def test_proxy_chain(tctx, strategy):
server = Placeholder(Server)
tctx.options.connection_strategy = strategy
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False)
playbook >> DataReceived(tctx.client,
b"CONNECT proxy:8080 HTTP/1.1\r\n\r\n")
if strategy == "eager":
playbook << OpenConnection(server)
playbook >> reply(None)
playbook << SendData(tctx.client,
b"HTTP/1.1 200 Connection established\r\n\r\n")
playbook >> DataReceived(tctx.client,
b"CONNECT second-proxy:8080 HTTP/1.1\r\n\r\n")
playbook << layer.NextLayerHook(Placeholder())
playbook >> reply_next_layer(
lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
playbook << SendData(
tctx.client, b"HTTP/1.1 502 Bad Gateway\r\n"
b"content-length: 198\r\n"
b"\r\n"
b"mitmproxy received an HTTP CONNECT request even though it is not running in regular/upstream mode. "
b"This usually indicates a misconfiguration, please see the mitmproxy mode documentation for details."
)
assert playbook
def test_https_proxy(strategy, tctx):
"""Test a CONNECT request, followed by a HTTP GET /"""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
tctx.options.connection_strategy = strategy
(playbook >> DataReceived(tctx.client,
b"CONNECT example.proxy:80 HTTP/1.1\r\n\r\n") <<
http.HttpConnectHook(Placeholder()) >> reply())
if strategy == "eager":
(playbook << OpenConnection(server) >> reply(None))
(playbook << SendData(tctx.client,
b'HTTP/1.1 200 Connection established\r\n\r\n') >>
DataReceived(tctx.client,
b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n") <<
layer.NextLayerHook(Placeholder()) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent)) <<
http.HttpRequestHeadersHook(flow) >> reply() << http.HttpRequestHook(flow)
>> reply())
if strategy == "lazy":
(playbook << OpenConnection(server) >> reply(None))
(playbook << SendData(
server, b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n") >>
DataReceived(
server, b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World!")
<< http.HttpResponseHeadersHook(flow) >> reply() <<
http.HttpResponseHook(flow) >> reply() << SendData(
tctx.client,
b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World!"))
assert playbook
def test_disconnect_while_intercept(tctx):
"""Test a server disconnect while a request is intercepted."""
tctx.options.connection_strategy = "eager"
server1 = Placeholder(Server)
server2 = Placeholder(Server)
flow = Placeholder(HTTPFlow)
assert (
Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False) >>
DataReceived(tctx.client, b"CONNECT example.com:80 HTTP/1.1\r\n\r\n")
<< http.HttpConnectHook(Placeholder(HTTPFlow)) >> reply() <<
OpenConnection(server1) >> reply(None) << SendData(
tctx.client,
b'HTTP/1.1 200 Connection established\r\n\r\n') >> DataReceived(
tctx.client, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n") <<
layer.NextLayerHook(Placeholder()) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< http.HttpRequestHook(flow) >> ConnectionClosed(server1) <<
CloseConnection(server1) >> reply(to=-3) << OpenConnection(server2) >>
reply(None) << SendData(
server2,
b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n") >> DataReceived(
server2, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"))
assert server1() != server2()
assert flow().server_conn == server2()
def test_reverse_proxy_tcp_over_tls(tctx: Context, monkeypatch, patch,
connection_strategy):
"""
Test
client --TCP-- mitmproxy --TCP over TLS-- server
reverse proxying.
