def test_parse_client_hello():
assert tls.parse_client_hello(
client_hello_with_extensions).sni == "example.com"
assert tls.parse_client_hello(client_hello_with_extensions[:50]) is None
with pytest.raises(ValueError):
tls.parse_client_hello(client_hello_with_extensions[:183] +
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00')
def test_fuzz_h2_request_chunks(i, data):
try:
ch = parse_client_hello(client_hello_with_extensions[:i] + data)
except ValueError:
pass
else:
assert ch is None or isinstance(ch, ClientHello)
def ignore_connection(self, server_address: Optional[context.Address],
data_client: bytes) -> Optional[bool]:
"""
Returns:
True, if the connection should be ignored.
False, if it should not be ignored.
None, if we need to wait for more input data.
"""
if not ctx.options.ignore_hosts and not ctx.options.allow_hosts:
return False
hostnames: List[str] = []
if server_address is not None:
hostnames.append(server_address[0])
if is_tls_record_magic(data_client):
try:
ch = parse_client_hello(data_client)
if ch is None: # not complete yet
return None
sni = ch.sni
except ValueError:
pass
else:
if sni:
hostnames.append(sni)
if not hostnames:
return False
print("hostnames to check:", hostnames)
print("ignore hosts options:", ctx.options.ignore_hosts)
print("allow hosts options:", ctx.options.allow_hosts)
if ctx.options.ignore_hosts:
res = any(
re.search(rex, host, re.IGNORECASE) for host in hostnames
for rex in ctx.options.ignore_hosts)
print("ignore hosts result (True means ignore):", res)
return res
elif ctx.options.allow_hosts:
res = not any(
re.search(rex, host, re.IGNORECASE) for host in hostnames
for rex in ctx.options.allow_hosts)
print("allow hosts result (True means ignore):", res)
return res
else: # pragma: no cover
raise AssertionError()
def test_reverse_proxy_tcp_over_tls(tctx: Context, monkeypatch, patch,
connection_strategy):
"""
Test
client --TCP-- mitmproxy --TCP over TLS-- server
reverse proxying.
"""
if patch:
monkeypatch.setattr(tls, "ServerTLSLayer", tls.MockTLSLayer)
flow = Placeholder(TCPFlow)
data = Placeholder(bytes)
tctx.options.mode = "reverse:https://localhost:8000"
tctx.options.connection_strategy = connection_strategy
playbook = Playbook(modes.ReverseProxy(tctx))
if connection_strategy == "eager":
(playbook << OpenConnection(tctx.server) >> DataReceived(
tctx.client, b"\x01\x02\x03") >> reply(
None, to=OpenConnection(tctx.server)))
else:
(playbook >> DataReceived(tctx.client, b"\x01\x02\x03"))
if patch:
(playbook << NextLayerHook(Placeholder(NextLayer)) >> reply_next_layer(
tcp.TCPLayer) << TcpStartHook(flow) >> reply())
if connection_strategy == "lazy":
(playbook << OpenConnection(tctx.server) >> reply(None))
assert (playbook << TcpMessageHook(flow) >> reply() << SendData(
tctx.server, data))
assert data() == b"\x01\x02\x03"
else:
if connection_strategy == "lazy":
(playbook << NextLayerHook(Placeholder(NextLayer)) >>
reply_next_layer(tcp.TCPLayer) << TcpStartHook(flow) >> reply() <<
OpenConnection(tctx.server) >> reply(None))
assert (playbook << TlsStartHook(Placeholder()) >> reply_tls_start() <<
SendData(tctx.server, data))
assert tls.parse_client_hello(data()).sni == "localhost"
