diff options
-rw-r--r-- | examples/complex/dns_spoofing.py | 51 | ||||
-rw-r--r-- | test/mitmproxy/test_examples.py | 22 |
2 files changed, 54 insertions, 19 deletions
diff --git a/examples/complex/dns_spoofing.py b/examples/complex/dns_spoofing.py index c020047f..1fb59f74 100644 --- a/examples/complex/dns_spoofing.py +++ b/examples/complex/dns_spoofing.py @@ -28,22 +28,35 @@ import re parse_host_header = re.compile(r"^(?P<host>[^:]+|\[.+\])(?::(?P<port>\d+))?$") -def request(flow): - if flow.client_conn.ssl_established: - flow.request.scheme = "https" - sni = flow.client_conn.connection.get_servername() - port = 443 - else: - flow.request.scheme = "http" - sni = None - port = 80 - - host_header = flow.request.pretty_host - m = parse_host_header.match(host_header) - if m: - host_header = m.group("host").strip("[]") - if m.group("port"): - port = int(m.group("port")) - - flow.request.host = sni or host_header - flow.request.port = port +class Rerouter: + def requestheaders(self, flow): + """ + The original host header is retrieved early + before flow.request is replaced by mitmproxy new outgoing request + """ + flow.metadata["original_host"] = flow.request.headers["Host"] + + def request(self, flow): + if flow.client_conn.ssl_established: + flow.request.scheme = "https" + sni = flow.client_conn.connection.get_servername() + port = 443 + else: + flow.request.scheme = "http" + sni = None + port = 80 + + host_header = flow.metadata["original_host"] + m = parse_host_header.match(host_header) + if m: + host_header = m.group("host").strip("[]") + if m.group("port"): + port = int(m.group("port")) + + flow.request.headers["Host"] = host_header + flow.request.host = sni or host_header + flow.request.port = port + + +def start(): + return Rerouter() diff --git a/test/mitmproxy/test_examples.py b/test/mitmproxy/test_examples.py index 3930e8df..e32323a6 100644 --- a/test/mitmproxy/test_examples.py +++ b/test/mitmproxy/test_examples.py @@ -103,6 +103,28 @@ class TestScripts(mastertest.MasterTest): m.request(f) assert f.response.content == b"Hello World" + def test_dns_spoofing(self): + m, sc = tscript("complex/dns_spoofing.py") + original_host = "example.com" + + host_header = Headers(host=original_host) + f = tflow.tflow(req=tutils.treq(headers=host_header, port=80)) + + m.requestheaders(f) + + # Rewrite by reverse proxy mode + f.request.scheme = "https" + f.request.host = "mitmproxy.org" + f.request.port = 443 + + m.request(f) + + assert f.request.scheme == "http" + assert f.request.host == original_host + assert f.request.port == 80 + + assert f.request.headers["Host"] == original_host + class TestHARDump: |