minor cleanups (#4530)
This commit is contained in:
parent
de3f089bb0
commit
9baaf9dfdb
|
@ -26,10 +26,9 @@ Mitmproxy has a completely new proxy core, fixing many longstanding issues:
|
|||
|
||||
We wanted to bring these improvements out, so we have a few temporary regressions:
|
||||
|
||||
* HTTP trailers were added in mitmproxy 5.2, but have not made it into the new core yet.
|
||||
* Support for HTTP/2 Push Promises has been dropped.
|
||||
* Message Injection for WebSocket and TCP connections is not implemented yet.
|
||||
* SOCKS/5 Proxy Mode is not implemented yet.
|
||||
* body_size_limit is currently unsupported.
|
||||
* upstream_auth is currently unsupported.
|
||||
|
||||
If you depend on these features, please raise your voice in
|
||||
[#4348](https://github.com/mitmproxy/mitmproxy/issues/4348)!
|
||||
|
|
|
@ -24,7 +24,7 @@ menu:
|
|||
## Anticache
|
||||
|
||||
When the `anticache` option is set, it removes headers (`if-none-match` and
|
||||
`if-modified-since`) that might elicit a `304 not modified` response from the
|
||||
`if-modified-since`) that might elicit a `304 Not Modified` response from the
|
||||
server. This is useful when you want to make sure you capture an HTTP exchange
|
||||
in its totality. It's also often used during client-side replay, when you want
|
||||
to make sure the server responds with complete data.
|
||||
|
@ -88,7 +88,7 @@ and transparently returned to the client.
|
|||
* **flow-filter** is an optional mitmproxy [filter expression]({{< relref "concepts-filters">}})
|
||||
that additionally constrains which requests will be redirected.
|
||||
|
||||
### Examples
|
||||
#### Examples
|
||||
|
||||
Pattern | Description
|
||||
------- | -----------
|
||||
|
@ -164,7 +164,7 @@ that defines which requests the `map_remote` option applies to.
|
|||
|
||||
The _separator_ is arbitrary, and is defined by the first character.
|
||||
|
||||
### Examples
|
||||
#### Examples
|
||||
|
||||
Map all requests ending with `.jpg` to `https://placedog.net/640/480?random`.
|
||||
Note that this might fail if the original HTTP request destination uses HTTP2 but the replaced
|
||||
|
@ -210,7 +210,7 @@ whether the hook triggers on the request, response or both using the
|
|||
filter pattern. If you need finer-grained control than this, it's simple
|
||||
to create a script using the replacement API on Flow components.
|
||||
|
||||
### Examples
|
||||
#### Examples
|
||||
|
||||
Replace `foo` with `bar` in bodies of requests:
|
||||
|
||||
|
@ -258,7 +258,7 @@ whether the hook triggers on the request, response or both using the
|
|||
filter pattern. If you need finer-grained control than this, it's simple
|
||||
to create a script using the replacement API on Flow components.
|
||||
|
||||
### Examples
|
||||
#### Examples
|
||||
|
||||
Set the `Host` header to `example.org` for all requests (existing `Host`
|
||||
headers are replaced):
|
||||
|
@ -289,7 +289,7 @@ Remove existing `Host` headers from all requests:
|
|||
|
||||
## Proxy Authentication
|
||||
|
||||
Asks the user for authentication before they are permitted to use the proxy.
|
||||
The `proxyauth` option asks the user for authentication before they are permitted to use the proxy.
|
||||
Authentication headers are stripped from the flows, so they are not passed to
|
||||
upstream servers. For now, only HTTP Basic Authentication is supported.
|
||||
|
||||
|
@ -329,18 +329,6 @@ updated in a similar way.
|
|||
You can turn off this behaviour by setting the `server_replay_refresh` option to
|
||||
`false`.
|
||||
|
||||
### Replaying a session recorded in Reverse-proxy Mode
|
||||
|
||||
If you have captured the session in reverse proxy mode, in order to replay it
|
||||
you still have to specify the server URL, otherwise you may get the error: 'HTTP
|
||||
protocol error in client request: Invalid HTTP request form (expected authority
|
||||
or absolute...)'.
