Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: update protocols

This commit is contained in:
Maximilian Hils 2022-10-26 18:15:56 +02:00
parent 720ea3fc16
commit b6b54e4352
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
docs/src/content/concepts-protocols.md
View File

@ -13,17 +13,13 @@ Most protocols can be disabled by toggling the respective [option]({{< relref co
## HTTP/1.x ## HTTP/1.x
HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack, which is particularly robust to HTTP syntax HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack based on
[h11](https://github.com/python-hyper/h11), which is particularly robust to HTTP syntax
errors. Protocol violations are often deliberately forwarded or inserted at the proxy. errors. Protocol violations are often deliberately forwarded or inserted at the proxy.
##### Known Limitations ##### Known Limitations
- Trailers: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions. - Trailers: mitmproxy currently does not support trailers with HTTP/1.x, but we are happy to accept contributions.
##### RFCs
- [RFC7230: HTTP/1.1: Message Syntax and Routing](http://tools.ietf.org/html/rfc7230)
- [RFC7231: HTTP/1.1: Semantics and Content](http://tools.ietf.org/html/rfc7231)
## HTTP/2 ## HTTP/2
@ -32,16 +28,11 @@ server does not speak HTTP/2, mitmproxy seamlessly translates messages to HTTP/1
##### Known Limitations ##### Known Limitations
- *Trailers*: mitmproxy currently does not support HTTP trailers, but we are happy to accept contributions.
- *Priority Information*: mitmproxy currently ignores HTTP/2 PRIORITY frames. This does not affect the transmitted - *Priority Information*: mitmproxy currently ignores HTTP/2 PRIORITY frames. This does not affect the transmitted
contents, but potentially affects the order in which messages are sent. contents, but potentially affects the order in which messages are sent.
- *Push Promises*: mitmproxy currently does not advertise support for HTTP/2 Push Promises. - *Push Promises*: mitmproxy currently does not advertise support for HTTP/2 Push Promises.
- *Cleartext HTTP/2*: mitmproxy currently does not support unencrypted HTTP/2 (h2c). - *Cleartext HTTP/2*: mitmproxy currently does not support unencrypted HTTP/2 (h2c).
##### RFCs
- [RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2)](http://tools.ietf.org/html/rfc7540)
## WebSocket ## WebSocket
WebSocket support in mitmproxy is based on [wsproto](https://github.com/python-hyper/wsproto) project, including support WebSocket support in mitmproxy is based on [wsproto](https://github.com/python-hyper/wsproto) project, including support
@ -49,19 +40,23 @@ for message compression.
##### Known Limitations ##### Known Limitations
- *User Interface*: WebSocket messages are currently logged to the event log, but not displayed in the console or web
interface. We would welcome contributions that fix this issue.
- *Replay*: Client or server replay is not possible yet. - *Replay*: Client or server replay is not possible yet.
- *Ping*: mitmproxy will forward PING and PONG frames, but not store them. The payload is only logged to the event log. - *Ping*: mitmproxy will forward PING and PONG frames, but not store them. The payload is only logged to the event log.
- *Unknown Extensions*: Unknown WebSocket extensions will cause a warning message to be logged, but are otherwise passed - *Unknown Extensions*: Unknown WebSocket extensions will cause a warning message to be logged, but are otherwise passed
through as-is. This may lead to noncompliant behavior. through as-is. This may lead to noncompliant behavior.
##### RFCs ## DNS
- [RFC6455: The WebSocket Protocol](http://tools.ietf.org/html/rfc6455) DNS support in mitmproxy is based on a custom DNS implementation.
- [RFC7692: Compression Extensions for WebSocket](http://tools.ietf.org/html/rfc7692)
## Generic TCP Proxy ##### Known Limitations
- *Replay*: Client or server replay is not possible yet.
- mitmproxy current does not support DNS over TCP.
- We have not started any work on DoT/DoH/DoQ (DNS-over-TLS/HTTPS/QUIC) yet. Contributions are welcome.
- We have not started any work on stripping ESNI or HTTPS RR records yet. Contributions are welcome.
## Generic TCP/TLS Proxy
Mitmproxy can also act as a generic TCP proxy. In this mode, mitmproxy will still detect the presence of TLS at the Mitmproxy can also act as a generic TCP proxy. In this mode, mitmproxy will still detect the presence of TLS at the
beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages
@ -73,3 +68,16 @@ Users can explicitly opt into generic TCP proxying by setting the [`tcp_hosts` o
- *Replay*: Client or server replay is not possible yet. - *Replay*: Client or server replay is not possible yet.
- *Opportunistic TLS*: mitmproxy will not detect when a plaintext protocol upgrades to TLS (STARTTLS). - *Opportunistic TLS*: mitmproxy will not detect when a plaintext protocol upgrades to TLS (STARTTLS).
## Generic UDP/DTLS Proxy
Mitmproxy can also act as a generic UDP proxy. In this mode, mitmproxy will still detect the presence of DTLS at the
beginning of a connection and perform a man-in-the-middle attack if necessary, but otherwise forward messages
unmodified.
Users can explicitly opt into generic UDP proxying by setting the [`udp_hosts` option]({{< relref concepts-options >}}).
##### Known Limitations
- *Replay*: Client or server replay is not possible yet.

1
mitmproxy/addons/dns_resolver.py
View File

@ -151,6 +151,7 @@ class DnsResolver:
and not flow.error and not flow.error
) )
if should_resolve: if should_resolve:
# TODO: We need to handle overly long responses here.
flow.response = await resolve_message( flow.response = await resolve_message(
flow.request, asyncio.get_running_loop() flow.request, asyncio.get_running_loop()
) )