From 59ec291b6cff1dfa83b316401418b6308df93aac Mon Sep 17 00:00:00 2001 From: iroiro123 Date: Thu, 18 Jun 2015 23:53:27 +0900 Subject: HTTP Transparent Proxy --- libmproxy/proxy/config.py | 7 ++++++- libmproxy/proxy/primitives.py | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 3f579669..2074d0bf 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -4,7 +4,7 @@ import re from OpenSSL import SSL from netlib import http_auth, certutils, tcp from .. import utils, platform, version -from .primitives import RegularProxyMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode +from .primitives import RegularProxyMode, HTTPTransparentProxyMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode TRANSPARENT_SSL_PORTS = [443, 8443] CONF_BASENAME = "mitmproxy" @@ -70,6 +70,8 @@ class ProxyConfig: self.mode = ReverseProxyMode(upstream_server) elif mode == "upstream": self.mode = UpstreamProxyMode(upstream_server) + elif mode == "httptransparent": + self.mode = HTTPTransparentProxyMode() else: self.mode = RegularProxyMode() @@ -144,6 +146,9 @@ def process_proxy_options(parser, options): c += 1 mode = "upstream" upstream_server = options.upstream_proxy + if options.http_transparent_proxy: + c += 1 + mode = "httptransparent" if c > 1: return parser.error( "Transparent, SOCKS5, reverse and upstream proxy mode " diff --git a/libmproxy/proxy/primitives.py b/libmproxy/proxy/primitives.py index 9e7dae9a..a9718051 100644 --- a/libmproxy/proxy/primitives.py +++ b/libmproxy/proxy/primitives.py @@ -51,6 +51,14 @@ class RegularProxyMode(ProxyMode): return None +class HTTPTransparentProxyMode(ProxyMode): + http_form_in = "relative" + http_form_out = "relative" + + def get_upstream_server(self, client_conn): + return None + + class TransparentProxyMode(ProxyMode): http_form_in = "relative" http_form_out = "relative" -- cgit v1.2.3 From 378aa783243cf23d84a39d02dde5420beadc188b Mon Sep 17 00:00:00 2001 From: iroiro123 Date: Sat, 20 Jun 2015 21:43:50 +0900 Subject: Spoof mode --- libmproxy/proxy/config.py | 10 +++++----- libmproxy/proxy/primitives.py | 6 +++++- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 2074d0bf..7305d72a 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -4,7 +4,7 @@ import re from OpenSSL import SSL from netlib import http_auth, certutils, tcp from .. import utils, platform, version -from .primitives import RegularProxyMode, HTTPTransparentProxyMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode +from .primitives import RegularProxyMode, SpoofMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode TRANSPARENT_SSL_PORTS = [443, 8443] CONF_BASENAME = "mitmproxy" @@ -70,8 +70,8 @@ class ProxyConfig: self.mode = ReverseProxyMode(upstream_server) elif mode == "upstream": self.mode = UpstreamProxyMode(upstream_server) - elif mode == "httptransparent": - self.mode = HTTPTransparentProxyMode() + elif mode == "spoof": + self.mode = SpoofMode() else: self.mode = RegularProxyMode() @@ -146,9 +146,9 @@ def process_proxy_options(parser, options): c += 1 mode = "upstream" upstream_server = options.upstream_proxy - if options.http_transparent_proxy: + if options.spoof_mode: c += 1 - mode = "httptransparent" + mode = "spoof" if c > 1: return parser.error( "Transparent, SOCKS5, reverse and upstream proxy mode " diff --git a/libmproxy/proxy/primitives.py b/libmproxy/proxy/primitives.py index a9718051..f514d37f 100644 --- a/libmproxy/proxy/primitives.py +++ b/libmproxy/proxy/primitives.py @@ -51,13 +51,17 @@ class RegularProxyMode(ProxyMode): return None -class HTTPTransparentProxyMode(ProxyMode): +class SpoofMode(ProxyMode): http_form_in = "relative" http_form_out = "relative" def get_upstream_server(self, client_conn): return None + @property + def name(self): + return "spoof" + class TransparentProxyMode(ProxyMode): http_form_in = "relative" -- cgit v1.2.3 From fd903673299c050b7b4137aabf6b9265df3d6233 Mon Sep 17 00:00:00 2001 From: iroiro123 Date: Sun, 21 Jun 2015 00:51:56 +0900 Subject: SSL Spoof mode --- libmproxy/proxy/config.py | 16 ++++++++++++---- libmproxy/proxy/primitives.py | 15 +++++++++++++++ libmproxy/proxy/server.py | 19 +++++++++++++++++++ 3 files changed, 46 insertions(+), 4 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 7305d72a..07dc5c89 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -4,7 +4,7 @@ import re from OpenSSL import SSL from netlib import http_auth, certutils, tcp from .. import utils, platform, version -from .primitives import