From f4272de5ec77fb57723e2274e4ddc50d73489e1e Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 3 Sep 2015 17:01:25 +0200 Subject: remove ServerConnectionMixin.reconnect --- libmproxy/proxy/__init__.py | 2 ++ libmproxy/proxy/modes/http_proxy.py | 4 ++-- libmproxy/proxy/modes/reverse_proxy.py | 2 +- libmproxy/proxy/modes/socks_proxy.py | 2 +- libmproxy/proxy/modes/transparent_proxy.py | 2 +- libmproxy/proxy/root_context.py | 19 +++++++++++++++++++ libmproxy/proxy/server.py | 4 ++-- 7 files changed, 28 insertions(+), 7 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/__init__.py b/libmproxy/proxy/__init__.py index d5297cb1..be7f5207 100644 --- a/libmproxy/proxy/__init__.py +++ b/libmproxy/proxy/__init__.py @@ -2,8 +2,10 @@ from __future__ import (absolute_import, print_function, division) from .server import ProxyServer, DummyServer from .config import ProxyConfig +from .root_context import RootContext, Log __all__ = [ "ProxyServer", "DummyServer", "ProxyConfig", + "RootContext", "Log", ] diff --git a/libmproxy/proxy/modes/http_proxy.py b/libmproxy/proxy/modes/http_proxy.py index 90c54cc6..c7502c24 100644 --- a/libmproxy/proxy/modes/http_proxy.py +++ b/libmproxy/proxy/modes/http_proxy.py @@ -10,7 +10,7 @@ class HttpProxy(Layer, ServerConnectionMixin): layer() finally: if self.server_conn: - self._disconnect() + self.disconnect() class HttpUpstreamProxy(Layer, ServerConnectionMixin): @@ -23,4 +23,4 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin): layer() finally: if self.server_conn: - self._disconnect() + self.disconnect() diff --git a/libmproxy/proxy/modes/reverse_proxy.py b/libmproxy/proxy/modes/reverse_proxy.py index b57ac5eb..28f4e6f8 100644 --- a/libmproxy/proxy/modes/reverse_proxy.py +++ b/libmproxy/proxy/modes/reverse_proxy.py @@ -14,4 +14,4 @@ class ReverseProxy(Layer, ServerConnectionMixin): layer() finally: if self.server_conn: - self._disconnect() + self.disconnect() diff --git a/libmproxy/proxy/modes/socks_proxy.py b/libmproxy/proxy/modes/socks_proxy.py index ebaf939e..0efeab67 100644 --- a/libmproxy/proxy/modes/socks_proxy.py +++ b/libmproxy/proxy/modes/socks_proxy.py @@ -57,4 +57,4 @@ class Socks5Proxy(Layer, ServerConnectionMixin): layer() finally: if self.server_conn: - self._disconnect() + self.disconnect() diff --git a/libmproxy/proxy/modes/transparent_proxy.py b/libmproxy/proxy/modes/transparent_proxy.py index 96ad86c4..d99485c9 100644 --- a/libmproxy/proxy/modes/transparent_proxy.py +++ b/libmproxy/proxy/modes/transparent_proxy.py @@ -21,4 +21,4 @@ class TransparentProxy(Layer, ServerConnectionMixin): layer() finally: if self.server_conn: - self._disconnect() + self.disconnect() diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py index 35909612..88df8e47 100644 --- a/libmproxy/proxy/root_context.py +++ b/libmproxy/proxy/root_context.py @@ -85,9 +85,28 @@ class RootContext(object): # d = top_layer.client_conn.rfile.peek(len(HTTP2Protocol.CLIENT_CONNECTION_PREFACE)) # is_http2_magic = (d == HTTP2Protocol.CLIENT_CONNECTION_PREFACE) + def log(self, msg, level, subs=()): + """ + Send a log message to the master. + """ + + full_msg = [ + "{}: {}".format(repr(self.client_conn.address), msg) + ] + for i in subs: + full_msg.append(" -> " + i) + full_msg = "\n".join(full_msg) + self.channel.tell("log", Log(full_msg, level)) + @property def layers(self): return [] def __repr__(self): return "RootContext" + + +class Log(object): + def __init__(self, msg, level="info"): + self.msg = msg + self.level = level \ No newline at end of file diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index e9e8df09..5d067b45 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -8,10 +8,10 @@ from netlib import tcp from netlib.http.http1 import HTTP1Protocol from netlib.tcp import NetLibError from ..exceptions import ProtocolException, ServerException -from ..protocol import Log, Kill +from ..protocol import Kill from ..models import ClientConnection, make_error_response from .modes import HttpUpstreamProxy, HttpProxy, ReverseProxy, TransparentProxy, Socks5Proxy -from .root_context import RootContext +from .root_context import RootContext, Log class DummyServer: -- cgit v1.2.3 From 14457f29b3d89e234d0791c4980e5cf9514185dd Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 3 Sep 2015 18:55:38 +0200 Subject: docs++ --- libmproxy/proxy/root_context.