From 78750a8b4da217a2b3f3eac23bea92b6c428fc35 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 10 Mar 2014 02:32:27 +0100 Subject: lay the foundations for --(in|out)(abs|rel) command line switches, as proposed in https://groups.google.com/forum/#!topic/mitmproxy/nApno2TXS0c --- libmproxy/proxy/server.py | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) (limited to 'libmproxy/proxy/server.py') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 37ec7758..5aaabf87 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -59,12 +59,6 @@ class ConnectionHandler: self.conntype = None self.sni = None - self.mode = "regular" - if self.config.reverse_proxy: - self.mode = "reverse" - if self.config.transparent_proxy: - self.mode = "transparent" - def handle(self): self.log("clientconnect") self.channel.ask("clientconnect", self) @@ -76,11 +70,8 @@ class ConnectionHandler: # Can we already identify the target server and connect to it? server_address = None address_priority = None - if self.config.forward_proxy: - server_address = self.config.forward_proxy[1:] - address_priority = AddressPriority.FORCE - elif self.config.reverse_proxy: - server_address = self.config.reverse_proxy[1:] + if self.config.upstream_server: + server_address = self.config.upstream_server[1:] address_priority = AddressPriority.FROM_SETTINGS elif self.config.transparent_proxy: server_address = self.config.transparent_proxy["resolver"].original_addr( @@ -125,8 +116,8 @@ class ConnectionHandler: if self.config.transparent_proxy: client_ssl = server_ssl = (self.server_conn.address.port in self.config.transparent_proxy["sslports"]) - elif self.config.reverse_proxy: - client_ssl = server_ssl = (self.config.reverse_proxy[0] == "https") + elif self.config.upstream_server: + client_ssl = server_ssl = (self.config.upstream_server[0] == "https") # TODO: Make protocol generic (as with transparent proxies) # TODO: Add SSL-terminating capatbility (SSL -> mitmproxy -> plain and vice versa) if client_ssl or server_ssl: @@ -152,7 +143,6 @@ class ConnectionHandler: """ Sets a new server address with the given priority. Does not re-establish either connection or SSL handshake. - @type priority: libmproxy.proxy.primitives.AddressPriority """ address = tcp.Address.wrap(address) -- cgit v1.2.3 From fe58c1c6eb16fdc14bd24843cb896b3d8a4eefc8 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 10 Mar 2014 05:11:51 +0100 Subject: add advanced proxying options, add SSL-terminating capability to mitmproxy --- libmproxy/proxy/server.py | 42 +++++++----------------------------------- 1 file changed, 7 insertions(+), 35 deletions(-) (limited to 'libmproxy/proxy/server.py') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 5aaabf87..554ee551 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -68,22 +68,13 @@ class ConnectionHandler: try: try: # Can we already identify the target server and connect to it? - server_address = None - address_priority = None - if self.config.upstream_server: - server_address = self.config.upstream_server[1:] - address_priority = AddressPriority.FROM_SETTINGS - elif self.config.transparent_proxy: - server_address = self.config.transparent_proxy["resolver"].original_addr( - self.client_conn.connection) - if not server_address: - raise ProxyError(502, "Transparent mode failure: could not resolve original destination.") - address_priority = AddressPriority.FROM_CONNECTION - self.log("transparent to %s:%s" % server_address) - - if server_address: - self.set_server_address(server_address, address_priority) - self._handle_ssl() + if self.config.get_upstream_server: + upstream_info = self.config.get_upstream_server(self.client_conn.connection) + self.set_server_address(upstream_info[2:], AddressPriority.FROM_SETTINGS) + client_ssl, server_ssl = upstream_info[:2] + if client_ssl or server_ssl: + self.establish_server_connection() + self.establish_ssl(client=client_ssl, server=server_ssl) while not self.close: try: @@ -105,25 +96,6 @@ class ConnectionHandler: self.log("clientdisconnect") self.channel.tell("clientdisconnect", self) - def _handle_ssl(self): - """ - Helper function of .handle() - Check if we can already identify SSL connections. - If so, connect to the server and establish an SSL connection - """ - client_ssl = False - server_ssl = False - - if self.config.transparent_proxy: - client_ssl = server_ssl = (self.server_conn.address.port in self.config.transparent_proxy["sslports"]) - elif self.config.upstream_server: - client_ssl = server_ssl = (self.config.upstream_server[0] == "https") - # TODO: Make protocol generic (as with transparent proxies) - # TODO: Add SSL-terminating capatbility (SSL -> mitmproxy -> plain and vice versa) - if client_ssl or server_ssl: - self.establish_server_connection() - self.establish_ssl(client=client_ssl, server=server_ssl) - def del_server_connection(self): """ Deletes an existing server connection. -- cgit v1.2.3 From 9cc10630c8e0b0f249ed852299d3316ba42f128d Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 10 Mar 2014 17:01:30 +0100 Subject: update docs, fix #215 --- libmproxy/proxy/server.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'libmproxy/proxy/server.py') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 554ee551..c77ab2a8 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -1,10 +1,9 @@ import socket -from .. import version, protocol -from libmproxy.proxy.primitives import Log -from .primitives import ProxyServerError -from .connection import ClientConnection, ServerConnection -from .primitives import ProxyError, ConnectionTypeChange, AddressPriority +from OpenSSL import SSL from netlib import tcp +from .primitives import ProxyServerError, Log, ProxyError, ConnectionTypeChange, AddressPriority +from .connection import ClientConnection, ServerConnection +from .. import version, protocol class DummyServer: @@ -23,6 +22,7 @@ class DummyServer: class ProxyServer(tcp.TCPServer): allow_reuse_address = True bound = True + def __init__(self, config, port, host='', server_version=version.NAMEVERSION): """ Raises ProxyServerError if there's a startup problem. @@ -51,8 +51,11 @@ class ProxyServer(tcp.TCPServer): class ConnectionHandler: def __init__(self, config, client_connection, client_address, server, channel, server_version): self.config = config + """@type: libmproxy.proxy.config.ProxyConfig""" self.client_conn = ClientConnection(client_connection, client_address, server) + """@type: libmproxy.proxy.connection.ClientConnection""" self.server_conn = None + """@type: libmproxy.proxy.connection.ServerConnection""" self.channel, self.server_version = channel, server_version self.close = False @@ -98,7 +101,7 @@ class ConnectionHandler: def del_server_connection(self): """ - Deletes an existing server connection. + Deletes (and closes) an existing server connection. """ if self.server_conn and self.server_conn.connection: self.server_conn.finish() @@ -150,8 +153,7 @@ class ConnectionHandler: """ Establishes SSL on the existing connection(s) to the server or the client, as specified by the parameters. If the target server is on the pass-through list, - the conntype attribute will be changed and the SSL connection won't be wrapped. - A protocol handler must raise a ConnTypeChanged exception if it detects that this is happening + the conntype attribute will be changed and a ConnTypeChanged exception will be raised. """ # TODO: Implement SSL pass-through handling and change conntype passthrough = [ @@ -160,7 +162,7 @@ class ConnectionHandler: ] if self.server_conn.address.host in passthrough or self.sni in passthrough: self.conntype = "tcp" - return + raise ConnectionTypeChange # Logging if client or server: -- cgit v1.2.3