RegularProxyMode, SpoofMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode +from .primitives import RegularProxyMode, SpoofMode, SSLSpoofMode, TransparentProxyMode, UpstreamProxyMode, ReverseProxyMode, Socks5ProxyMode TRANSPARENT_SSL_PORTS = [443, 8443] CONF_BASENAME = "mitmproxy" @@ -51,7 +51,8 @@ class ProxyConfig: certforward=False, ssl_version_client="secure", ssl_version_server="secure", - ssl_ports=TRANSPARENT_SSL_PORTS + ssl_ports=TRANSPARENT_SSL_PORTS, + spoofed_ssl_port=None ): self.host = host self.port = port @@ -72,6 +73,8 @@ class ProxyConfig: self.mode = UpstreamProxyMode(upstream_server) elif mode == "spoof": self.mode = SpoofMode() + elif mode == "sslspoof": + self.mode = SSLSpoofMode(spoofed_ssl_port) else: self.mode = RegularProxyMode() @@ -128,7 +131,7 @@ def process_proxy_options(parser, options): body_size_limit = utils.parse_size(options.body_size_limit) c = 0 - mode, upstream_server = None, None + mode, upstream_server, spoofed_ssl_port = None, None, None if options.transparent_proxy: c += 1 if not platform.resolver: @@ -149,6 +152,10 @@ def process_proxy_options(parser, options): if options.spoof_mode: c += 1 mode = "spoof" + if options.ssl_spoof_mode: + c += 1 + mode = "sslspoof" + spoofed_ssl_port = options.spoofed_ssl_port if c > 1: return parser.error( "Transparent, SOCKS5, reverse and upstream proxy mode " @@ -218,7 +225,8 @@ def process_proxy_options(parser, options): certforward=options.certforward, ssl_version_client=options.ssl_version_client, ssl_version_server=options.ssl_version_server, - ssl_ports=ssl_ports + ssl_ports=ssl_ports, + spoofed_ssl_port=spoofed_ssl_port ) diff --git a/libmproxy/proxy/primitives.py b/libmproxy/proxy/primitives.py index f514d37f..b01ddde3 100644 --- a/libmproxy/proxy/primitives.py +++ b/libmproxy/proxy/primitives.py @@ -63,6 +63,21 @@ class SpoofMode(ProxyMode): return "spoof" +class SSLSpoofMode(ProxyMode): + http_form_in = "relative" + http_form_out = "relative" + + def __init__(self, sslport): + self.sslport = sslport + + def get_upstream_server(self, client_conn): + return None + + @property + def name(self): + return "sslspoof" + + class TransparentProxyMode(ProxyMode): http_form_in = "relative" http_form_out = "relative" diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index e1587df1..df890f7c 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -117,6 +117,20 @@ class ConnectionHandler: self.server_conn.address(), "info") self.conntype = "tcp" + + elif not self.server_conn and self.config.mode == "sslspoof": + port = self.config.mode.sslport + self.set_server_address(("-", port)) + self.establish_ssl(client=True) + host = self.client_conn.connection.get_servername() + if host is None: + raise ProxyError( + 400, + "Invalid request: No host information" + ) + self.set_server_address((host, port)) + self.establish_server_connection() + self.establish_ssl(server=True, sni=host) # Delegate handling to the protocol handler protocol_handler( @@ -308,6 +322,9 @@ class ConnectionHandler: host = upstream_cert.cn.decode("utf8").encode("idna") if self.server_conn.sni: sans.append(self.server_conn.sni) + # for ssl spoof mode + if hasattr(self.client_conn, "sni"): + sans.append(self.client_conn.sni) ret = self.config.certstore.get_cert(host, sans) if not ret: @@ -325,6 +342,8 @@ class ConnectionHandler: if not sn: return sni = sn.decode("utf8").encode("idna") + # for ssl spoof mode + self.client_conn.sni = sni if sni != self.server_conn.sni: self.log("SNI received: %s" % sni, "debug") -- cgit v1.2.3 From fbb23b5c9fae6e402d84ddae3c3b8c218def366c Mon Sep 17 00:00:00 2001 From: iroiro123 Date: Tue, 23 Jun 2015 01:49:22 +0900 Subject: changed error handling (ssl spoof mode) --- libmproxy/proxy/server.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index df890f7c..71704413 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -123,14 +123,10 @@ class ConnectionHandler: self.set_server_address(("-", port)) self.establish_ssl(client=True) host = self.client_conn.connection.get_servername() - if host is None: - raise ProxyError( - 400, - "Invalid request: No host information" - ) - self.set_server_address((host, port)) - self.establish_server_connection() - self.establish_ssl(server=True, sni=host) + if host: + self.set_server_address((host, port)) + self.establish_server_connection() + self.establish_ssl(server=True, sni=host) # Delegate handling to the protocol handler protocol_handler( -- cgit v1.2.3