def test_mode_strict_w_pemfile_should_pass(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl(sni="example.mitmproxy.org", verify_options=SSL.VERIFY_PEER, ca_pemfile=tutils.test_data.path( "data/verificationcerts/trusted-root.crt")) assert c.ssl_verification_error is None testval = b"echo!\n" c.wfile.write(testval) c.wfile.flush() assert c.rfile.readline() == testval
def test_peek(self): testval = b"peek!\n" c = tcp.TCPClient(("127.0.0.1", self.port)) with self._connect(c): c.wfile.write(testval) c.wfile.flush() assert c.rfile.peek(4) == b"peek" assert c.rfile.peek(6) == b"peek!\n" assert c.rfile.readline() == testval c.close() with pytest.raises(exceptions.NetlibException): c.rfile.peek(1)
class TestAssembleResponse: c = tcp.TCPClient(("127.0.0.1", 0)) def test_simple(self): data = HTTP2StateProtocol(self.c, is_server=True).assemble_response( http.Response( http_version=b"HTTP/2.0", status_code=200, reason=b"", headers=(), content=b"", trailers=None, timestamp_start=0, timestamp_end=0, )) assert len(data) == 1 assert data[0] == bytes.fromhex("00000101050000000288") def test_with_stream_id(self): resp = http.Response( http_version=b"HTTP/2.0", status_code=200, reason=b"", headers=(), content=b"", trailers=None, timestamp_start=0, timestamp_end=0, ) resp.stream_id = 0x42 data = HTTP2StateProtocol(self.c, is_server=True).assemble_response(resp) assert len(data) == 1 assert data[0] == bytes.fromhex("00000101050000004288") def test_with_body(self): data = HTTP2StateProtocol(self.c, is_server=True).assemble_response( http.Response( http_version=b"HTTP/2.0", status_code=200, reason=b'', headers=http.Headers(foo=b"bar"), content=b'foobar', trailers=None, timestamp_start=0, timestamp_end=0, )) assert len(data) == 2 assert data[0] == bytes.fromhex("00000901040000000288408294e7838c767f") assert data[1] == bytes.fromhex("000006000100000002666f6f626172")
def test_mode_strict_w_cadir_should_pass(self, tdata): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_tls( sni="example.mitmproxy.org", verify=SSL.VERIFY_PEER, ca_path=tdata.path("mitmproxy/net/data/verificationcerts/")) assert c.ssl_verification_error is None testval = b"echo!\n" c.wfile.write(testval) c.wfile.flush() assert c.rfile.readline() == testval
def test_read_empty_response(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl() protocol = HTTP2StateProtocol(c) protocol.connection_preface_performed = True resp = protocol.read_response(NotImplemented, stream_id=42) assert resp.stream_id == 42 assert resp.http_version == "HTTP/2.0" assert resp.status_code == 200 assert resp.reason == '' assert resp.headers.fields == ((b':status', b'200'), (b'etag', b'foobar')) assert resp.content == b''
def test_mode_strict_should_fail(self, tdata): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): with pytest.raises(exceptions.InvalidCertificateException): c.convert_to_tls( sni="example.mitmproxy.org", verify=SSL.VERIFY_PEER, ca_pemfile=cdata.path( "data/verificationcerts/trusted-root.crt")) assert c.ssl_verification_error # Unknown issuing certificate authority for first certificate assert "errno: 18" in str(c.ssl_verification_error) assert "depth: 0" in str(c.ssl_verification_error)
def test_read_request(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl() protocol = HTTP2StateProtocol(c, is_server=True) protocol.connection_preface_performed = True req = protocol.read_request(NotImplemented) assert req.stream_id assert req.headers.fields == () assert req.method == "GET" assert req.path == "/" assert req.scheme == "https" assert req.content == b'foobar'
def test_peek(self): testval = b"peek!\n" c = tcp.TCPClient(("127.0.0.1", self.port)) with self._connect(c): c.wfile.write(testval) c.wfile.flush() assert c.rfile.peek(4) == b"peek" assert c.rfile.peek(6) == b"peek!\n" assert c.rfile.readline() == testval c.close() with tutils.raises(exceptions.NetlibException): if c.rfile.peek(1) == b"": # Workaround for Python 2 on Unix: # Peeking a closed connection does not raise an exception here. raise exceptions.NetlibException()