"""
if patch:
monkeypatch.setattr(tls, "ServerTLSLayer", tls.MockTLSLayer)
flow = Placeholder(TCPFlow)
data = Placeholder(bytes)
tctx.options.mode = "reverse:https://localhost:8000"
tctx.options.connection_strategy = connection_strategy
playbook = Playbook(modes.ReverseProxy(tctx))
if connection_strategy == "eager":
(playbook << OpenConnection(tctx.server) >> DataReceived(
tctx.client, b"\x01\x02\x03") >> reply(
None, to=OpenConnection(tctx.server)))
else:
(playbook >> DataReceived(tctx.client, b"\x01\x02\x03"))
if patch:
(playbook << NextLayerHook(Placeholder(NextLayer)) >> reply_next_layer(
tcp.TCPLayer) << TcpStartHook(flow) >> reply())
if connection_strategy == "lazy":
(playbook << OpenConnection(tctx.server) >> reply(None))
assert (playbook << TcpMessageHook(flow) >> reply() << SendData(
tctx.server, data))
assert data() == b"\x01\x02\x03"
else:
if connection_strategy == "lazy":
(playbook << NextLayerHook(Placeholder(NextLayer)) >>
reply_next_layer(tcp.TCPLayer) << TcpStartHook(flow) >> reply() <<
OpenConnection(tctx.server) >> reply(None))
assert (playbook << TlsStartHook(Placeholder()) >> reply_tls_start() <<
SendData(tctx.server, data))
assert tls.parse_client_hello(data()).sni == b"localhost"
def test_redirect(strategy, https_server, https_client, tctx, monkeypatch):
"""Test redirects between http:// and https:// in regular proxy mode."""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
tctx.options.connection_strategy = strategy
p = Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False)
if https_server:
monkeypatch.setattr(tls, "ServerTLSLayer", tls.MockTLSLayer)
def redirect(flow: HTTPFlow):
if https_server:
flow.request.url = "https://redirected.site/"
else:
flow.request.url = "http://redirected.site/"
if https_client:
p >> DataReceived(tctx.client,
b"CONNECT example.com:80 HTTP/1.1\r\n\r\n")
if strategy == "eager":
p << OpenConnection(Placeholder())
p >> reply(None)
p << SendData(tctx.client,
b'HTTP/1.1 200 Connection established\r\n\r\n')
p >> DataReceived(tctx.client,
b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
p << layer.NextLayerHook(Placeholder())
p >> reply_next_layer(
lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
else:
p >> DataReceived(
tctx.client,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
p << http.HttpRequestHook(flow)
p >> reply(side_effect=redirect)
p << OpenConnection(server)
p >> reply(None)
p << SendData(server, b"GET / HTTP/1.1\r\nHost: redirected.site\r\n\r\n")
p >> DataReceived(
server, b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World!")
p << SendData(
tctx.client,
b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World!")
assert p
if https_server:
assert server().address == ("redirected.site", 443)
else:
assert server().address == ("redirected.site", 80)
def test_http_proxy_tcp(tctx, mode, close_first):
"""Test TCP over HTTP CONNECT."""
server = Placeholder(Server)
if mode == "upstream":
tctx.options.mode = "upstream:http://proxy:8080"
toplayer = http.HttpLayer(tctx, HTTPMode.upstream)
else:
tctx.options.mode = "regular"
toplayer = http.HttpLayer(tctx, HTTPMode.regular)
playbook = Playbook(toplayer, hooks=False)
assert (playbook >> DataReceived(
tctx.client, b"CONNECT example:443 HTTP/1.1\r\n\r\n") << SendData(
tctx.client, b"HTTP/1.1 200 Connection established\r\n\r\n") >>
DataReceived(tctx.client, b"this is not http") <<
layer.NextLayerHook(Placeholder()) >>
reply_next_layer(lambda ctx: TCPLayer(ctx, ignore=True)) <<
OpenConnection(server))
playbook >> reply(None)
if mode == "upstream":
playbook << SendData(server, b"CONNECT example:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(
server, b"HTTP/1.1 200 Connection established\r\n\r\n")
assert (playbook << SendData(server, b"this is not http") >> DataReceived(
server, b"true that") << SendData(tctx.client, b"true that"))
if mode == "regular":
assert server().address == ("example", 443)
else:
assert server().address == ("proxy", 8080)
if close_first == "client":
a, b = tctx.client, server
else:
a, b = server, tctx.client
assert (playbook >> ConnectionClosed(a) << CloseConnection(b) >>
ConnectionClosed(b) << CloseConnection(a))
def test_transparent_tcp(tctx: Context, monkeypatch, connection_strategy):
monkeypatch.setattr(platform, "original_addr", lambda sock:
("address", 22))
flow = Placeholder(TCPFlow)
tctx.options.connection_strategy = connection_strategy
sock = object()
playbook = Playbook(modes.TransparentProxy(tctx))
(playbook << GetSocket(tctx.client) >> reply(sock))
if connection_strategy == "lazy":
assert playbook
else:
assert (playbook << OpenConnection(tctx.server) >> reply(None) >>
DataReceived(tctx.server, b"hello") << NextLayerHook(
Placeholder(NextLayer)) >> reply_next_layer(tcp.TCPLayer)
<< TcpStartHook(flow) >> reply() << TcpMessageHook(flow) >>
reply() << SendData(tctx.client, b"hello"))
assert flow().messages[0].content == b"hello"
assert not flow().messages[0].from_client
assert tctx.server.address == ("address", 22)
def test_reverse_proxy(tctx, keep_host_header):
"""Test mitmproxy in reverse proxy mode.
