..55969d5e 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -14,7 +14,8 @@ CONF_BASENAME = "mitmproxy" class HostMatcher: - def __init__(self, patterns=tuple()): + def __init__(self, handle, patterns=tuple()): + self.handle = handle self.patterns = list(patterns) self.regexes = [re.compile(p, re.IGNORECASE) for p in self.patterns] @@ -22,8 +23,10 @@ class HostMatcher: if not address: return False host = "%s:%s" % address - if any(rex.search(host) for rex in self.regexes): - return True + if self.handle in ["ignore", "tcp"]: + return any(rex.search(host) for rex in self.regexes) + elif self.handle == "allow": + return any(not rex.search(host) for rex in self.regexes) else: return False @@ -36,7 +39,7 @@ class ProxyConfig: def __init__(self, options: moptions.Options) -> None: self.options = options - self.check_ignore: HostMatcher = None + self.check_filter: HostMatcher = None self.check_tcp: HostMatcher = None self.certstore: certs.CertStore = None self.upstream_server: typing.Optional[server_spec.ServerSpec] = None @@ -44,10 +47,18 @@ class ProxyConfig: options.changed.connect(self.configure) def configure(self, options: moptions.Options, updated: typing.Any) -> None: - if "ignore_hosts" in updated: - self.check_ignore = HostMatcher(options.ignore_hosts) + if options.allow_hosts and options.ignore_hosts: + raise exceptions.OptionsError("--ignore-hosts and --allow-hosts are mutually " + "exclusive; please choose one.") + + if options.ignore_hosts: + self.check_filter = HostMatcher("ignore", options.ignore_hosts) + elif options.allow_hosts: + self.check_filter = HostMatcher("allow", options.allow_hosts) + else: + self.check_filter = HostMatcher(False) if "tcp_hosts" in updated: - self.check_tcp = HostMatcher(options.tcp_hosts) + self.check_tcp = HostMatcher("tcp", options.tcp_hosts) certstore_path = os.path.expanduser(options.confdir) if not os.path.exists(os.path.dirname(certstore_path)): diff --git a/mitmproxy/proxy/root_context.py b/mitmproxy/proxy/root_context.py index eb0008cf..4805f874 100644 --- a/mitmproxy/proxy/root_context.py +++ b/mitmproxy/proxy/root_context.py @@ -48,17 +48,17 @@ class RootContext: raise exceptions.ProtocolException(str(e)) client_tls = tls.is_tls_record_magic(d) - # 1. check for --ignore - if self.config.check_ignore: - ignore = self.config.check_ignore(top_layer.server_conn.address) - if not ignore and client_tls: + # 1. check for filter + if self.config.check_filter: + is_filtered = self.config.check_filter(top_layer.server_conn.address) + if not is_filtered and client_tls: try: client_hello = tls.ClientHello.from_file(self.client_conn.rfile) except exceptions.TlsProtocolException as e: self.log("Cannot parse Client Hello: %s" % repr(e), "error") else: - ignore = self.config.check_ignore((client_hello.sni, 443)) - if ignore: + is_filtered = self.config.check_filter((client_hello.sni, 443)) + if is_filtered: return protocol.RawTCPLayer(top_layer, ignore=True) # 2. Always insert a TLS layer, even if there's neither client nor server tls. |