def _setup_connection(self): client = tcp.TCPClient(("127.0.0.1", self.proxy.port)) client.connect() request = http.Request( "authority", "CONNECT", "", "127.0.0.1", self.server.server.address[1], "", "HTTP/1.1", content=b'') client.wfile.write(http.http1.assemble_request(request)) client.wfile.flush() response = http.http1.read_response(client.rfile, request) if self.ssl: client.convert_to_ssl() assert client.ssl_established request = http.Request( "relative", "GET", "http", "127.0.0.1", self.server.server.address[1], "/ws", "HTTP/1.1", headers=http.Headers( connection="upgrade", upgrade="websocket", sec_websocket_version="13", sec_websocket_key="1234", ), content=b'') client.wfile.write(http.http1.assemble_request(request)) client.wfile.flush() response = http.http1.read_response(client.rfile, request) assert websockets.check_handshake(response.headers) return client
def setup_connection(self, extension=False): self.client = tcp.TCPClient(("127.0.0.1", self.proxy.port)) self.client.connect() request = http.Request( "authority", "CONNECT", "", "127.0.0.1", self.server.server.address[1], "", "HTTP/1.1", content=b'') self.client.wfile.write(http.http1.assemble_request(request)) self.client.wfile.flush() response = http.http1.read_response(self.client.rfile, request) if self.ssl: self.client.convert_to_tls() assert self.client.tls_established request = http.Request( "relative", "GET", "http", "127.0.0.1", self.server.server.address[1], "/ws", "HTTP/1.1", headers=http.Headers( connection="upgrade", upgrade="websocket", sec_websocket_version="13", sec_websocket_key="1234", sec_websocket_extensions="permessage-deflate" if extension else "" ), content=b'') self.client.wfile.write(http.http1.assemble_request(request)) self.client.wfile.flush() response = http.http1.read_response(self.client.rfile, request) assert websockets.check_handshake(response.headers)
def test_apply_settings(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl() protocol = HTTP2StateProtocol(c) protocol._apply_settings({ hyperframe.frame.SettingsFrame.ENABLE_PUSH: 'foo', hyperframe.frame.SettingsFrame.MAX_CONCURRENT_STREAMS: 'bar', hyperframe.frame.SettingsFrame.INITIAL_WINDOW_SIZE: 'deadbeef', }) assert c.rfile.safe_read(2) == b"OK" assert protocol.http2_settings[ hyperframe.frame.SettingsFrame.ENABLE_PUSH] == 'foo' assert protocol.http2_settings[ hyperframe.frame.SettingsFrame.MAX_CONCURRENT_STREAMS] == 'bar' assert protocol.http2_settings[ hyperframe.frame.SettingsFrame.INITIAL_WINDOW_SIZE] == 'deadbeef'
def test_log(self, tmpdir): testval = b"echo!\n" _logfun = tcp.log_ssl_key logfile = str(tmpdir.join("foo", "bar", "logfile")) tcp.log_ssl_key = tcp.SSLKeyLogger(logfile) c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl() c.wfile.write(testval) c.wfile.flush() assert c.rfile.readline() == testval c.finish() tcp.log_ssl_key.close() with open(logfile, "rb") as f: assert f.read().count(b"CLIENT_RANDOM") == 2 tcp.log_ssl_key = _logfun
class TestCreateBody: c = tcp.TCPClient(("127.0.0.1", 0)) def test_create_body_empty(self): protocol = HTTP2StateProtocol(self.c) bytes = protocol._create_body(b'', 1) assert b''.join(bytes) == b'' def test_create_body_single_frame(self): protocol = HTTP2StateProtocol(self.c) data = protocol._create_body(b'foobar', 1) assert b''.join(data) == bytes.fromhex("000006000100000001666f6f626172") def test_create_body_multiple_frames(self): protocol = HTTP2StateProtocol(self.c) protocol.http2_settings[hyperframe.frame.SettingsFrame.MAX_FRAME_SIZE] = 5 data = protocol._create_body(b'foobarmehm42', 1) assert len(data) == 3 assert data[0] == bytes.fromhex("000005000000000001666f6f6261") assert data[1] == bytes.fromhex("000005000000000001726d65686d") assert data[2] == bytes.fromhex("0000020001000000013432")
class TestCreateBody: c = tcp.TCPClient(("127.0.0.1", 0)) def test_create_body_empty(self): protocol = HTTP2StateProtocol(self.c) bytes = protocol._create_body(b'', 1) assert b''.join(bytes) == b'' def test_create_body_single_frame(self): protocol = HTTP2StateProtocol(self.c) bytes = protocol._create_body(b'foobar', 1) assert b''.join(bytes) == codecs.decode('000006000100000001666f6f626172', 'hex_codec') def test_create_body_multiple_frames(self): protocol = HTTP2StateProtocol(self.c) protocol.http2_settings[hyperframe.frame.SettingsFrame.MAX_FRAME_SIZE] = 5 bytes = protocol._create_body(b'foobarmehm42', 1) assert len(bytes) == 3 assert bytes[0] == codecs.decode('000005000000000001666f6f6261', 'hex_codec') assert bytes[1] == codecs.decode('000005000000000001726d65686d', 'hex_codec') assert bytes[2] == codecs.decode('0000020001000000013432', 'hex_codec')