- make sure that we connect to the right host
- make sure that we respect keep_host_header
- make sure that we include non-standard ports in the host header (#4280)
"""
server = Placeholder(Server)
tctx.options.mode = "reverse:http://localhost:8000"
tctx.options.keep_host_header = keep_host_header
assert (
Playbook(modes.ReverseProxy(tctx), hooks=False) >> DataReceived(
tctx.client, b"GET /foo HTTP/1.1\r\n"
b"Host: example.com\r\n\r\n") << NextLayerHook(
Placeholder(NextLayer)) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< OpenConnection(server) >> reply(None) << SendData(
server, b"GET /foo HTTP/1.1\r\n"
b"Host: " +
(b"example.com" if keep_host_header else b"localhost:8000") +
b"\r\n\r\n") >> DataReceived(
server, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"))
assert server().address == ("localhost", 8000)
def test_upstream_https(tctx):
"""
Test mitmproxy in HTTPS upstream mode with another mitmproxy instance upstream.
In other words:
mitmdump --mode upstream:https://localhost:8081 --ssl-insecure
mitmdump -p 8081
curl -x localhost:8080 -k http://example.com
"""
tctx1 = Context(Client(("client", 1234), ("127.0.0.1", 8080), 1605699329),
copy.deepcopy(tctx.options))
tctx1.options.mode = "upstream:https://example.mitmproxy.org:8081"
tctx2 = Context(Client(("client", 4321), ("127.0.0.1", 8080), 1605699329),
copy.deepcopy(tctx.options))
assert tctx2.options.mode == "regular"
del tctx
proxy1 = Playbook(modes.HttpProxy(tctx1), hooks=False)
proxy2 = Playbook(modes.HttpProxy(tctx2), hooks=False)
upstream = Placeholder(Server)
server = Placeholder(Server)
clienthello = Placeholder(bytes)
serverhello = Placeholder(bytes)
request = Placeholder(bytes)
tls_finished = Placeholder(bytes)
h2_client_settings_ack = Placeholder(bytes)
response = Placeholder(bytes)
h2_server_settings_ack = Placeholder(bytes)
assert (
proxy1 >> DataReceived(
tctx1.client,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< NextLayerHook(Placeholder(NextLayer)) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.upstream)) <<
OpenConnection(upstream) >> reply(None) << TlsStartHook(Placeholder())
>> reply_tls_start(alpn=b"h2") << SendData(upstream, clienthello))
assert upstream().address == ("example.mitmproxy.org", 8081)
assert (proxy2 >> DataReceived(tctx2.client, clienthello()) <<
NextLayerHook(Placeholder(NextLayer)) >>
reply_next_layer(ClientTLSLayer) << TlsStartHook(Placeholder()) >>
reply_tls_start(alpn=b"h2") << SendData(tctx2.client, serverhello))
assert (proxy1 >> DataReceived(upstream, serverhello()) << SendData(
upstream, request))
assert (proxy2 >> DataReceived(tctx2.client, request()) << SendData(
tctx2.client, tls_finished) << NextLayerHook(Placeholder(NextLayer)) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.regular))
<< SendData(tctx2.client, h2_client_settings_ack) <<
OpenConnection(server) >> reply(None) << SendData(
server, b'GET / HTTP/1.1\r\nhost: example.com\r\n\r\n') >>
DataReceived(server,
b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
CloseConnection(server) << SendData(tctx2.client, response))
assert server().address == ("example.com", 80)
assert (proxy1 >> DataReceived(
upstream,
tls_finished() + h2_client_settings_ack() + response()) << SendData(
upstream, h2_server_settings_ack) << SendData(
tctx1.client, b"HTTP/1.1 200 OK\r\ncontent-length: 0\r\n\r\n"))
def test_kill_flow(tctx, when):
"""Test that we properly kill flows if instructed to do so"""
server = Placeholder(Server)
connect_flow = Placeholder(HTTPFlow)
flow = Placeholder(HTTPFlow)
def kill(flow: HTTPFlow):
