Merge pull request #4531 from mhils/selfconnect

Detect recursive self-connects and stop them
2021-03-30 09:39:27 +02:00 · 2021-03-30 09:39:27 +02:00 · 338cd0b00a
parent 9baaf9dfdb 945e4e3ef5
commit 338cd0b00a
3 changed files with 30 additions and 5 deletions
--- a/mitmproxy/addons/proxyserver.py
+++ b/mitmproxy/addons/proxyserver.py
@ -4,7 +4,7 @@ from typing import Dict, Optional, Tuple

 from mitmproxy import command, controller, ctx, flow, http, log, master, options, platform, tcp, websocket
 from mitmproxy.flow import Error, Flow
-from mitmproxy.proxy import commands, events
+from mitmproxy.proxy import commands, events, server_hooks
 from mitmproxy.proxy import server
 from mitmproxy.proxy.layers.tcp import TcpMessageInjected
 from mitmproxy.proxy.layers.websocket import WebSocketMessageInjected
@ -180,3 +180,13 @@ class Proxyserver:
            self.inject_event(event)
        except ValueError as e:
            ctx.log.warn(str(e))
+
+    def server_connect(self, ctx: server_hooks.ServerConnectionHookData):
+        assert ctx.server.address
+        self_connect = (
+            ctx.server.address[1] == self.options.listen_port
+            and
+            ctx.server.address[0] in ("localhost", "127.0.0.1", "::1", self.options.listen_host)
+        )
+        if self_connect:
+            ctx.server.error = "Stopped mitmproxy from recursively connecting to itself."
--- a/mitmproxy/proxy/server.py
+++ b/mitmproxy/proxy/server.py
@ -142,9 +142,9 @@ class ConnectionHandler(metaclass=abc.ABCMeta):
            server=command.connection
        )
        await self.handle_hook(server_hooks.ServerConnectHook(hook_data))
-        if command.connection.error:
-            self.log(f"server connection to {human.format_address(command.connection.address)} killed before connect.")
-            self.server_event(events.OpenConnectionCompleted(command, "Connection killed."))
+        if err := command.connection.error:
+            self.log(f"server connection to {human.format_address(command.connection.address)} killed before connect: {err}")
+            self.server_event(events.OpenConnectionCompleted(command, f"Connection killed: {err}"))
            return

        async with self.max_conns[command.connection.address]:
--- a/test/mitmproxy/addons/test_proxyserver.py
+++ b/test/mitmproxy/addons/test_proxyserver.py
@ -5,9 +5,10 @@ import pytest

 from mitmproxy.addons.proxyserver import Proxyserver
 from mitmproxy.proxy.layers.http import HTTPMode
-from mitmproxy.proxy import layers
+from mitmproxy.proxy import layers, server_hooks
 from mitmproxy.connection import Address
 from mitmproxy.test import taddons, tflow
+from mitmproxy.test.tflow import tclient_conn, tserver_conn


 class HelperAddon:
@ -160,3 +161,17 @@ async def test_warn_no_nextlayer():
        await tctx.master.await_log("Proxy server listening at", level="info")
        assert tctx.master.has_log("Warning: Running proxyserver without nextlayer addon!", level="warn")
        await ps.shutdown_server()
+
+
+def test_self_connect():
+    server = tserver_conn()
+    client = tclient_conn()
+    server.address = ("localhost", 8080)
+    ps = Proxyserver()
+    with taddons.context(ps) as tctx:
+        # not calling .running() here to avoid unnecessary socket
+        ps.options = tctx.options
+        ps.server_connect(
+            server_hooks.ServerConnectionHookData(server, client)
+        )
+        assert server.error == "Stopped mitmproxy from recursively connecting to itself."