diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/certinstall.rst | 12 | ||||
| -rw-r--r-- | docs/features/passthrough.rst | 10 | ||||
| -rw-r--r-- | docs/features/responsestreaming.rst | 68 | ||||
| -rw-r--r-- | docs/features/streaming.rst | 102 | ||||
| -rw-r--r-- | docs/index.rst | 12 | ||||
| -rw-r--r-- | docs/install.rst | 157 | ||||
| -rw-r--r-- | docs/pathod/intro.rst | 6 | ||||
| -rw-r--r-- | docs/protocols/http1.rst | 15 | ||||
| -rw-r--r-- | docs/protocols/http2.rst | 16 | ||||
| -rw-r--r-- | docs/protocols/tcpproxy.rst (renamed from docs/features/tcpproxy.rst) | 8 | ||||
| -rw-r--r-- | docs/protocols/websocket.rst | 22 | ||||
| -rw-r--r-- | docs/scripting/api.rst | 12 | ||||
| -rw-r--r-- | docs/scripting/events.rst | 6 | ||||
| -rw-r--r-- | docs/transparent/linux.rst | 10 |
14 files changed, 279 insertions, 177 deletions
diff --git a/docs/certinstall.rst b/docs/certinstall.rst index 2594c439..6662e34d 100644 --- a/docs/certinstall.rst +++ b/docs/certinstall.rst @@ -24,10 +24,6 @@ something like this: Click on the relevant icon, follow the setup instructions for the platform you're on and you are good to go. -For iOS version 10.3 or up, you need to make sure ``mitmproxy`` is enabled in -``Certificate Trust Settings``, you can check it by going to -``Settings > General > About > Certificate Trust Settings``. - Installing the mitmproxy CA certificate manually ------------------------------------------------ @@ -39,7 +35,6 @@ documentation for some common platforms. The mitmproxy CA cert is located in ``~/.mitmproxy`` after it has been generated at the first start of mitmproxy. - iOS ^^^ @@ -47,6 +42,11 @@ See http://jasdev.me/intercepting-ios-traffic and https://web.archive.org/web/20150920082614/http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152600377 +On iOS 10.3 and onwards, you also need to enable full trust for the mitmproxy root certificate: + +1. Go to Settings > General > About > Certificate Trust Settings. +2. Under "Enable full trust for root certificates", turn on trust for the mitmproxy certificate. + iOS Simulator ^^^^^^^^^^^^^ @@ -208,4 +208,4 @@ directory and uses this as the client cert. -.. _Certificate Pinning: https://security.stackexchange.com/questions/29988/what-is-certificate-pinning/ +.. _Certificate Pinning: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning diff --git a/docs/features/passthrough.rst b/docs/features/passthrough.rst index d68a49a9..91fcb9b6 100644 --- a/docs/features/passthrough.rst +++ b/docs/features/passthrough.rst @@ -13,10 +13,10 @@ mechanism: away. Note that mitmproxy's "Limit" option is often the better alternative here, as it is not affected by the limitations listed below. -If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcpproxy` +If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcp_proxy` feature. If you want to ignore traffic from mitmproxy's processing because of large response bodies, -take a look at the :ref:`responsestreaming` feature. +take a look at the :ref:`streaming` feature. How it works ------------ @@ -38,7 +38,7 @@ There are two important quirks to consider: - **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the hostname from the Host header if the ``--host`` argument is passed to mitmproxy, we do not have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target. -- **In regular mode, explicit HTTP requests are never ignored.** [#explicithttp]_ The ignore pattern is +- **In regular and upstream proxy mode, explicit HTTP requests are never ignored.** [#explicithttp]_ The ignore pattern is applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections. Tutorial @@ -88,8 +88,8 @@ Here are some other examples for ignore patterns: .. seealso:: - - :ref:`tcpproxy` - - :ref:`responsestreaming` + - :ref:`tcp_proxy` + - :ref:`streaming` - mitmproxy's "Limit" feature .. rubric:: Footnotes diff --git a/docs/features/responsestreaming.rst b/docs/features/responsestreaming.rst deleted file mode 100644 index 6fa93271..00000000 --- a/docs/features/responsestreaming.rst +++ /dev/null @@ -1,68 +0,0 @@ -.. _responsestreaming: - -Response Streaming -================== - -By using mitmproxy's streaming feature, response contents can be passed to the client incrementally -before they have been fully received by the proxy. This is especially useful for large binary files -such as videos, where buffering the whole file slows down the client's browser. - -By default, mitmproxy will read the entire response, perform any