|
||||
|
||||
During replay, when the client's requests match previously recorded requests,
|
||||
then the respective recorded responses are simply replayed by mitmproxy.
|
||||
Otherwise, the unmatched requests is forwarded to the upstream server. If
|
||||
forwarding is not desired, you can use the --kill (-k) switch to prevent that.
|
||||
|
||||
## Sticky auth
|
||||
|
||||
The `stickyauth` option is analogous to the sticky cookie option, in that HTTP
|
||||
|
@ -386,29 +374,3 @@ streamed. Requests/Responses that should be tagged for streaming by setting
|
|||
their ``.stream`` attribute to ``True``:
|
||||
|
||||
{{< example src="examples/addons/http-stream-simple.py" lang="py" >}}
|
||||
|
||||
### Websockets
|
||||
|
||||
The `stream_websockets` option enables an analogous behaviour for websockets.
|
||||
When WebSocket streaming is enabled, portions of the code which may perform
|
||||
changes to the WebSocket message payloads will not have any effect on the actual
|
||||
payload sent to the server as the frames are immediately forwarded to the
|
||||
server. In contrast to HTTP streaming, where the body is not stored, the message
|
||||
payload will still be stored in the WebSocket flow.
|
||||
|
||||
## Upstream Certificates
|
||||
|
||||
When mitmproxy receives a connection destined for an SSL-protected service, it
|
||||
freezes the connection before reading its request data, and makes a connection
|
||||
to the upstream server to "sniff" the contents of its SSL certificate. The
|
||||
information gained - the **Common Name** and **Subject Alternative Names** - is
|
||||
then used to generate the interception certificate, which is sent to the client
|
||||
so the connection can continue.
|
||||
|
||||
This rather intricate little dance lets us seamlessly generate correct
|
||||
certificates even if the client has specified only an IP address rather than the
|
||||
hostname. It also means that we don't need to sniff additional data to generate
|
||||
certs in transparent mode.
|
||||
|
||||
Upstream cert sniffing is on by default, and can optionally be turned off with
|
||||
the `upstream_cert` option.
|
||||
|
|
|
@ -7,16 +7,15 @@ class Block:
|
|||
loader.add_option(
|
||||
"block_global", bool, True,
|
||||
"""
|
||||
Block connections from globally reachable networks, as defined in
|
||||
the IANA special purpose registries.
|
||||
Block connections from public IP addresses.
|
||||
"""
|
||||
)
|
||||
loader.add_option(
|
||||
"block_private", bool, False,
|
||||
"""
|
||||
Block connections from private networks, as defined in the IANA
|
||||
special purpose registries. This option does not affect loopback
|
||||
addresses.
|
||||
Block connections from local (private) IP addresses.
|
||||
This option does not affect loopback addresses (connections from the local machine),
|
||||
which are always permitted.
|
||||
"""
|
||||
)
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ class BlockList:
|
|||
"""
|
||||
Block matching requests and return an empty response with the specified HTTP status.
|
||||
Option syntax is "/flow-filter/status-code", where flow-filter describes
|
||||
which requests this rule should be applied to and status-code is the HTTP status code to return for
|
||||
which requests this rule should be applied to and status-code is the HTTP status code to return for
|
||||
blocked requests. The separator ("/" in the example) can be any character.
|
||||
Setting a non-standard status code of 444 will close the connection without sending a response.
|
||||
"""
|
||||
|
|
|
@ -160,14 +160,13 @@ def _check_content_type(rex, message):
|
|||
|
||||
class FAsset(_Action):
|
||||
code = "a"
|
||||
help = "Match asset in response: CSS, Javascript, Flash, images."
|
||||
help = "Match asset in response: CSS, JavaScript, images."
|
||||
ASSET_TYPES = [re.compile(x) for x in [
|
||||
b"text/javascript",
|
||||
b"application/x-javascript",
|
||||
b"application/javascript",
|
||||
b"text/css",
|
||||
b"image/.*",
|
||||
b"application/x-shockwave-flash"
|
||||
b"image/.*"
|
||||
]]
|
||||
|
||||
@only(http.HTTPFlow)
|
||||
|
|
Loading…
Reference in New Issue