# Can't use flow.kill() here because that currently still depends on a reply object.
flow.error = Error(Error.KILLED_MESSAGE)
def assert_kill(err_hook: bool = True):
playbook >> reply(side_effect=kill)
if err_hook:
playbook << http.HttpErrorHook(flow)
playbook >> reply()
playbook << CloseConnection(tctx.client)
assert playbook
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
assert (playbook >> DataReceived(
tctx.client, b"CONNECT example.com:80 HTTP/1.1\r\n\r\n") <<
http.HttpConnectHook(connect_flow))
if when == "http_connect":
return assert_kill(False)
assert (
playbook >> reply() << SendData(
tctx.client,
b'HTTP/1.1 200 Connection established\r\n\r\n') >> DataReceived(
tctx.client,
b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n") <<
layer.NextLayerHook(Placeholder()) >>
reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< http.HttpRequestHeadersHook(flow))
if when == "requestheaders":
return assert_kill()
assert (playbook >> reply() << http.HttpRequestHook(flow))
if when == "request":
return assert_kill()
if when == "script-response-responseheaders":
assert (playbook >> reply(
side_effect=lambda f: setattr(f, "response", HTTPResponse.make()))
<< http.HttpResponseHeadersHook(flow))
return assert_kill()
assert (
playbook >> reply() << OpenConnection(server) >>
reply(None) << SendData(
server, b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n")
>> DataReceived(
server,
b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World") <<
http.HttpResponseHeadersHook(flow))
if when == "responseheaders":
return assert_kill()
if when == "response":
assert (playbook >> reply() >> DataReceived(server, b"!") <<
http.HttpResponseHook(flow))
return assert_kill(False)
elif when == "error":
assert (playbook >> reply() >> ConnectionClosed(server) <<
CloseConnection(server) << http.HttpErrorHook(flow))
return assert_kill(False)
else:
raise AssertionError
def test_upstream_proxy(tctx, redirect, scheme):
"""Test that an upstream HTTP proxy is used."""
server = Placeholder(Server)
server2 = Placeholder(Server)
flow = Placeholder(HTTPFlow)
tctx.options.mode = "upstream:http://proxy:8080"
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.upstream), hooks=False)
if scheme == "http":
assert (playbook >> DataReceived(
tctx.client,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n"
) << OpenConnection(server) >> reply(None) << SendData(
server,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n"))
else:
assert (playbook >> DataReceived(
tctx.client,
b"CONNECT example.com:443 HTTP/1.1\r\n\r\n") << SendData(
tctx.client, b"HTTP/1.1 200 Connection established\r\n\r\n") >>
DataReceived(tctx.client,
b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n") <<
layer.NextLayerHook(Placeholder()) >> reply_next_layer(
lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent)) <<
OpenConnection(server) >> reply(None) << SendData(
server, b"CONNECT example.com:443 HTTP/1.1\r\n\r\n")
>> DataReceived(
server, b"HTTP/1.1 200 Connection established\r\n\r\n") <<
SendData(server,
b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"))
playbook >> DataReceived(server,
b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
playbook << SendData(tctx.client,
b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
assert playbook
assert server().address == ("proxy", 8080)
if scheme == "http":
playbook >> DataReceived(
tctx.client,
b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n"
)
else:
playbook >> DataReceived(
tctx.client, b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n")
assert (playbook << http.HttpRequestHook(flow))
if redirect == "change-destination":
flow().request.host = "other-server"
flow().request.host_header = "example.com"
elif redirect == "change-proxy":
flow().server_conn.via = ServerSpec("http",
address=("other-proxy", 1234))
playbook >> reply()
if redirect:
# Protocol-wise we wouldn't need to open a new connection for plain http host redirects,
# but we disregard this edge case to simplify implementation.
playbook << OpenConnection(server2)
playbook >> reply(None)
else:
server2 = server
if scheme == "http":
if redirect == "change-destination":
playbook << SendData(
server2,
b"GET http://other-server/two HTTP/1.1\r\nHost: example.com\r\n\r\n"
)
else:
playbook << SendData(
server2,
b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n"
)
else:
if redirect == "change-destination":
playbook << SendData(server2,
b"CONNECT other-server:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(
server2, b"HTTP/1.1 200 Connection established\r\n\r\n")
elif redirect == "change-proxy":
playbook << SendData(server2,
b"CONNECT example.com:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(
server2, b"HTTP/1.1 200 Connection established\r\n\r\n")
playbook << SendData(
server2, b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n")
playbook >> DataReceived(server2,
b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
playbook << SendData(tctx.client,
b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
assert playbook
if redirect == "change-proxy":
assert server2().address == ("other-proxy", 1234)
else:
assert server2().address == ("proxy", 8080)
assert (playbook >> ConnectionClosed(tctx.client) << CloseConnection(
tctx.client))