indicated -manipulations on it and then send the (possibly modified) response to -the client. In some cases this is undesirable and you may wish to "stream" -the response back to the client. When streaming is enabled, the response is -not buffered on the proxy but directly sent back to the client instead. - -On the command-line -------------------- - -Streaming can be enabled on the command line for all response bodies exceeding a certain size. -The SIZE argument understands k/m/g suffixes, e.g. 3m for 3 megabytes. - -================== ================= -command-line ``--stream SIZE`` -================== ================= - -.. warning:: - - When response streaming is enabled, **streamed response contents will not be - recorded or preserved in any way.** - -.. note:: - - When response streaming is enabled, the response body cannot be modified by the usual means. - -Customizing Response Streaming ------------------------------- - -You can also use a script to customize exactly which responses are streamed. - -Responses that should be tagged for streaming by setting their ``.stream`` -attribute to ``True``: - -.. literalinclude:: ../../examples/complex/stream.py - :caption: examples/complex/stream.py - :language: python - -Implementation Details ----------------------- - -When response streaming is enabled, portions of the code which would have otherwise performed -changes on the response body will see an empty response body. Any modifications will be ignored. - -Streamed responses are usually sent in chunks of 4096 bytes. If the response is sent with a -``Transfer-Encoding: chunked`` header, the response will be streamed one chunk at a time. - -Modifying streamed data ------------------------ - -If the ``.stream`` attribute is callable, ``.stream`` will wrap the generator that yields all -chunks. - -.. literalinclude:: ../../examples/complex/stream_modify.py - :caption: examples/complex/stream_modify.py - :language: python - -.. seealso:: - - - :ref:`passthrough` diff --git a/docs/features/streaming.rst b/docs/features/streaming.rst new file mode 100644 index 00000000..82510843 --- /dev/null +++ b/docs/features/streaming.rst @@ -0,0 +1,102 @@ +.. _streaming: + +HTTP Streaming +============== + +By default, mitmproxy will read the entire request/response, perform any indicated +manipulations on it and then send the (possibly modified) message to +the other party. In some cases this is undesirable and you may wish to "stream" +the request/response. When streaming is enabled, the request/response is +not buffered on the proxy but directly sent to the server/client instead. +HTTP headers are still fully buffered before being sent. + +Request Streaming +----------------- + +Request streaming can be used to incrementally stream a request body to the server +before it has been fully received by the proxy. This is useful for large file uploads. + +Response Streaming +------------------ + +By using mitmproxy's streaming feature, response contents can be passed to the client incrementally +before they have been fully received by the proxy. This is especially useful for large binary files +such as videos, where buffering the whole file slows down the client's browser. + +On the command-line +------------------- + +Streaming can be enabled on the command line for all request and response bodies exceeding a certain size. +The SIZE argument understands k/m/g suffixes, e.g. 3m for 3 megabytes. + +================== ================= +command-line ``--set stream_large_bodies=SIZE`` +================== ================= + +.. warning:: + + When streaming is enabled, **streamed request/response contents will not be + recorded or preserved in any way.** + +.. note:: + + When streaming is enabled, the request/response body cannot be modified by the usual means. + +Customizing Streaming +--------------------- + +You can also use a script to customize exactly which requests or responses are streamed. + +Requests/Responses that should be tagged for streaming by setting their ``.stream`` +attribute to ``True``: + +.. literalinclude:: ../../examples/complex/stream.py + :caption: examples/complex/stream.py + :language: python + +Implementation Details +---------------------- + +When response streaming is enabled, portions of the code which would have otherwise performed +changes on the request/response body will see an empty body. Any modifications will be ignored. + +Streamed bodies are usually sent in chunks of 4096 bytes. If the response