From 5c7fa7a594b2179fe5a223c2d8a449f0ca4c629b Mon Sep 17 00:00:00 2001 From: iroiro123 Date: Tue, 23 Jun 2015 00:57:33 +0900 Subject: [PATCH] add unit tests for spoof mode --- test/test_proxy.py | 6 +++++ test/test_server.py | 54 +++++++++++++++++++++++++++++++++++++++++++++ test/tservers.py | 43 ++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+) diff --git a/test/test_proxy.py b/test/test_proxy.py index a618ae6cc..d1e72f75c 100644 --- a/test/test_proxy.py +++ b/test/test_proxy.py @@ -90,6 +90,12 @@ class TestProcessProxyOptions: self.assert_err("expected one argument", "-U") self.assert_err("Invalid server specification", "-U", "upstream") + self.assert_noerr("--spoof") + self.assert_noerr("--ssl-spoof") + + self.assert_noerr("--spoofed-port", "443") + self.assert_err("expected one argument", "--spoofed-port") + self.assert_err("mutually exclusive", "-R", "http://localhost", "-T") def test_client_certs(self): diff --git a/test/test_server.py b/test/test_server.py index 2ab48422b..58a4b5b5b 100644 --- a/test/test_server.py +++ b/test/test_server.py @@ -368,6 +368,60 @@ class TestReverse(tservers.ReverseProxTest, CommonMixin, TcpMixin): reverse = True +class TestSpoof(tservers.SpoofModeTest): + def test_http(self): + alist = ( + ("localhost", self.server.port), + ("127.0.0.1", self.server.port) + ) + for a in alist: + self.server.clear_log() + p = self.pathoc() + f = p.request("get:/p/304:h'Host'='%s:%s'" % a) + assert self.server.last_log() + assert f.status_code == 304 + l = self.master.state.view[-1] + assert l.server_conn.address + assert l.server_conn.address.host == a[0] + assert l.server_conn.address.port == a[1] + + def test_http_without_host(self): + p = self.pathoc() + f = p.request("get:/p/304:r") + assert f.status_code == 400 + + +class TestSSLSpoof(tservers.SSLSpoofModeTest): + def test_https(self): + alist = ( + ("localhost", self.server.port), + ("127.0.0.1", self.server.port) + ) + for a in alist: + self.server.clear_log() + self.config.mode.sslport = a[1] + p = self.pathoc(sni=a[0]) + f = p.request("get:/p/304") + assert self.server.last_log() + assert f.status_code == 304 + l = self.master.state.view[-1] + assert l.server_conn.address + assert l.server_conn.address.host == a[0] + assert l.server_conn.address.port == a[1] + + def test_https_without_sni(self): + a = ("localhost", self.server.port) + self.config.mode.sslport = a[1] + p = self.pathoc(sni=None) + #assert p.ssl_established == False + try: + f = p.request("get:/p/304") + #assert f.status_code == 400 + assert False + except tcp.NetLibSSLError as v: + assert True + + class TestHttps2Http(tservers.ReverseProxTest): @classmethod def get_proxy_config(cls): diff --git a/test/tservers.py b/test/tservers.py index dc14fb37c..c70ad68a0 100644 --- a/test/tservers.py +++ b/test/tservers.py @@ -270,6 +270,49 @@ class ReverseProxTest(ProxTestBase): return p.request(q) +class SpoofModeTest(ProxTestBase): + ssl = None + + @classmethod + def get_proxy_config(cls): + d = ProxTestBase.get_proxy_config() + d["upstream_server"] = None + d["mode"] = "spoof" + return d + + def pathoc(self, sni=None): + """ + Returns a connected Pathoc instance. + """ + p = libpathod.pathoc.Pathoc( + ("localhost", self.proxy.port), ssl=self.ssl, sni=sni, fp=None + ) + p.connect() + return p + + +class SSLSpoofModeTest(ProxTestBase): + ssl = True + + @classmethod + def get_proxy_config(cls): + d = ProxTestBase.get_proxy_config() + d["upstream_server"] = None + d["mode"] = "sslspoof" + d["spoofed_ssl_port"] = 443 + return d + + def pathoc(self, sni=None): + """ + Returns a connected Pathoc instance. + """ + p = libpathod.pathoc.Pathoc( + ("localhost", self.proxy.port), ssl=self.ssl, sni=sni, fp=None + ) + p.connect() + return p + + class ChainProxTest(ProxTestBase): """ Chain three instances of mitmproxy in a row to test upstream mode.