def next_layer(next_layer):
"""
This hook does the actual magic - if the next layer is planned to be a TLS layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
global tls_intercept_en
if not tls_intercept_en:
timestamp = '[{}] '.format(datetime.today())
mitmproxy.ctx.log(
timestamp +
"TLS intercept is disabled! Skipping TLS interception for %s "
% str(server_address))
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
# tls_strategy.record_skipped(server_address)
return
#cert = next_layer._find_cert())
hostname, _ = tls_strategy.getAssociatedDomain(server_address[0])
timestamp = '[{}] '.format(datetime.today())
if hostname:
mitmproxy.ctx.log(timestamp +
"Deciding TLS strategy for %s mapped to %s " %
(str(server_address), hostname))
else:
mitmproxy.ctx.log(timestamp + "Deciding TLS strategy for %s " %
str(server_address))
if not tls_strategy:
mitmproxy.ctx.log(
"tls_strategy is None for %s" %
repr(next_layer.server_conn.address), "info")
return
if tls_strategy.should_intercept(server_address):
# We try to intercept.
# Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.
next_layer.__class__ = TlsFeedback
else:
# We don't intercept - reply with a pass-through layer and add a "skipped" entry.
timestamp = '[{}] '.format(datetime.today())
if hostname:
mitmproxy.ctx.log(
timestamp + "TLS passthrough for %s mapped to %s" %
(repr(next_layer.server_conn.address), hostname), "info")
else:
mitmproxy.ctx.log(
timestamp + "TLS passthrough for %s" %
repr(next_layer.server_conn.address), "info")
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
def next_layer(next_layer):
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
host = server_address[0]
if not host in server_address_watch:
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
def next_layer(layer):
'''
mitmproxy wasn't really meant for intercepting raw tcp streams, it tries to wrap the
upsteam connection (the one to the worker) in a tls stream. This hook intercepts the
part where it creates the TlsLayer (it happens in root_context.py) and instead creates
a RawTCPLayer. That's the layer which calls our tcp_message hook
'''
if isinstance(layer, TlsLayer):
replacement = RawTCPLayer(layer.ctx)
layer.reply.send(replacement)
def next_layer(next_layer):
"""
This hook does the actual magic - if the next layer is planned to be a TLS layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
assert not is_rpc_call(server_address)
# We don't intercept - reply with a pass-through layer and add a "skipped" entry.
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
tls_strategy.record_skipped(server_address)
def next_layer(next_layer):
"""
This hook does the actual magic - if the next layer is planned to be a TLS layer,
we check if we want to enter pass-through mode instead.
"""
if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
server_address = next_layer.server_conn.address
if tls_strategy.should_intercept(server_address):
# We try to intercept.
# Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.
next_layer.__class__ = TlsFeedback
else:
# We don't intercept - reply with a pass-through layer and add a "skipped" entry.
mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info")
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement)
tls_strategy.record_skipped(server_address)
def do_passthru(client_addr, server_addr, fqdns, layer):
flex_port = None
if is_flex_domain(client_addr, server_addr, fqdns):
flex_port = passthru_flex_port(client_addr, fqdns[0])
if flex_port:
if log_debug:
bubble_log.debug(
'do_passthru: applying flex passthru for server=' +
server_addr + ', fqdns=' + str(fqdns))
layer_replacement = BubbleFlexPassthruLayer(
layer.ctx, ('127.0.0.1', flex_port), fqdns[0], 443)
layer.reply.send(layer_replacement)
else:
if log_debug:
bubble_log.debug(
'do_passthru: detected flex passthru but no flex routers available for server='
+ server_addr + ', fqdns=' + str(fqdns))
if flex_port is None:
layer_replacement = RawTCPLayer(layer.ctx, ignore=True)
layer.reply.send(layer_replacement)