is sent with a +``Transfer-Encoding: chunked`` header, the response will be streamed one chunk at a time. + +Modifying streamed data +----------------------- + +If the ``.stream`` attribute is callable, ``.stream`` will wrap the generator that yields all +chunks. + +.. literalinclude:: ../../examples/complex/stream_modify.py + :caption: examples/complex/stream_modify.py + :language: python + +WebSocket Streaming +=================== + +The WebSocket streaming feature can be used to send the frames as soon as they arrive. This can be useful for large binary file transfers. + +On the command-line +------------------- + +Streaming can be enabled on the command line for all WebSocket frames + +================== ================= +command-line ``--set stream_websockets=true`` +================== ================= + +.. note:: + + When Web Socket streaming is enabled, the message payload cannot be modified. + +Implementation Details +---------------------- +When WebSocket streaming is enabled, portions of the code which may perform changes to the WebSocket message payloads will not have +any effect on the actual payload sent to the server as the frames are immediately forwarded to the server. +In contrast to HTTP streaming, where the body is not stored, the message payload will still be stored in the WebSocket Flow. + +.. seealso:: + + - :ref:`passthrough` diff --git a/docs/index.rst b/docs/index.rst index a4e37e71..8dba4d04 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -22,6 +22,15 @@ .. toctree:: :hidden: + :caption: Protocols + + protocols/http1 + protocols/http2 + protocols/websocket + protocols/tcpproxy + +.. toctree:: + :hidden: :caption: Features features/anticache @@ -33,10 +42,9 @@ features/passthrough features/proxyauth features/reverseproxy - features/responsestreaming + features/streaming features/socksproxy features/sticky - features/tcpproxy features/upstreamproxy features/upstreamcerts diff --git a/docs/install.rst b/docs/install.rst index 7753dc44..37bf8f76 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -14,130 +14,125 @@ Once installation is complete, you can run :ref:`mitmproxy`, :ref:`mitmdump` or Installation on macOS --------------------- -You can use Homebrew to install everything: +The recommended way to install mitmproxy on macOS is to use `Homebrew`_: .. code:: bash brew install mitmproxy -Or you can download the pre-built binary packages from our `releases`_. +Alternatively you can download our :ref:`binary-packages` from our `releases`_ +page. -.. _install-windows: - -Installation on Windows ------------------------ - -The recommended way to install mitmproxy on Windows is to use the installer -provided at `mitmproxy.org`_. After installation, you'll find shortcuts for -:ref:`mitmweb` (the web-based interface) and :ref:`mitmdump` in the start menu. -Both executables are added to your PATH and can be invoked from the command -line. - -.. note:: - Mitmproxy's console interface is not supported on Windows, but you can use - mitmweb (the web-based interface) and mitmdump. - .. _install-linux: Installation on Linux --------------------- -The recommended way to run mitmproxy on Linux is to use the pre-built binaries -provided at `releases`_. +The recommended way to install mitmproxy on Linux is to download our +:ref:`binary-packages` from our `releases`_ page. -Our pre-built binaries provide you with the latest version of mitmproxy, a -self-contained Python 3.5 environment and a recent version of OpenSSL that -supports HTTP/2. Of course, you can also install mitmproxy from source if you -prefer that (see :ref:`install-advanced`). +Some Linux distributions and their community provide mitmproxy packages via +their native package repositories (e.g., Arch Linux, Debian, Ubuntu, Kali Linux, +OpenSUSE, etc.). While we do encourage seeing mitmproxy in a great variety of +repositories and distributions, we are not maintaining or involved with their +downstream packaging efforts. If you are looking for the latest version or have +other problems, please contact the repository maintainers directly. -.. _install-advanced: -Advanced Installation ---------------------- +.. _install-windows: -.. _install-docker: +Installation on Windows +----------------------- -Docker Images -^^^^^^^^^^^^^ +The recommended way to install mitmproxy on Windows is to download our +:ref:`binary-packages` from our `releases`_ page. -You can also use the official mitmproxy images from `DockerHub`_. That being -said, our portable binaries are just as easy to install and even easier to use. 