From c726519e73761e5df3a20a1a92c1655497dd49c0 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 20 Mar 2011 17:31:54 +1300 Subject: Add a stickyauth option. This allows us to replay an HTTP Authorization header, in the same way as we replay cookies using stickycookies. This lets us conveniently get at HTTP Basic Auth protected resources through the proxy, but is not enough to do the same for HTTP Digest auth. We'll put that on the todo list. --- doc-src/sticky.html | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 doc-src/sticky.html (limited to 'doc-src/sticky.html') diff --git a/doc-src/sticky.html b/doc-src/sticky.html new file mode 100644 index 00000000..32ccdd2d --- /dev/null +++ b/doc-src/sticky.html @@ -0,0 +1,24 @@ + +When the __stickycookie__ option is set, __mitmproxy__ will add the cookie most +recently set by the server to any cookie-less request. Consider a service that +sets a cookie to track the session after authentication. Using sticky cookies, +you can fire up mitmproxy, and authenticate to a service as you usually would +using a browser. After authentication, you can request authenticated resources +through mitmproxy as if they were unauthenticated, because mitmproxy will +automatically add the session tracking cookie to requests. Among other things, +this lets you script interactions with authenticated resources (using tools +like wget or curl) without having to worry about authentication. + +Sticky cookies are especially powerful when used in conjunction with [client +replay](@!urlTo("clientreplay.html")!@) - you can record the authentication +process once, and simply replay it on startup every time you need to interact +with the secured resources. + + +## Sticky auth + +The __stickyauth__ option is analagous to the __stickycookie__ option, in that +HTTP __Authorization__ headers are simply replayed to the server once they have +been seen. This is enough to allow you to access a server resource using HTTP +Basic authentication through the proxy. Note that __mitmproxy__ doesn't (yet) +support replay of HTTP Digest authentication. -- cgit v1.2.3