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py index 88df8e47..87a540c0 100644 --- a/libmproxy/proxy/root_context.py +++ b/libmproxy/proxy/root_context.py @@ -11,21 +11,31 @@ from .modes import HttpProxy, HttpUpstreamProxy, ReverseProxy class RootContext(object): """ - The outmost context provided to the root layer. - As a consequence, every layer has .client_conn, .channel, .next_layer() and .config. + The outermost context provided to the root layer. + As a consequence, every layer has access to methods and attributes defined here. + + Attributes: + client_conn: + The :py:class:`client connection `. + channel: + A :py:class:`~libmproxy.controller.Channel` to communicate with the FlowMaster. + Provides :py:meth:`.ask() ` and + :py:meth:`.tell() ` methods. + config: + The :py:class:`proxy server's configuration ` """ def __init__(self, client_conn, config, channel): - self.client_conn = client_conn # Client Connection - self.channel = channel # provides .ask() method to communicate with FlowMaster - self.config = config # Proxy Configuration + self.client_conn = client_conn + self.channel = channel + self.config = config def next_layer(self, top_layer): """ This function determines the next layer in the protocol stack. Arguments: - top_layer: the current top layer. + top_layer: the current innermost layer. Returns: The next layer -- cgit v1.2.3 From d002371d30e4b0ab7d1d23023236a9446d4c2396 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 7 Sep 2015 13:51:46 +0200 Subject: expose `next_layer` to inline scripts --- libmproxy/proxy/root_context.py | 5 ++++- libmproxy/proxy/server.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py index 87a540c0..dccdf023 100644 --- a/libmproxy/proxy/root_context.py +++ b/libmproxy/proxy/root_context.py @@ -40,7 +40,10 @@ class RootContext(object): Returns: The next layer """ + layer = self._next_layer(top_layer) + return self.channel.ask("next_layer", layer) + def _next_layer(self, top_layer): # 1. Check for --ignore. if self.config.check_ignore(top_layer.server_conn.address): return RawTCPLayer(top_layer, logging=False) @@ -119,4 +122,4 @@ class RootContext(object): class Log(object): def __init__(self, msg, level="info"): self.msg = msg - self.level = level \ No newline at end of file + self.level = level diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 5d067b45..c12bbbfa 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -137,4 +137,4 @@ class ConnectionHandler(object): def log(self, msg, level): msg = "{}: {}".format(repr(self.client_conn.address), msg) - self.channel.tell("log", Log(msg, level)) \ No newline at end of file + self.channel.tell("log", Log(msg, level)) -- cgit v1.2.3 From d1bc966e5b7e2ef822443f3ad28a5f3d40965e75 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Fri, 11 Sep 2015 00:00:00 +0200 Subject: polish for release: introduce http2 and rawtcp as command line switches --- libmproxy/proxy/config.py | 8 +++++++- libmproxy/proxy/root_context.py | 36 ++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 17 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 2a1b84cb..cd9eda5a 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -54,6 +54,8 @@ class ProxyConfig: authenticator=None, ignore_hosts=tuple(), tcp_hosts=tuple(), + http2=False, + rawtcp=False, ciphers_client=None, ciphers_server=None, certs=tuple(), @@ -78,6 +80,8 @@ class ProxyConfig: self.check_ignore = HostMatcher(ignore_hosts) self.check_tcp = HostMatcher(tcp_hosts) + self.http2 = http2 + self.rawtcp = rawtcp self.authenticator = authenticator self.cadir = os.path.expanduser(cadir) self.certstore = certutils.CertStore.from_store( @@ -183,6 +187,8 @@ def process_proxy_options(parser, options): upstream_server=upstream_server, ignore_hosts=options.ignore_hosts, tcp_hosts=options.tcp_hosts, + http2=options.http2, + rawtcp=options.rawtcp, authenticator=authenticator, ciphers_client=options.ciphers_client, ciphers_server=options.ciphers_server, @@ -192,4 +198,4 @@ def process_proxy_options(parser, options): ssl_verify_upstream_cert=options.ssl_verify_upstream_cert, ssl_verify_upstream_trusted_cadir=options.ssl_verify_upstream_trusted_cadir, ssl_verify_upstream_trusted_ca=options.ssl_verify_upstream_trusted_ca - ) \ No newline at end of file + ) diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py index dccdf023..54bea1db 100644 --- a/libmproxy/proxy/root_context.py +++ b/libmproxy/proxy/root_context.py @@ -1,8 +1,13 @@ from __future__ import (absolute_import, print_function, division) +import string +import sys +import six + +from libmproxy.exceptions import ProtocolException from netlib.http.http1 import HTTP1Protocol from netlib.http.http2 import HTTP2Protocol - +from netlib.tcp import NetLibError from ..protocol import ( RawTCPLayer, TlsLayer, Http1Layer, Http2Layer, is_tls_record_magic, ServerConnectionMixin ) @@ -48,7 +53,10 @@ class RootContext(object): if self.config.check_ignore(top_layer.server_conn.address): return RawTCPLayer(top_layer, logging=False) - d = top_layer.client_conn.rfile.peek(3) + try: + d = top_layer.client_conn.rfile.peek(3) + except NetLibError as e: + six.reraise(ProtocolException, ProtocolException(str(e)), sys.exc_info()[2]) client_tls = is_tls_record_magic(d) # 2. Always insert a TLS layer, even if there's neither client nor server tls. @@ -82,21 +90,17 @@ class RootContext(object): if alpn == HTTP1Protocol.ALPN_PROTO_HTTP1: return Http1Layer(top_layer, 'transparent') - # 6. Assume HTTP1 by default - return Http1Layer(top_layer, 'transparent') + # 6. Check for raw tcp mode + is_ascii = ( + len(d) == 3 and + # better be safe here and don't expect uppercase... + all(x in string.ascii_letters for x in d) + ) + if self.config.rawtcp and not is_ascii: + return RawTCPLayer(top_layer) - # In a future version, we want to implement TCP passthrough as the last fallback, - # but we don't have the UI part ready for that. - # - # d = top_layer.client_conn.rfile.peek(3) - # is_ascii = ( - # len(d) == 3 and - # # better be safe here and don't expect uppercase... - # all(x in string.ascii_letters for x in d) - # ) - # # TODO: This could block if there are not enough bytes available? - # d = top_layer.client_conn.rfile.peek(len(HTTP2Protocol.CLIENT_CONNECTION_PREFACE)) - # is_http2_magic = (d == HTTP2Protocol.CLIENT_CONNECTION_PREFACE) + # 7. Assume HTTP1 by default + return Http1Layer(top_layer, 'transparent') def log(self, msg, level, subs=()): """ -- cgit v1.2.3 From 30f0ee40c51fc6bc911169f044677e235087161e Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Fri, 11 Sep 2015 00:49:37 +0200 Subject: nicer error messages --- libmproxy/proxy/server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index c12bbbfa..91a12df9 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -116,7 +116,7 @@ class ConnectionHandler(object): except Kill: self.log("Connection killed", "info") except ProtocolException as e: - self.log(e, "info") + self.log(repr(e), "info") # If an error propagates to the topmost level, # we send an HTTP error response, which is both # understandable by HTTP clients and humans. -- cgit v1.2.3 From ffdf143be42490f05cb2b69cdb83e74264d6070a Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Fri, 11 Sep 2015 01:39:33 +0200 Subject: better exception handling --- libmproxy/proxy/server.