😊 +After installation, you'll find shortcuts for :ref:`mitmweb` (the web-based +interface) and :ref:`mitmdump` in the start menu. Both executables are added to +your PATH and can be invoked from the command line. +.. note:: + The console interface is not supported on Windows, but you can + use `mitmweb` (the web-based interface) and `mitmdump`. -.. _install-arch: -Installation on Arch Linux -^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. _install-advanced: + +Advanced Installation +--------------------- -mitmproxy has been added into the [community] repository. Use pacman to install it: +.. _binary-packages: ->>> sudo pacman -S mitmproxy +Self-contained Pre-built Binary Packages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +For some platforms we provide pre-built binary packages containing ready-to-run +executables. This includes a self-contained Python 3 environment, a recent +OpenSSL that support ALPN and HTTP/2, and other dependencies that would +otherwise we cumbersome to compile and install. -.. _install-source-ubuntu: +Please be advised that we do not update these binaries after the initial +release. This means we do not include security-related updates of our +dependencies in already released mitmproxy versions. If there is a severe issue, +we might consider releasing a bugfix release of mitmproxy and corresponding +binary packages. -Installation from Source on Ubuntu -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +We only support the latest version of mitmproxy with bugfix and security updates +through regular minor releases. -Ubuntu comes with Python but we need to install pip3, python3-dev and several -libraries. This was tested on a fully patched installation of Ubuntu 16.04. -.. code:: bash +.. _install-docker: - sudo apt-get install python3-dev python3-pip libffi-dev libssl-dev - sudo pip3 install mitmproxy # or pip3 install --user mitmproxy +Docker Images +^^^^^^^^^^^^^ -On older Ubuntu versions, e.g., **12.04** and **14.04**, you may need to install -a newer version of Python. mitmproxy requires Python 3.5 or higher. Please take -a look at pyenv_. Make sure to have an up-to-date version of pip by running -``pip3 install -U pip``. +You can use the official mitmproxy images from `DockerHub`_. The same security +considerations apply as for our binary packages. -.. _install-source-fedora: +.. _install-linux-pip3: -Installation from Source on Fedora -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Installation on Linux via pip3 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Fedora comes with Python but we need to install pip3, python3-dev and several -libraries. This was tested on a fully patched installation of Fedora 24. +Please make sure to install Python 3.5 (or higher) and pip3 for your +distribtion. If your distribution does not provide a suitable Python version, +you can use `pyenv`_ to get a recent Python environment. .. code:: bash - sudo dnf install make gcc redhat-rpm-config python3-devel python3-pip libffi-devel openssl-devel - sudo pip3 install mitmproxy # or pip3 install --user mitmproxy - -Make sure to have an up-to-date version of pip by running ``pip3 install -U pip``. + sudo apt install python3-pip # Debian 8 or higher, Ubuntu 16.04 or higher + sudo dnf install python3-pip # Fedora 24 or higher + sudo pacman -S python-pip # Arch Linux +Please make sure to upgrade pip3 itself: -.. _install-source-opensuse: +.. code:: bash -Installation from Source on openSUSE -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + sudo pip3 install -U pip -This was tested on a fully patched installation of openSUSE Tumbleweed. -Please note that openSUSE Leap 42.2 only comes with Python 3.4.x, whereas mitmproxy requires Python 3.5 or above. -You can check you Python version by running ``python3 --version``. +Now you can install mitmproxy via pip3: .. code:: bash - sudo zypper install python3-pip python3-devel libffi-devel openssl-devel gcc-c++ - sudo pip3 install mitmproxy + sudo pip3 install mitmproxy -.. _install-source-windows: +.. _install-windows-pip3: -Installation from Source on Windows -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Installation on Windows via pip3 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. note:: - Mitmproxy's console interface is not supported on Windows, but you can use - mitmweb (the web-based interface) and mitmdump. + The console interface is not supported