diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2016-11-21 02:16:20 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2016-11-21 02:28:10 +0100 |
| commit | 9af8f4bb31c94a25780a4189bffa406906249626 (patch) | |
| tree | cf52f1c312b7bac3d83d796d6b03bb33b4556f26 /examples/sslstrip.py | |
| parent | f74e561524d04c93cd7953f34e78ebe67eaa58a8 (diff) | |
| download | mitmproxy-9af8f4bb31c94a25780a4189bffa406906249626.tar.gz mitmproxy-9af8f4bb31c94a25780a4189bffa406906249626.tar.bz2 mitmproxy-9af8f4bb31c94a25780a4189bffa406906249626.zip | |
organize examples
This commit is largely based on work by Thiago Arrais (@thiagoarrais)
and Shane Bradfield (@l33tLumberjack). I wasn't really able to get their
PR reasonably merged onto the latest master, so I reapplied their changes
manually here and did some further improvements on that.
Diffstat (limited to 'examples/sslstrip.py')
| -rw-r--r-- | examples/sslstrip.py | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/examples/sslstrip.py b/examples/sslstrip.py deleted file mode 100644 index 9a090c0c..00000000 --- a/examples/sslstrip.py +++ /dev/null @@ -1,53 +0,0 @@ -import re -import urllib - -# set of SSL/TLS capable hosts -secure_hosts = set() - - -def request(flow): - flow.request.headers.pop('If-Modified-Since', None) - flow.request.headers.pop('Cache-Control', None) - - # do not force https redirection - flow.request.headers.pop('Upgrade-Insecure-Requests', None) - - # proxy connections to SSL-enabled hosts - if flow.request.pretty_host in secure_hosts: - flow.request.scheme = 'https' - flow.request.port = 443 - - # We need to update the request destination to whatever is specified in the host header: - # Having no TLS Server Name Indication from the client and just an IP address as request.host - # in transparent mode, TLS server name certificate validation would fail. - flow.request.host = flow.request.pretty_host - - -def response(flow): - flow.response.headers.pop('Strict-Transport-Security', None) - flow.response.headers.pop('Public-Key-Pins', None) - - # strip links in response body - flow.response.content = flow.response.content.replace('https://', 'http://') - - # strip meta tag upgrade-insecure-requests in response body - csp_meta_tag_pattern = b'<meta.*http-equiv=["\']Content-Security-Policy[\'"].*upgrade-insecure-requests.*?>' - flow.response.content = re.sub(csp_meta_tag_pattern, b'', flow.response.content, flags=re.IGNORECASE) - - # strip links in 'Location' header - if flow.response.headers.get('Location', '').startswith('https://'): - location = flow.response.headers['Location'] - hostname = urllib.parse.urlparse(location).hostname - if hostname: - secure_hosts.add(hostname) - flow.response.headers['Location'] = location.replace('https://', 'http://', 1) - - # strip upgrade-insecure-requests in Content-Security-Policy header - if re.search('upgrade-insecure-requests', flow.response.headers.get('Content-Security-Policy', ''), flags=re.IGNORECASE): - csp = flow.response.headers['Content-Security-Policy'] - flow.response.headers['Content-Security-Policy'] = re.sub('upgrade-insecure-requests[;\s]*', '', csp, flags=re.IGNORECASE) - - # strip secure flag from 'Set-Cookie' headers - cookies = flow.response.headers.get_all('Set-Cookie') - cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies] - flow.response.headers.set_all('Set-Cookie', cookies) |