def test_parse_client_hello(): assert tls.parse_client_hello( client_hello_with_extensions).sni == "example.com" assert tls.parse_client_hello(client_hello_with_extensions[:50]) is None with pytest.raises(ValueError): tls.parse_client_hello(client_hello_with_extensions[:183] + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00')
def test_fuzz_h2_request_chunks(i, data): try: ch = parse_client_hello(client_hello_with_extensions[:i] + data) except ValueError: pass else: assert ch is None or isinstance(ch, ClientHello)
def ignore_connection(self, server_address: Optional[context.Address], data_client: bytes) -> Optional[bool]: """ Returns: True, if the connection should be ignored. False, if it should not be ignored. None, if we need to wait for more input data. """ if not ctx.options.ignore_hosts and not ctx.options.allow_hosts: return False hostnames: List[str] = [] if server_address is not None: hostnames.append(server_address[0]) if is_tls_record_magic(data_client): try: ch = parse_client_hello(data_client) if ch is None: # not complete yet return None sni = ch.sni except ValueError: pass else: if sni: hostnames.append(sni) if not hostnames: return False print("hostnames to check:", hostnames) print("ignore hosts options:", ctx.options.ignore_hosts) print("allow hosts options:", ctx.options.allow_hosts) if ctx.options.ignore_hosts: res = any( re.search(rex, host, re.IGNORECASE) for host in hostnames for rex in ctx.options.ignore_hosts) print("ignore hosts result (True means ignore):", res) return res elif ctx.options.allow_hosts: res = not any( re.search(rex, host, re.IGNORECASE) for host in hostnames for rex in ctx.options.allow_hosts) print("allow hosts result (True means ignore):", res) return res else: # pragma: no cover raise AssertionError()
def test_reverse_proxy_tcp_over_tls(tctx: Context, monkeypatch, patch, connection_strategy): """ Test client --TCP-- mitmproxy --TCP over TLS-- server reverse proxying. """ if patch: monkeypatch.setattr(tls, "ServerTLSLayer", tls.MockTLSLayer) flow = Placeholder(TCPFlow) data = Placeholder(bytes) tctx.options.mode = "reverse:https://localhost:8000" tctx.options.connection_strategy = connection_strategy playbook = Playbook(modes.ReverseProxy(tctx)) if connection_strategy == "eager": (playbook << OpenConnection(tctx.server) >> DataReceived( tctx.client, b"\x01\x02\x03") >> reply( None, to=OpenConnection(tctx.server))) else: (playbook >> DataReceived(tctx.client, b"\x01\x02\x03")) if patch: (playbook << NextLayerHook(Placeholder(NextLayer)) >> reply_next_layer( tcp.TCPLayer) << TcpStartHook(flow) >> reply()) if connection_strategy == "lazy": (playbook << OpenConnection(tctx.server) >> reply(None)) assert (playbook << TcpMessageHook(flow) >> reply() << SendData( tctx.server, data)) assert data() == b"\x01\x02\x03" else: if connection_strategy == "lazy": (playbook << NextLayerHook(Placeholder(NextLayer)) >> reply_next_layer(tcp.TCPLayer) << TcpStartHook(flow) >> reply() << OpenConnection(tctx.server) >> reply(None)) assert (playbook << TlsStartHook(Placeholder()) >> reply_tls_start() << SendData(tctx.server, data)) assert tls.parse_client_hello(data()).sni == "localhost"