diff options
Diffstat (limited to 'examples/sslstrip.py')
| -rw-r--r-- | examples/sslstrip.py | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/examples/sslstrip.py b/examples/sslstrip.py index 369427a2..1bc89946 100644 --- a/examples/sslstrip.py +++ b/examples/sslstrip.py @@ -2,39 +2,39 @@ from netlib.http import decoded import re from six.moves import urllib -def start(context, argv) : - #set of SSL/TLS capable hosts +def start(context, argv): + # set of SSL/TLS capable hosts context.secure_hosts = set() -def request(context, flow) : +def request(context, flow): flow.request.headers.pop('If-Modified-Since', None) flow.request.headers.pop('Cache-Control', None) - #proxy connections to SSL-enabled hosts - if flow.request.pretty_host in context.secure_hosts : + # proxy connections to SSL-enabled hosts + if flow.request.pretty_host in context.secure_hosts: flow.request.scheme = 'https' flow.request.port = 443 -def response(context, flow) : - with decoded(flow.response) : +def response(context, flow): + with decoded(flow.response): flow.request.headers.pop('Strict-Transport-Security', None) flow.request.headers.pop('Public-Key-Pins', None) - #strip links in response body + # strip links in response body flow.response.content = flow.response.content.replace('https://', 'http://') - #strip links in 'Location' header - if flow.response.headers.get('Location','').startswith('https://'): + # strip links in 'Location' header + if flow.response.headers.get('Location', '').startswith('https://'): location = flow.response.headers['Location'] hostname = urllib.parse.urlparse(location).hostname if hostname: context.secure_hosts.add(hostname) flow.response.headers['Location'] = location.replace('https://', 'http://', 1) - #strip secure flag from 'Set-Cookie' headers + # strip secure flag from 'Set-Cookie' headers cookies = flow.response.headers.get_all('Set-Cookie') cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies] flow.response.headers.set_all('Set-Cookie', cookies) |