Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Expand SSL support 

- Cipher suite selection for both pathoc and pathod
- SSL version specification for pathod
- Expose SSLv23 as an option, and use it by default
This commit is contained in:
Aldo Cortesi 2014-02-27 18:33:48 +13:00
parent 0c04abb6e4
commit a1d0da2b53
5 changed files with 47 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libpathod/pathoc.py
View File

@ -14,15 +14,8 @@ class Response:
def __repr__(self):
return "Response(%s - %s)"%(self.status_code, self.msg)
SSLVERSIONS = {
1: tcp.TLSv1_METHOD,
2: tcp.SSLv2_METHOD,
3: tcp.SSLv3_METHOD,
4: tcp.SSLv23_METHOD,
}
class Pathoc(tcp.TCPClient):
def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None):
def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None, ciphers=None):
tcp.TCPClient.__init__(self, address)
self.settings = dict(
staticdir = os.getcwd(),
@ -30,7 +23,8 @@ class Pathoc(tcp.TCPClient):
)
self.ssl, self.sni = ssl, sni
self.clientcert = clientcert
self.sslversion = SSLVERSIONS[sslversion]
self.sslversion = utils.SSLVERSIONS[sslversion]
self.ciphers = ciphers
def http_connect(self, connect_to):
self.wfile.write(
@ -56,7 +50,12 @@ class Pathoc(tcp.TCPClient):
self.http_connect(connect_to)
if self.ssl:
try:
self.convert_to_ssl(sni=self.sni, cert=self.clientcert, method=self.sslversion)
self.convert_to_ssl(
sni=self.sni,
cert=self.clientcert,
method=self.sslversion,
cipher_list = self.ciphers
)
except tcp.NetLibError, v:
raise PathocError(str(v))

12
libpathod/pathod.py
View File

@ -9,12 +9,14 @@ class PathodError(Exception): pass
class SSLOptions:
def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False):
def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False, sslversion=tcp.SSLv23_METHOD, ciphers=None):
self.keyfile = keyfile or utils.data.path("resources/server.key")
self.certfile = certfile or utils.data.path("resources/server.crt")
self.cert = certutils.SSLCert.from_pem(file(self.certfile, "rb").read())
self.not_after_connect = not_after_connect
self.request_client_cert = request_client_cert
self.ciphers = ciphers
self.sslversion = sslversion
class PathodHandler(tcp.BaseHandler):
@ -79,7 +81,9 @@ class PathodHandler(tcp.BaseHandler):
self.server.ssloptions.cert,
self.server.ssloptions.keyfile,
handle_sni = self.handle_sni,
request_client_cert = self.server.ssloptions.request_client_cert
request_client_cert = self.server.ssloptions.request_client_cert,
cipher_list = self.server.ssloptions.ciphers,
method = self.server.ssloptions.sslversion,
)
except tcp.NetLibError, v:
s = str(v)
@ -185,7 +189,9 @@ class PathodHandler(tcp.BaseHandler):
self.server.ssloptions.cert,
self.server.ssloptions.keyfile,
handle_sni = self.handle_sni,
request_client_cert = self.server.ssloptions.request_client_cert
request_client_cert = self.server.ssloptions.request_client_cert,
cipher_list = self.server.ssloptions.ciphers,
method = self.server.ssloptions.sslversion,
)
except tcp.NetLibError, v:
s = str(v)

8
libpathod/utils.py
View File

@ -1,4 +1,12 @@
import os
from netlib import tcp
SSLVERSIONS = {
1: tcp.TLSv1_METHOD,
2: tcp.SSLv2_METHOD,
3: tcp.SSLv3_METHOD,
4: tcp.SSLv23_METHOD,
}
SIZE_UNITS = dict(
b = 1024**0,

11
pathoc
View File

@ -60,10 +60,14 @@ if __name__ == "__main__":
"-i", dest="sni", type=str, default=False,
help="SSL Server Name Indication"
)
group.add_argument(
"--ciphers", dest="ciphers", type=str, default=False,
help="SSL cipher specification"
)
group.add_argument(
"--sslversion", dest="sslversion", type=int, default=1,
choices=[1, 2, 3],
help="Use a specified protocol - TLSv1, SSLv2, SSLv3. Default to TLSv1."
choices=[1, 2, 3, 4],
help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to TLSv1."
)
group = parser.add_argument_group(
@ -133,7 +137,8 @@ if __name__ == "__main__":
ssl=args.ssl,
sni=args.sni,
sslversion=args.sslversion,
clientcert=args.clientcert
clientcert=args.clientcert,
ciphers=args.ciphers
)
try:
p.connect(connect_to)

16
pathod
View File

@ -38,7 +38,9 @@ def main(parser, args):
ssloptions = pathod.SSLOptions(
keyfile = args.ssl_keyfile,
certfile = args.ssl_certfile,
not_after_connect = args.ssl_not_after_connect
not_after_connect = args.ssl_not_after_connect,
ciphers = args.ciphers,
sslversion = utils.SSLVERSIONS[args.sslversion]
)
alst = []
@ -100,7 +102,7 @@ def main(parser, args):
parser.error("%s You probably want to a -d argument."%str(v))
try:
print "%s listening on %s:%s"%(version.NAMEVERSION, args.address, pd.address.port)
print "%s listening on %s:%s"%(version.NAMEVERSION, pd.address.host, pd.address.port)
pd.serve_forever()
except KeyboardInterrupt:
pass
@ -172,7 +174,15 @@ if __name__ == "__main__":
"--certfile", dest='ssl_certfile', default=None, type=str,
help='SSL cert file. If not specified, a default cert is used.'
)
group.add_argument(
"--ciphers", dest="ciphers", type=str, default=False,
help="SSL cipher specification"
)
group.add_argument(
"--sslversion", dest="sslversion", type=int, default=4,
choices=[1, 2, 3, 4],
help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23."
)
group = parser.add_argument_group(
'Controlling Logging',