diff options
author | Thomas Kriechbaumer <thomas@kriechbaumer.name> | 2017-01-19 20:55:19 +0100 |
---|---|---|
committer | Thomas Kriechbaumer <thomas@kriechbaumer.name> | 2017-01-23 15:14:56 +0100 |
commit | 006eb39cc562ff3f8b741f9d022503081861827f (patch) | |
tree | 28a9e2d8f994ef5924108085f2e5a0b59432a729 /mitmproxy | |
parent | 86174eb6adfb83de6ba4dfbcff73ee9cb18ac4aa (diff) | |
download | mitmproxy-006eb39cc562ff3f8b741f9d022503081861827f.tar.gz mitmproxy-006eb39cc562ff3f8b741f9d022503081861827f.tar.bz2 mitmproxy-006eb39cc562ff3f8b741f9d022503081861827f.zip |
fix #939
Diffstat (limited to 'mitmproxy')
-rw-r--r-- | mitmproxy/addons/__init__.py | 28 | ||||
-rw-r--r-- | mitmproxy/addons/check_alpn.py | 17 | ||||
-rw-r--r-- | mitmproxy/addons/check_ca.py | 24 | ||||
-rw-r--r-- | mitmproxy/addons/termlog.py | 4 | ||||
-rw-r--r-- | mitmproxy/certs.py | 4 | ||||
-rw-r--r-- | mitmproxy/tools/console/master.py | 12 | ||||
-rw-r--r-- | mitmproxy/tools/dump.py | 18 |
7 files changed, 68 insertions, 39 deletions
diff --git a/mitmproxy/addons/__init__.py b/mitmproxy/addons/__init__.py index 8a2f2974..2e1d1c67 100644 --- a/mitmproxy/addons/__init__.py +++ b/mitmproxy/addons/__init__.py @@ -1,35 +1,39 @@ from mitmproxy.addons import anticache from mitmproxy.addons import anticomp +from mitmproxy.addons import check_alpn +from mitmproxy.addons import check_ca from mitmproxy.addons import clientplayback -from mitmproxy.addons import streamfile +from mitmproxy.addons import disable_h2c_upgrade from mitmproxy.addons import onboarding from mitmproxy.addons import proxyauth from mitmproxy.addons import replace from mitmproxy.addons import script -from mitmproxy.addons import setheaders from mitmproxy.addons import serverplayback +from mitmproxy.addons import setheaders from mitmproxy.addons import stickyauth from mitmproxy.addons import stickycookie from mitmproxy.addons import streambodies +from mitmproxy.addons import streamfile from mitmproxy.addons import upstream_auth -from mitmproxy.addons import disable_h2c_upgrade def default_addons(): return [ - onboarding.Onboarding(), - proxyauth.ProxyAuth(), anticache.AntiCache(), anticomp.AntiComp(), + check_alpn.CheckALPN(), + check_ca.CheckCA(), + clientplayback.ClientPlayback(), + disable_h2c_upgrade.DisableH2CleartextUpgrade(), + onboarding.Onboarding(), + proxyauth.ProxyAuth(), + replace.Replace(), + script.ScriptLoader(), + serverplayback.ServerPlayback(), + setheaders.SetHeaders(), stickyauth.StickyAuth(), stickycookie.StickyCookie(), - script.ScriptLoader(), - streamfile.StreamFile(), streambodies.StreamBodies(), - replace.Replace(), - setheaders.SetHeaders(), - serverplayback.ServerPlayback(), - clientplayback.ClientPlayback(), + streamfile.StreamFile(), upstream_auth.UpstreamAuth(), - disable_h2c_upgrade.DisableH2CleartextUpgrade(), ] diff --git a/mitmproxy/addons/check_alpn.py b/mitmproxy/addons/check_alpn.py new file mode 100644 index 00000000..c288d788 --- /dev/null +++ b/mitmproxy/addons/check_alpn.py @@ -0,0 +1,17 @@ +import mitmproxy +from mitmproxy.net import tcp + + +class CheckALPN: + def __init__(self): + self.failed = False + + def configure(self, options, updated): + self.failed = mitmproxy.ctx.master.options.http2 and not tcp.HAS_ALPN + if self.failed: + mitmproxy.ctx.master.add_log( + "HTTP/2 is disabled because ALPN support missing!\n" + "OpenSSL 1.0.2+ required to support HTTP/2 connections.\n" + "Use --no-http2 to silence this warning.", + "warn", + ) diff --git a/mitmproxy/addons/check_ca.py b/mitmproxy/addons/check_ca.py new file mode 100644 index 00000000..a83ab8e1 --- /dev/null +++ b/mitmproxy/addons/check_ca.py @@ -0,0 +1,24 @@ +import mitmproxy + + +class CheckCA: + def __init__(self): + self.failed = False + + def configure(self, options, updated): + has_ca = ( + mitmproxy.ctx.master.server and + mitmproxy.ctx.master.server.config and + mitmproxy.ctx.master.server.config.certstore and + mitmproxy.ctx.master.server.config.certstore.default_ca + ) + if has_ca: + self.failed = mitmproxy.ctx.master.server.config.certstore.default_ca.has_expired() + if self.failed: + mitmproxy.ctx.master.add_log( + "The mitmproxy certificate authority has expired!