add inline script example for websocket passthrough, fix #340

2014-12-01 03:04:48 +01:00 · 2014-12-01 03:04:48 +01:00 · 5b1fefee9b
parent 992536c2bc
commit 5b1fefee9b
2 changed files with 33 additions and 0 deletions
--- a/examples/ignore_websocket.py
+++ b/examples/ignore_websocket.py
@ -0,0 +1,27 @@
+# This script makes mitmproxy switch to passthrough mode for all HTTP
+# responses with "Connection: Upgrade" header. This is useful to make
+# WebSockets work in untrusted environments.
+#
+# Note: Chrome (and possibly other browsers), when explicitly configured
+# to use a proxy (i.e. mitmproxy's regular mode), send a CONNECT request
+# to the proxy before they initiate the websocket connection.
+# To make WebSockets work in these cases, supply
+# `--ignore :80$` as an additional parameter.
+# (see http://mitmproxy.org/doc/features/passthrough.html)
+
+from libmproxy.protocol.http import HTTPRequest
+from libmproxy.protocol.tcp import TCPHandler
+from libmproxy.protocol import KILL
+from libmproxy.script import concurrent
+
+HTTPRequest._headers_to_strip_off.remove("Connection")
+HTTPRequest._headers_to_strip_off.remove("Upgrade")
+
+@concurrent
+def response(context, flow):
+	if flow.response.headers.get_first("Connection", None) == "Upgrade":
+		# We need to send the response manually now...
+		flow.client_conn.send(flow.response.assemble())
+		# ...and then delegate to tcp passthrough.
+		TCPHandler(flow.live.c, log=False).handle_messages()
+		flow.reply(KILL)
--- a/libmproxy/protocol/http.py
+++ b/libmproxy/protocol/http.py
@ -1401,6 +1401,12 @@ class HTTPHandler(ProtocolHandler):

            # In practice, nobody issues a CONNECT request to send unencrypted HTTP requests afterwards.
            # If we don't delegate to TCP mode, we should always negotiate a SSL connection.
+            #
+            # FIXME:
+            # Turns out the previous statement isn't entirely true. Chrome on Windows CONNECTs to :80
+            # if an explicit proxy is configured and a websocket connection should be established.
+            # We don't support websocket at the moment, so it fails anyway, but we should come up with
+            # a better solution to this if we start to support WebSockets.
            should_establish_ssl = (
                address.port in self.c.config.ssl_ports
                or