From dfb2b273a21cd3b51ad6fef94f74e8dc4a6a511e Mon Sep 17 00:00:00 2001 From: Gaurav Jain <64748057+errorxyz@users.noreply.github.com> Date: Mon, 13 Jan 2025 17:34:08 +0530 Subject: [PATCH] Updates docs for DNS and HTTP/3 mode (#7474) * Update docs * fix typo * fix capitalization --------- Co-authored-by: Maximilian Hils --- docs/src/content/concepts-modes.md | 16 +++++++--------- docs/src/content/concepts-protocols.md | 6 ++---- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/docs/src/content/concepts-modes.md b/docs/src/content/concepts-modes.md index a8b6f8fed..dd5d5778b 100644 --- a/docs/src/content/concepts-modes.md +++ b/docs/src/content/concepts-modes.md @@ -268,7 +268,7 @@ would establish a raw TCP proxy. - Want to know what goes on over (D)TLS (without HTTP)? With mitmproxy's raw traffic support you can. Use `--mode reverse:tls://example.com:1234` to spawn a TCP instance that connects to `example.com:1234` using TLS, and - `--mode reverse:dtls://example.com:1234` to use UDP and DTLS respectively instead. + `--mode reverse:dtls://example.com:1234` to use UDP and DTLS respectively instead. Incoming client connections can either use (D)TLS themselves or raw TCP/UDP. In case you want to inspect raw traffic only for some hosts and HTTP for others, have a look at the [tcp_hosts]({{< relref "concepts-options" >}}#tcp_hosts) @@ -343,12 +343,10 @@ mitmdump --mode dns ``` This mode will listen for incoming DNS queries and use the resolve -capabilities of your operation system to return an answer. -By default port 53 will be used. To specify a different port, say 5353, +capabilities of your operating system to return an answer. For A/AAAA +queries you can opt to ignore the system's hosts file using the +[`dns_use_hosts_file`]({{< relref "concepts-options">}}#dns_use_hosts_file) +option. Custom name servers for lookups can be specified using the +[`dns_name_servers`]({{< relref "concepts-options" >}}#dns_name_servers) +option. By default port 53 will be used. To specify a different port, say 5353, use `--mode dns@5353`. - -Since the lookup API is limited to turning host names into IP addresses -and vice-versa, only A, AAAA, PTR and CNAME queries are supported. -You can, however, use reverse mode to specify an upstream server and -unlock all query types. For example, to use Google's Public DNS server -specify `--mode reverse:dns://8.8.8.8`. diff --git a/docs/src/content/concepts-protocols.md b/docs/src/content/concepts-protocols.md index e01fa8ad2..7222e8acc 100644 --- a/docs/src/content/concepts-protocols.md +++ b/docs/src/content/concepts-protocols.md @@ -13,7 +13,7 @@ Most protocols can be disabled by toggling the respective [option]({{< relref co ## HTTP/1 -HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack based on +HTTP/1.0 and HTTP/1.1 support in mitmproxy is based on our custom HTTP stack based on [h11](https://github.com/python-hyper/h11), which is particularly robust to HTTP syntax errors. Protocol violations are often deliberately forwarded or inserted at the proxy. @@ -36,7 +36,7 @@ server does not speak HTTP/2, mitmproxy seamlessly translates messages to HTTP/1 ## HTTP/3 HTTP/3 support in mitmproxy is based on [aioquic](https://github.com/aiortc/aioquic). Mitmproxy's HTTP/3 functionality -is still experimental and only available in reverse proxy mode. +is available in reverse proxy, local and WireGuard mode. ##### Known Limitations @@ -64,9 +64,7 @@ DNS support in mitmproxy is based on a custom DNS implementation. ##### Known Limitations - *Replay*: Client or server replay is not possible yet. -- mitmproxy current does not support DNS over TCP. - We have not started any work on DoT/DoH/DoQ (DNS-over-TLS/HTTPS/QUIC) yet. Contributions are welcome. -- We have not started any work on stripping ESNI or HTTPS RR records yet. Contributions are welcome. ## Generic TCP/TLS Proxy