\n" + "Please delete all CA-related files in your ~/.mitmproxy folder.\n" + "The CA will be regenerated automatically after restarting mitmproxy.\n" + "Then make sure all your clients have the new CA installed.", + "warn", + ) diff --git a/mitmproxy/addons/termlog.py b/mitmproxy/addons/termlog.py index b75f5f5a..f7739efe 100644 --- a/mitmproxy/addons/termlog.py +++ b/mitmproxy/addons/termlog.py @@ -5,9 +5,9 @@ from mitmproxy import log class TermLog: - def __init__(self, outfile=sys.stdout): + def __init__(self, outfile=None): self.options = None - self.outfile = outfile + self.outfile = outfile or sys.stdout def configure(self, options, updated): self.options = options diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index 4e4eb4d1..4b939c80 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -3,8 +3,8 @@ import ssl import time import datetime import ipaddress - import sys + from pyasn1.type import univ, constraint, char, namedtype, tag from pyasn1.codec.der.decoder import decode from pyasn1.error import PyAsn1Error @@ -13,8 +13,8 @@ import OpenSSL from mitmproxy.types import serializable # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815 - DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3 + # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = b""" -----BEGIN DH PARAMETERS----- diff --git a/mitmproxy/tools/console/master.py b/mitmproxy/tools/console/master.py index 8afdce2c..10f8cbf5 100644 --- a/mitmproxy/tools/console/master.py +++ b/mitmproxy/tools/console/master.py @@ -33,8 +33,6 @@ from mitmproxy.tools.console import statusbar from mitmproxy.tools.console import window from mitmproxy.utils import strutils -from mitmproxy.net import tcp - EVENTLOG_SIZE = 10000 @@ -272,16 +270,6 @@ class ConsoleMaster(master.Master): print("Could not load file: {}".format(ret), file=sys.stderr) sys.exit(1) - self.loop.set_alarm_in(0.01, self.ticker) - if self.options.http2 and not tcp.HAS_ALPN: # pragma: no cover - def http2err(*args, **kwargs): - signals.status_message.send( - message = "HTTP/2 disabled - OpenSSL 1.0.2+ required." - " Use --no-http2 to silence this warning.", - expire=5 - ) - self.loop.set_alarm_in(0.01, http2err) - self.loop.set_alarm_in( 0.0001, lambda *args: self.view_flowlist() diff --git a/mitmproxy/tools/dump.py b/mitmproxy/tools/dump.py index 4e2844a1..e1e40fb0 100644 --- a/mitmproxy/tools/dump.py +++ b/mitmproxy/tools/dump.py @@ -6,7 +6,6 @@ from mitmproxy import addons from mitmproxy import options from mitmproxy import master from mitmproxy.addons import dumper, termlog -from mitmproxy.net import tcp class DumpError(Exception): @@ -30,7 +29,13 @@ class Options(options.Options): class DumpMaster(master.Master): - def __init__(self, options, server, with_termlog=True, with_dumper=True): + def __init__( + self, + options: Options, + server, + with_termlog=True, + with_dumper=True, + ) -> None: master.Master.__init__(self, options, server) self.has_errored = False if with_termlog: @@ -38,8 +43,6 @@ class DumpMaster(master.Master): self.addons.add(*addons.default_addons()) if with_dumper: self.addons.add(dumper.Dumper()) - # This line is just for type hinting - self.options = self.options # type: Options if not self.options.no_server: self.add_log( @@ -47,13 +50,6 @@ class DumpMaster(master.Master): "info" ) - if self.server and self.options.http2 and not tcp.HAS_ALPN: # pragma: no cover - self.add_log( - "ALPN support missing (OpenSSL 1.0.2+ required)!\n" - "HTTP/2 is disabled. Use --no-http2 to silence this warning.", - "error" - ) - if options.rfile: try: self.load_flows_file(options.rfile) |