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 91a12df9..c00bb815 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -3,6 +3,7 @@ from __future__ import (absolute_import, print_function, division) import traceback import sys import socket +import six from netlib import tcp from netlib.http.http1 import HTTP1Protocol @@ -39,7 +40,11 @@ class ProxyServer(tcp.TCPServer): try: super(ProxyServer, self).__init__((config.host, config.port)) except socket.error as e: - raise ServerException('Error starting proxy server: ' + repr(e), e) + six.reraise( + ServerException, + ServerException('Error starting proxy server: ' + repr(e), e), + sys.exc_info()[2] + ) self.channel = None def start_slave(self, klass, channel): @@ -117,6 +122,7 @@ class ConnectionHandler(object): self.log("Connection killed", "info") except ProtocolException as e: self.log(repr(e), "info") + self.log(traceback.format_exc(), "debug") # If an error propagates to the topmost level, # we send an HTTP error response, which is both # understandable by HTTP clients and humans. -- cgit v1.2.3 From dd414e485212e3cab612a66d5d858c1a766ace04 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Fri, 11 Sep 2015 02:17:04 +0200 Subject: better error messages, remove error cause --- libmproxy/proxy/modes/socks_proxy.py | 2 +- libmproxy/proxy/modes/transparent_proxy.py | 2 +- libmproxy/proxy/server.py | 18 ++++++++++++++---- 3 files changed, 16 insertions(+), 6 deletions(-) (limited to 'libmproxy/proxy') diff --git a/libmproxy/proxy/modes/socks_proxy.py b/libmproxy/proxy/modes/socks_proxy.py index 0efeab67..545c38d6 100644 --- a/libmproxy/proxy/modes/socks_proxy.py +++ b/libmproxy/proxy/modes/socks_proxy.py @@ -48,7 +48,7 @@ class Socks5Proxy(Layer, ServerConnectionMixin): self.client_conn.wfile.flush() except (socks.SocksError, NetLibError) as e: - raise Socks5Exception("SOCKS5 mode failure: %s" % repr(e), e) + raise Socks5Exception("SOCKS5 mode failure: %s" % repr(e)) self.server_conn.address = connect_request.addr diff --git a/libmproxy/proxy/modes/transparent_proxy.py b/libmproxy/proxy/modes/transparent_proxy.py index d99485c9..da1d4632 100644 --- a/libmproxy/proxy/modes/transparent_proxy.py +++ b/libmproxy/proxy/modes/transparent_proxy.py @@ -14,7 +14,7 @@ class TransparentProxy(Layer, ServerConnectionMixin): try: self.server_conn.address = self.resolver.original_addr(self.client_conn.connection) except Exception as e: - raise ProtocolException("Transparent mode failure: %s" % repr(e), e) + raise ProtocolException("Transparent mode failure: %s" % repr(e)) layer = self.ctx.next_layer(self) try: diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index c00bb815..88448172 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -8,7 +8,7 @@ import six from netlib import tcp from netlib.http.http1 import HTTP1Protocol from netlib.tcp import NetLibError -from ..exceptions import ProtocolException, ServerException +from ..exceptions import ProtocolException, ServerException, ClientHandshakeException from ..protocol import Kill from ..models import ClientConnection, make_error_response from .modes import HttpUpstreamProxy, HttpProxy, ReverseProxy, TransparentProxy, Socks5Proxy @@ -42,7 +42,7 @@ class ProxyServer(tcp.TCPServer): except socket.error as e: six.reraise( ServerException, - ServerException('Error starting proxy server: ' + repr(e), e), + ServerException('Error starting proxy server: ' + repr(e)), sys.exc_info()[2] ) self.channel = None @@ -121,8 +121,18 @@ class ConnectionHandler(object): except Kill: self.log("Connection killed", "info") except ProtocolException as e: - self.log(repr(e), "info") - self.log(traceback.format_exc(), "debug") + + if isinstance(e, ClientHandshakeException): + self.log( + "Client Handshake failed. " + "The client may not trust the proxy's certificate for {}.".format(e.server), + "error" + ) + self.log(repr(e), "debug") + else: + self.log(repr(e), "error") + + self.log(traceback.format_exc(), "debug") # If an error propagates to the topmost level, # we send an HTTP error response, which is both # understandable by HTTP clients and humans. -- cgit v1.2.3