diff options
Diffstat (limited to 'libmproxy/protocol')
| -rw-r--r-- | libmproxy/protocol/http.py | 14 | ||||
| -rw-r--r-- | libmproxy/protocol/primitives.py | 3 | ||||
| -rw-r--r-- | libmproxy/protocol/tcp.py | 69 |
3 files changed, 50 insertions, 36 deletions
diff --git a/libmproxy/protocol/http.py b/libmproxy/protocol/http.py index cc6533b2..6837327b 100644 --- a/libmproxy/protocol/http.py +++ b/libmproxy/protocol/http.py @@ -751,7 +751,7 @@ class HTTPFlow(Flow): """ def __init__(self, client_conn, server_conn, change_server=None): - Flow.__init__(self, "http", client_conn, server_conn) + super(HTTPFlow, self).__init__("http", client_conn, server_conn) self.request = None """@type: HTTPRequest""" self.response = None @@ -963,9 +963,14 @@ class HTTPHandler(ProtocolHandler, TemporaryServerChangeMixin): http.connection_close(flow.response.httpversion, flow.response.headers) or http.expected_http_body_size(flow.response.headers, False, flow.request.method, flow.response.code) == -1): - return False + if flow.request.form_in == "authority" and flow.response.code == 200: + # Workaround for https://github.com/mitmproxy/mitmproxy/issues/313: + # Some proxies (e.g. Charles) send a CONNECT response with HTTP/1.0 and no Content-Length header + pass + else: + return False - if flow.request.form_in == "authority": + if flow.request.form_in == "authority" and flow.response.code == 200: self.ssl_upgrade() # If the user has changed the target server on this connection, @@ -1069,12 +1074,15 @@ class HTTPHandler(ProtocolHandler, TemporaryServerChangeMixin): if not self.c.config.get_upstream_server: self.c.set_server_address((request.host, request.port), proxy.AddressPriority.FROM_PROTOCOL) + self.c.establish_server_connection() flow.server_conn = self.c.server_conn # Update server_conn attribute on the flow self.c.client_conn.send( 'HTTP/1.1 200 Connection established\r\n' + + 'Content-Length: 0\r\n' + ('Proxy-agent: %s\r\n' % self.c.server_version) + '\r\n' ) + self.ssl_upgrade() self.skip_authentication = True return False diff --git a/libmproxy/protocol/primitives.py b/libmproxy/protocol/primitives.py index 8c0ea5db..f3ecdab7 100644 --- a/libmproxy/protocol/primitives.py +++ b/libmproxy/protocol/primitives.py @@ -139,7 +139,7 @@ class Flow(stateobject.SimpleStateObject, BackreferenceMixin): class ProtocolHandler(object): def __init__(self, c): self.c = c - """@type: libmproxy.proxy.ConnectionHandler""" + """@type: libmproxy.proxy.server.ConnectionHandler""" def handle_messages(self): """ @@ -181,6 +181,7 @@ class TemporaryServerChangeMixin(object): self.c.del_server_connection() self.c.set_server_address(address, priority) + self.c.establish_server_connection(ask=False) if ssl: self.c.establish_ssl(server=True) diff --git a/libmproxy/protocol/tcp.py b/libmproxy/protocol/tcp.py index 6cdc6581..33c9ff05 100644 --- a/libmproxy/protocol/tcp.py +++ b/libmproxy/protocol/tcp.py @@ -1,16 +1,21 @@ from __future__ import absolute_import import select, socket -from cStringIO import StringIO from .primitives import ProtocolHandler - class TCPHandler(ProtocolHandler): """ TCPHandler acts as a generic TCP forwarder. Data will be .log()ed, but not stored any further. """ + + chunk_size = 4096 + def handle_messages(self): self.c.establish_server_connection() + + server = "%s:%s" % self.c.server_conn.address()[:2] + buf = memoryview(bytearray(self.chunk_size)) + conns = [self.c.client_conn.rfile, self.c.server_conn.rfile] while not self.c.close: r, _, _ = select.select(conns, [], [], 10) @@ -18,43 +23,43 @@ class TCPHandler(ProtocolHandler): if self.c.client_conn.rfile == rfile: src, dst = self.c.client_conn, self.c.server_conn direction = "-> tcp ->" - dst_str = "%s:%s" % self.c.server_conn.address()[:2] + src_str, dst_str = "client", server else: dst, src = self.c.client_conn, self.c.server_conn direction = "<- tcp <-" - dst_str = "client" - - data = StringIO() - while range(4096): - # Do non-blocking select() to see if there is further data on in the buffer. - r, _, _ = select.select([rfile], [], [], 0) - if len(r): - d = rfile.read(1) - if d == "": # connection closed - break - data.write(d) - # OpenSSL Connections have an internal buffer that might - # contain data altough everything is read from the socket. - # Thankfully, connection.pending() returns the amount of - # bytes in this buffer, so we can read it completely at - # once. - if src.ssl_established: - data.write(rfile.read(src.connection.pending())) - else: # no data left, but not closed yet - break - data = data.getvalue() - - if data == "": # no data received, rfile is closed - self.c.log("Close writing connection to %s" % dst_str, "debug") - conns.remove(rfile) + dst_str, src_str = "client", server + + closed = False + if src.ssl_established: + # Unfortunately, pyOpenSSL lacks a recv_into function. + contents = src.rfile.read(1) # We need to read a single byte before .pending() becomes usable + contents += src.rfile.read(src.connection.pending()) + if not contents: + closed = True + else: + size = src.connection.recv_into(buf) + if not size: + closed = True + + if closed: + conns.remove(src.rfile) + # Shutdown connection to the other peer if dst.ssl_established: dst.connection.shutdown() else: dst.connection.shutdown(socket.SHUT_WR) + if len(conns) == 0: self.c.close = True - break + continue - self.c.log("%s %s\r\n%s" % (direction, dst_str, data), "debug") - dst.wfile.write(data) - dst.wfile.flush() + if src.ssl_established or dst.ssl_established: + # if one of the peers is over SSL, we need to send bytes/strings + if not src.ssl_established: # only ssl to dst, i.e. we revc'd into buf but need bytes/string now. + contents = buf[:size].tobytes() + self.c.log("%s %s\r\n%s" % (direction, dst_str, contents[:100]), "debug") + dst.connection.send(contents) + else: + # socket.socket.send supports raw bytearrays/memoryviews + self.c.log("%s %s\r\n%s" % (direction, dst_str, buf[:100]), "debug") + dst.connection.send(buf[:size])
\ No newline at end of file |