on Windows, but you can + use `mitmweb` (the web-based interface) and `mitmdump`. -First, install the latest version of Python 3.5 or later from the `Python -website`_. During installation, make sure to select `Add Python to PATH`. +First, install the latest version of Python 3.5 or higher from the `Python +website`_. During installation, make sure to select `Add Python to PATH`. There +are no other dependencies on Windows. -Mitmproxy has no other dependencies on Windows. You can now install mitmproxy by running +Now you can install mitmproxy via pip3: .. code:: powershell @@ -145,22 +140,20 @@ Mitmproxy has no other dependencies on Windows. You can now install mitmproxy by -.. _install-dev-version: +.. _install-from-source: -Latest Development Version -^^^^^^^^^^^^^^^^^^^^^^^^^^ +Installation from Source Code +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If you would like to install mitmproxy directly from the master branch on GitHub -or would like to get set up to contribute to the project, install the -dependencies as you would for a regular installation from source. Then see the -project's README_ on GitHub. You can check your system information -by running: ``mitmproxy --version`` +If you would like to install mitmproxy directly from source code or the GitHub +master branch, please see the our README_ on GitHub. .. _README: https://github.com/mitmproxy/mitmproxy/blob/master/README.rst -.. _releases: https://github.com/mitmproxy/mitmproxy/releases +.. _releases: https://github.com/mitmproxy/mitmproxy/releases/latest .. _mitmproxy.org: https://mitmproxy.org/ .. _`Python website`: https://www.python.org/downloads/windows/ .. _pip: https://pip.pypa.io/en/latest/installing.html .. _pyenv: https://github.com/yyuu/pyenv .. _DockerHub: https://hub.docker.com/r/mitmproxy/mitmproxy/ +.. _Homebrew: https://brew.sh/ diff --git a/docs/pathod/intro.rst b/docs/pathod/intro.rst index bf0c531f..1c1ad60e 100644 --- a/docs/pathod/intro.rst +++ b/docs/pathod/intro.rst @@ -3,6 +3,7 @@ Pathology 101 ============= +.. _pathod: pathod ------ @@ -83,15 +84,14 @@ distinguish them from crafted responses. For example, a request to: .. _pathoc: - pathoc ------ Pathoc is a perverse HTTP daemon designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards. HTTP requests are specified using a :ref:`small, terse language <language>`, -which pathod shares with its server-side twin pathod. To view pathoc's complete -range of options, use the command-line help: +which pathoc shares with its server-side twin :ref:`pathod`. To view pathoc's +complete range of options, use the command-line help: >>> pathoc --help diff --git a/docs/protocols/http1.rst b/docs/protocols/http1.rst new file mode 100644 index 00000000..21e68785 --- /dev/null +++ b/docs/protocols/http1.rst @@ -0,0 +1,15 @@ +.. _http1_protocol: + +HTTP/1.0 and HTTP/1.1 +=========================== + +.. seealso:: + + - `RFC7230: HTTP/1.1: Message Syntax and Routing <http://tools.ietf.org/html/rfc7230>`_ + - `RFC7231: HTTP/1.1: Semantics and Content <http://tools.ietf.org/html/rfc7231>`_ + +HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack, +which takes care of all semantics and on-the-wire parsing/serialization tasks. + +mitmproxy currently does not support HTTP trailers - but if you want to send +us a PR, we promise to take look! diff --git a/docs/protocols/http2.rst b/docs/protocols/http2.rst new file mode 100644 index 00000000..b3268ae5 --- /dev/null +++ b/docs/protocols/http2.rst @@ -0,0 +1,16 @@ +.. _http2_protocol: + +HTTP/2 +====== + +.. seealso:: + + - `RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2) <http://tools.ietf.org/html/rfc7540>`_ + +HTTP/2 support in mitmproxy is based on the amazing work by the python-hyper +community with the `hyper-h2 <https://github.com/python-hyper/hyper-h2>`_ +project. It fully encapsulates the internal state of HTTP/2 connections and +provides an easy-to-use event-based API. + +mitmproxy currently does not support HTTP/2 trailers - but if you want to send +us a PR, we promise to take look! diff --git a/docs/features/tcpproxy.rst b/docs/protocols/tcpproxy.rst index 0825c024..77248573 100644 --- a/docs/features/tcpproxy.rst +++ b/docs/protocols/tcpproxy.rst @@ -1,7 +1,7 @@ -.. _tcpproxy: +.. _tcp_proxy: -TCP Proxy -========= +TCP Proxy / Fallback +==================== In case mitmproxy does not handle a specific protocol, you can exempt hostnames from processing, so that mitmproxy acts as a generic TCP forwarder. @@ -28,4 +28,4 @@ feature. .. seealso:: - :ref:`passthrough` - - :ref:`responsestreaming` + - :ref:`streaming` diff --git a/docs/protocols/websocket.rst b/docs/protocols/websocket.rst new file mode 100644 index 00000000..8a7e807f --- /dev/null +++ b/docs/protocols/websocket.rst @@ -0,0 +1,22 @@ +.. _websocket_protocol: + +WebSocket +========= + +.. seealso:: + + - `RFC6455: The WebSocket Protocol <http://tools.ietf.org/html/rfc6455>`_ + - `RFC7692: Compression Extensions for WebSocket <http://tools.ietf.org/html/rfc7692>`_ + +WebSocket support in mitmproxy is based on the amazing work by the python-hyper +community with the `wsproto <https://github.com/python-hyper/wsproto>`_ +project. It fully encapsulates WebSocket frames/messages/connections and +provides an easy-to-use event-based API. + +mitmproxy fully supports the compression extension for WebSocket messages, +provided by wsproto. + +If an endpoint sends a PING to mitmproxy, a PONG will be sent back immediately +(with the same payload if present). To keep the other connection alive, a new +PING (without a payload) is sent to the other endpoint. Unsolicited PONG's are +not forwarded. All PING's and PONG's are logged (with payload if present). diff --git a/docs/scripting/api.rst b/docs/scripting/api.rst index e82afef4..368b9ba8 100644 --- a/docs/scripting/api.rst +++ b/docs/scripting/api.rst @@ -10,6 +10,9 @@ API - `mitmproxy.http.HTTPRequest <#mitmproxy.http.HTTPRequest>`_ - `mitmproxy.http.HTTPResponse <#mitmproxy.http.HTTPResponse>`_ - `mitmproxy.http.HTTPFlow <#mitmproxy.http.HTTPFlow>`_ +- WebSocket + - `mitmproxy.websocket.WebSocketFlow <#mitmproxy.websocket.WebSocketFlow>`_ + - `mitmproxy.websocket.WebSocketMessage <#mitmproxy.websocket.WebSocketMessage>`_ - Logging - `mitmproxy.log.Log <#mitmproxy.controller.Log>`_ - `mitmproxy.log.LogEntry <#mitmproxy.controller.LogEntry>`_ @@ -33,6 +36,15 @@ HTTP .. autoclass:: mitmproxy.http.HTTPFlow :inherited-members: +WebSocket +--------- + +.. autoclass:: mitmproxy.websocket.WebSocketFlow + :inherited-members: + +.. autoclass:: mitmproxy.websocket.WebSocketMessage + :inherited-members: + Logging -------- diff --git a/docs/scripting/events.rst b/docs/scripting/events.rst index 8f9463ff..4d74b220 100644 --- a/docs/scripting/events.rst +++ b/docs/scripting/events.rst @@ -187,8 +187,8 @@ are issued, only new WebSocket messages are called. - Called when a WebSocket message is received from the client or server. The sender and receiver are identifiable. The most recent message will be - ``flow.messages[-1]``. The message is user-modifiable. Currently there are - two types of messages, corresponding to the BINARY and TEXT frame types. + ``flow.messages[-1]``. The message is user-modifiable and is killable. + A message is either of TEXT or BINARY type. *flow* A ``models.WebSocketFlow`` object. @@ -211,7 +211,7 @@ TCP Events ---------- These events are called only if the connection is in :ref:`TCP mode -<tcpproxy>`. So, for instance, TCP events are not called for ordinary HTTP/S +<tcp_proxy>`. So, for instance, TCP events are not called for ordinary HTTP/S connections. .. list-table:: diff --git a/docs/transparent/linux.rst b/docs/transparent/linux.rst index 1878008c..ab3fd707 100644 --- a/docs/transparent/linux.rst +++ b/docs/transparent/linux.rst @@ -12,15 +12,15 @@ achieve transparent mode. >>> sysctl -w net.ipv4.ip_forward=1 - You may also want to consider enabling this permanently in ``/etc/sysctl.conf``. + You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__. 3. If your target machine is on the same physical network and you configured it to use a custom gateway, disable ICMP redirects: - >>> echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects + >>> sysctl -w net.ipv4.conf.all.accept_redirects=0 + >>> sysctl -w net.ipv4.conf.all.send_redirects=0 - You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` - as demonstrated `here <https://unix.stackexchange.com/a/58081>`_. +   You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__. 4. Create an iptables ruleset that redirects the desired traffic to the mitmproxy port. Details will differ according to your setup, but the @@ -30,6 +30,8 @@ achieve transparent mode. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080 + +   You may also want to consider enabling this permanently with the ``iptables-persistent`` package, see `here <http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html>`__. 5. Fire up mitmproxy. You probably want a command like this: |