diff --git a/docs/src/content/concepts-protocols.md b/docs/src/content/concepts-protocols.md index f15caa6f7..c689d8bff 100644 --- a/docs/src/content/concepts-protocols.md +++ b/docs/src/content/concepts-protocols.md @@ -13,17 +13,13 @@ Most protocols can be disabled by toggling the respective [option]({{< relref co ## HTTP/1.x -HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack, which is particularly robust to HTTP syntax +HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack based on +[h11](https://github.com/python-hyper/h11), which is particularly robust to HTTP syntax errors. Protocol violations are often deliberately forwarded or inserted at the proxy. ##### Known Limitations -- Trailers: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions. - -##### RFCs - -- [RFC7230: HTTP/1.1: Message Syntax and Routing](http://tools.ietf.org/html/rfc7230) -- [RFC7231: HTTP/1.1: Semantics and Content](http://tools.ietf.org/html/rfc7231) +- Trailers: mitmproxy currently does not support trailers with HTTP/1.x, but we are happy to accept contributions. ## HTTP/2 @@ -32,16 +28,11 @@ server does not speak HTTP/2, mitmproxy seamlessly translates messages to HTTP/1 ##### Known Limitations -- *Trailers*: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions. - *Priority Information*: mitmproxy currently ignores HTTP/2 PRIORITY frames. This does not affect the transmitted contents, but potentially affects the order in which messages are sent. - *Push Promises*: mitmproxy currently does not advertise support for HTTP/2 Push Promises. - *Cleartext HTTP/2*: mitmproxy currently does not support unencrypted HTTP/2 (h2c). -##### RFCs - -- [RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2)](http://tools.ietf.org/html/rfc7540) - ## WebSocket WebSocket support in mitmproxy is based on [wsproto](https://github.com/python-hyper/wsproto) project, including support @@ -49,19 +40,23 @@ for message compression. ##### Known Limitations -- *User Interface*: WebSocket messages are currently logged to the event log, but not displayed in the console or web - interface. We would welcome contributions that fix this issue. - *Replay*: Client or server replay is not possible yet. - *Ping*: mitmproxy will forward PING and PONG frames, but not store them. The payload is only logged to the event log. - *Unknown Extensions*: Unknown WebSocket extensions will cause a warning message to be logged, but are otherwise passed through as-is. This may lead to noncompliant behavior. -##### RFCs +## DNS -- [RFC6455: The WebSocket Protocol](http://tools.ietf.org/html/rfc6455) -- [RFC7692: Compression Extensions for WebSocket](http://tools.ietf.org/html/rfc7692) +DNS support in mitmproxy is based on a custom DNS implementation. -## Generic TCP Proxy +##### Known Limitations + +- *Replay*: Client or server replay is not possible yet. +- mitmproxy current does not support DNS over TCP. +- We have not started any work on DoT/DoH/DoQ (DNS-over-TLS/HTTPS/QUIC) yet. Contributions are welcome. +- We have not started any work on stripping ESNI or HTTPS RR records yet. Contributions are welcome. + +## Generic TCP/TLS Proxy Mitmproxy can also act as a generic TCP proxy. In this mode, mitmproxy will still detect the presence of TLS at the beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages @@ -73,3 +68,16 @@ Users can explicitly opt into generic TCP proxying by setting the [`tcp_hosts` o - *Replay*: Client or server replay is not possible yet. - *Opportunistic TLS*: mitmproxy will not detect when a plaintext protocol upgrades to TLS (STARTTLS). + + +## Generic UDP/DTLS Proxy + +Mitmproxy can also act as a generic UDP proxy. In this mode, mitmproxy will still detect the presence of DTLS at the +beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages +unmodified. + +Users can explicitly opt into generic UDP proxying by setting the [`udp_hosts` option]({{< relref concepts-options >}}). + +##### Known Limitations + +- *Replay*: Client or server replay is not possible yet. diff --git a/mitmproxy/addons/dns_resolver.py b/mitmproxy/addons/dns_resolver.py index 92624de46..fcfb153f2 100644 --- a/mitmproxy/addons/dns_resolver.py +++ b/mitmproxy/addons/dns_resolver.py @@ -151,6 +151,7 @@ class DnsResolver: and not flow.error ) if should_resolve: + # TODO: We need to handle overly long responses here. flow.response = await resolve_message( flow.request, asyncio.get_running_loop() )