def setup_connection(self, extension=False): self.client = tcp.TCPClient(("127.0.0.1", self.proxy.port)) self.client.connect() request = make_connect_request(("127.0.0.1", self.server.server.address[1])) self.client.wfile.write(http.http1.assemble_request(request)) self.client.wfile.flush() response = http.http1.read_response(self.client.rfile, request) if self.ssl: self.client.convert_to_tls() assert self.client.tls_established request = http.Request( host="127.0.0.1", port=self.server.server.address[1], method=b"GET", scheme=b"http", authority=b"", path=b"/ws", http_version=b"HTTP/1.1", headers=http.Headers( connection="upgrade", upgrade="websocket", sec_websocket_version="13", sec_websocket_key="1234", sec_websocket_extensions="permessage-deflate" if extension else "" ), content=b'', trailers=None, timestamp_start=0, timestamp_end=0, ) self.client.wfile.write(http.http1.assemble_request(request)) self.client.wfile.flush() response = http.http1.read_response(self.client.rfile, request) assert websocket_utils.check_handshake(response.headers)
class TestAssembleResponse: c = tcp.TCPClient(("127.0.0.1", 0)) def test_simple(self): bytes = HTTP2StateProtocol(self.c, is_server=True).assemble_response(http.Response( b"HTTP/2.0", 200, )) assert len(bytes) == 1 assert bytes[0] ==\ codecs.decode('00000101050000000288', 'hex_codec') def test_with_stream_id(self): resp = http.Response( b"HTTP/2.0", 200, ) resp.stream_id = 0x42 bytes = HTTP2StateProtocol(self.c, is_server=True).assemble_response(resp) assert len(bytes) == 1 assert bytes[0] ==\ codecs.decode('00000101050000004288', 'hex_codec') def test_with_body(self): bytes = HTTP2StateProtocol(self.c, is_server=True).assemble_response(http.Response( b"HTTP/2.0", 200, b'', http.Headers(foo=b"bar"), b'foobar' )) assert len(bytes) == 2 assert bytes[0] ==\ codecs.decode('00000901040000000288408294e7838c767f', 'hex_codec') assert bytes[1] ==\ codecs.decode('000006000100000002666f6f626172', 'hex_codec')
def test_dhparams(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_tls(method=SSL.TLSv1_2_METHOD) ret = c.get_current_cipher() assert ret[0] == "DHE-RSA-AES256-SHA"
def test_no_ssl_no_alpn(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): assert c.get_alpn_proto_negotiated() == b"" assert c.rfile.readline().strip() == b"NONE"
def test_timeout(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): time.sleep(0.3) assert self.last_handler.timeout
def test_echo(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): with pytest.raises(Exception, match="cipher specification"): c.convert_to_tls(sni="foo.com", cipher_list="bogus")
def test_echo(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): with pytest.raises(Exception, match="handshake error"): c.convert_to_tls(sni="foo.com")
def test_idn(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_tls(sni="mitmproxyäöüß.example.com") assert c.tls_established assert "doesn't match" not in str(c.ssl_verification_error)
def test_clientcert_err(self, tdata): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): with pytest.raises(exceptions.TlsException): c.convert_to_tls(cert=cdata.path("data/clientcert/make"))
def test_clientcert(self, tdata): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_tls(cert=cdata.path("data/clientcert/client.pem")) assert c.rfile.readline().strip() == b"1"
def test_spoof_address(self): c = tcp.TCPClient(("127.0.0.1", self.port), spoof_source_address=("127.0.0.1", 0)) with pytest.raises(exceptions.TcpException, match="Failed to spoof"): c.connect()
def test_conerr(self): c = tcp.TCPClient(("127.0.0.1", 0)) with pytest.raises(exceptions.TcpException, match="Error connecting"): c.connect()
def test_timeout(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.create_connection(timeout=20) as conn: assert conn.gettimeout() == 20
def test_echo(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_tls(sni="foo.com") assert c.sni == "foo.com" assert c.rfile.readline() == b"foo.com"
def test_invalid_connect(self): t = tcp.TCPClient(("127.0.0.1", self.proxy.port)) with t.connect(): t.wfile.write(b"CONNECT invalid\n\n") t.wfile.flush() assert b"Bad Request" in t.rfile.readline()
def test_failure(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): with pytest.raises(exceptions.TlsException): c.convert_to_tls(sni="foo.com")