def next_layer(next_layer): """ This hook does the actual magic - if the next layer is planned to be a TLS layer, we check if we want to enter pass-through mode instead. """ if isinstance(next_layer, TlsLayer) and next_layer._client_tls: server_address = next_layer.server_conn.address global tls_intercept_en if not tls_intercept_en: timestamp = '[{}] '.format(datetime.today()) mitmproxy.ctx.log( timestamp + "TLS intercept is disabled! Skipping TLS interception for %s " % str(server_address)) next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer.reply.send(next_layer_replacement) # tls_strategy.record_skipped(server_address) return #cert = next_layer._find_cert()) hostname, _ = tls_strategy.getAssociatedDomain(server_address[0]) timestamp = '[{}] '.format(datetime.today()) if hostname: mitmproxy.ctx.log(timestamp + "Deciding TLS strategy for %s mapped to %s " % (str(server_address), hostname)) else: mitmproxy.ctx.log(timestamp + "Deciding TLS strategy for %s " % str(server_address)) if not tls_strategy: mitmproxy.ctx.log( "tls_strategy is None for %s" % repr(next_layer.server_conn.address), "info") return if tls_strategy.should_intercept(server_address): # We try to intercept. # Monkey-Patch the layer to get feedback from the TLSLayer if interception worked. next_layer.__class__ = TlsFeedback else: # We don't intercept - reply with a pass-through layer and add a "skipped" entry. timestamp = '[{}] '.format(datetime.today()) if hostname: mitmproxy.ctx.log( timestamp + "TLS passthrough for %s mapped to %s" % (repr(next_layer.server_conn.address), hostname), "info") else: mitmproxy.ctx.log( timestamp + "TLS passthrough for %s" % repr(next_layer.server_conn.address), "info") next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer.reply.send(next_layer_replacement)
def next_layer(next_layer): if isinstance(next_layer, TlsLayer) and next_layer._client_tls: server_address = next_layer.server_conn.address host = server_address[0] if not host in server_address_watch: next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer.reply.send(next_layer_replacement)
def next_layer(layer): ''' mitmproxy wasn't really meant for intercepting raw tcp streams, it tries to wrap the upsteam connection (the one to the worker) in a tls stream. This hook intercepts the part where it creates the TlsLayer (it happens in root_context.py) and instead creates a RawTCPLayer. That's the layer which calls our tcp_message hook ''' if isinstance(layer, TlsLayer): replacement = RawTCPLayer(layer.ctx) layer.reply.send(replacement)
def next_layer(next_layer): """ This hook does the actual magic - if the next layer is planned to be a TLS layer, we check if we want to enter pass-through mode instead. """ if isinstance(next_layer, TlsLayer) and next_layer._client_tls: server_address = next_layer.server_conn.address assert not is_rpc_call(server_address) # We don't intercept - reply with a pass-through layer and add a "skipped" entry. next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer.reply.send(next_layer_replacement) tls_strategy.record_skipped(server_address)
def next_layer(next_layer): """ This hook does the actual magic - if the next layer is planned to be a TLS layer, we check if we want to enter pass-through mode instead. """ if isinstance(next_layer, TlsLayer) and next_layer._client_tls: server_address = next_layer.server_conn.address if tls_strategy.should_intercept(server_address): # We try to intercept. # Monkey-Patch the layer to get feedback from the TLSLayer if interception worked. next_layer.__class__ = TlsFeedback else: # We don't intercept - reply with a pass-through layer and add a "skipped" entry. mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info") next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer.reply.send(next_layer_replacement) tls_strategy.record_skipped(server_address)
def do_passthru(client_addr, server_addr, fqdns, layer): flex_port = None if is_flex_domain(client_addr, server_addr, fqdns): flex_port = passthru_flex_port(client_addr, fqdns[0]) if flex_port: if log_debug: bubble_log.debug( 'do_passthru: applying flex passthru for server=' + server_addr + ', fqdns=' + str(fqdns)) layer_replacement = BubbleFlexPassthruLayer( layer.ctx, ('127.0.0.1', flex_port), fqdns[0], 443) layer.reply.send(layer_replacement) else: if log_debug: bubble_log.debug( 'do_passthru: detected flex passthru but no flex routers available for server=' + server_addr + ', fqdns=' + str(fqdns)) if flex_port is None: layer_replacement = RawTCPLayer(layer.ctx, ignore=True) layer.reply.send(layer_replacement)