Beispiel #1
0
def test_upstream_https(tctx):
    """
    Test mitmproxy in HTTPS upstream mode with another mitmproxy instance upstream.
    In other words:

    mitmdump --mode upstream:https://localhost:8081 --ssl-insecure
    mitmdump -p 8081
    curl -x localhost:8080 -k http://example.com
    """
    tctx1 = Context(Client(("client", 1234), ("127.0.0.1", 8080), 1605699329),
                    copy.deepcopy(tctx.options))
    tctx1.options.mode = "upstream:https://example.mitmproxy.org:8081"
    tctx2 = Context(Client(("client", 4321), ("127.0.0.1", 8080), 1605699329),
                    copy.deepcopy(tctx.options))
    assert tctx2.options.mode == "regular"
    del tctx

    proxy1 = Playbook(modes.HttpProxy(tctx1), hooks=False)
    proxy2 = Playbook(modes.HttpProxy(tctx2), hooks=False)

    upstream = Placeholder(Server)
    server = Placeholder(Server)
    clienthello = Placeholder(bytes)
    serverhello = Placeholder(bytes)
    request = Placeholder(bytes)
    tls_finished = Placeholder(bytes)
    response = Placeholder(bytes)

    assert (
        proxy1 >> DataReceived(
            tctx1.client,
            b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
        << NextLayerHook(Placeholder(NextLayer)) >>
        reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.upstream)) <<
        OpenConnection(upstream) >> reply(None) << TlsStartServerHook(
            Placeholder()) >> reply_tls_start_server(alpn=b"http/1.1") <<
        SendData(upstream, clienthello))
    assert upstream().address == ("example.mitmproxy.org", 8081)
    assert upstream().sni == "example.mitmproxy.org"
    assert (proxy2 >> DataReceived(
        tctx2.client, clienthello()) << NextLayerHook(Placeholder(NextLayer))
            >> reply_next_layer(ClientTLSLayer) << TlsStartClientHook(
                Placeholder()) >> reply_tls_start_client(alpn=b"http/1.1") <<
            SendData(tctx2.client, serverhello))
    assert (proxy1 >> DataReceived(upstream, serverhello()) << SendData(
        upstream, request))
    assert (proxy2 >> DataReceived(tctx2.client, request()) << SendData(
        tctx2.client, tls_finished) << NextLayerHook(Placeholder(NextLayer)) >>
            reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.regular))
            << OpenConnection(server) >> reply(None) << SendData(
                server, b'GET / HTTP/1.1\r\nHost: example.com\r\n\r\n') >>
            DataReceived(server,
                         b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
            SendData(tctx2.client, response))
    assert server().address == ("example.com", 80)

    assert (proxy1 >> DataReceived(
        upstream,
        tls_finished() + response()) << SendData(
            tctx1.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"))
    def test_no_h2_proxy(self, tdata):
        """Do not negotiate h2 on the client<->proxy connection in secure web proxy mode,
        https://github.com/mitmproxy/mitmproxy/issues/4689"""

        ta = tlsconfig.TlsConfig()
        with taddons.context(ta) as tctx:
            tctx.configure(ta, certs=[tdata.path("mitmproxy/net/data/verificationcerts/trusted-leaf.pem")])

            ctx = context.Context(connection.Client(("client", 1234), ("127.0.0.1", 8080), 1605699329), tctx.options)
            # mock up something that looks like a secure web proxy.
            ctx.layers = [
                modes.HttpProxy(ctx),
                123
            ]
            tls_start = tls.TlsData(ctx.client, context=ctx)
            ta.tls_start_client(tls_start)
            assert tls_start.ssl_conn.get_app_data()["client_alpn"] == b"http/1.1"