Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: update protocols

This commit is contained in:
Maximilian Hils 2022-10-26 18:15:56 +02:00
parent 720ea3fc16
commit b6b54e4352
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
docs/src/content/concepts-protocols.md
View File

@ -13,17 +13,13 @@ Most protocols can be disabled by toggling the respective [option]({{< relref co
## HTTP/1.x
HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack, which is particularly robust to HTTP syntax
HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack based on
[h11](https://github.com/python-hyper/h11), which is particularly robust to HTTP syntax
errors. Protocol violations are often deliberately forwarded or inserted at the proxy.
##### Known Limitations
- Trailers: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions.
##### RFCs
- [RFC7230: HTTP/1.1: Message Syntax and Routing](http://tools.ietf.org/html/rfc7230)
- [RFC7231: HTTP/1.1: Semantics and Content](http://tools.ietf.org/html/rfc7231)
- Trailers: mitmproxy currently does not support trailers with HTTP/1.x, but we are happy to accept contributions.
## HTTP/2
@ -32,16 +28,11 @@ server does not speak HTTP/2, mitmproxy seamlessly translates messages to HTTP/1
##### Known Limitations
- *Trailers*: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions.
- *Priority Information*: mitmproxy currently ignores HTTP/2 PRIORITY frames. This does not affect the transmitted
contents, but potentially affects the order in which messages are sent.
- *Push Promises*: mitmproxy currently does not advertise support for HTTP/2 Push Promises.
- *Cleartext HTTP/2*: mitmproxy currently does not support unencrypted HTTP/2 (h2c).
##### RFCs
- [RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2)](http://tools.ietf.org/html/rfc7540)
## WebSocket
WebSocket support in mitmproxy is based on [wsproto](https://github.com/python-hyper/wsproto) project, including support
@ -49,19 +40,23 @@ for message compression.
##### Known Limitations
- *User Interface*: WebSocket messages are currently logged to the event log, but not displayed in the console or web
interface. We would welcome contributions that fix this issue.
- *Replay*: Client or server replay is not possible yet.
- *Ping*: mitmproxy will forward PING and PONG frames, but not store them. The payload is only logged to the event log.
- *Unknown Extensions*: Unknown WebSocket extensions will cause a warning message to be logged, but are otherwise passed
through as-is. This may lead to noncompliant behavior.
##### RFCs
## DNS
- [RFC6455: The WebSocket Protocol](http://tools.ietf.org/html/rfc6455)
- [RFC7692: Compression Extensions for WebSocket](http://tools.ietf.org/html/rfc7692)
DNS support in mitmproxy is based on a custom DNS implementation.
## Generic TCP Proxy
##### Known Limitations
- *Replay*: Client or server replay is not possible yet.
- mitmproxy current does not support DNS over TCP.
- We have not started any work on DoT/DoH/DoQ (DNS-over-TLS/HTTPS/QUIC) yet. Contributions are welcome.
- We have not started any work on stripping ESNI or HTTPS RR records yet. Contributions are welcome.
## Generic TCP/TLS Proxy
Mitmproxy can also act as a generic TCP proxy. In this mode, mitmproxy will still detect the presence of TLS at the
beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages
@ -73,3 +68,16 @@ Users can explicitly opt into generic TCP proxying by setting the [`tcp_hosts` o
- *Replay*: Client or server replay is not possible yet.
- *Opportunistic TLS*: mitmproxy will not detect when a plaintext protocol upgrades to TLS (STARTTLS).
## Generic UDP/DTLS Proxy
Mitmproxy can also act as a generic UDP proxy. In this mode, mitmproxy will still detect the presence of DTLS at the
beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages
unmodified.
Users can explicitly opt into generic UDP proxying by setting the [`udp_hosts` option]({{< relref concepts-options >}}).
##### Known Limitations
- *Replay*: Client or server replay is not possible yet.

1
mitmproxy/addons/dns_resolver.py
View File

@ -151,6 +151,7 @@ class DnsResolver:
and not flow.error
)
if should_resolve:
# TODO: We need to handle overly long responses here.
flow.response = await resolve_message(
flow.request, asyncio.get_running_loop()
)