806aa0f41c
improve .replace() and move it into netlib
2016-04-02 14:38:33 +02:00
4ee8808b44
add Serializeable.copy
2016-04-02 13:50:53 +02:00
ec68d8b8e4
s/nocover/no cover/g
...
according to coveralls docs
2016-03-27 12:02:41 +02:00
66bd27e6f9
update comments
2016-03-26 17:49:22 +08:00
08ff00f36d
replace CONTENT_MISSING with None.
2016-03-26 16:00:51 +08:00
2f285a6015
Setting CONTENT_MISSING to None
2016-03-26 11:26:42 +08:00
403ac82a7d
netlib: request.path can be None
2016-03-20 23:22:50 +01:00
983b0dd4f6
Merge pull request #1014 from ikoz/master
...
New option: Add server certs to client chain
2016-03-17 02:28:00 +01:00
2a20fc59b2
Merge pull request #1030 from xhy940801/socks
...
Add 'UsernamePasswordAuth' 'UsernamePasswordAuthResponse' to SOCKS
2016-03-16 12:16:52 +01:00
eecadadce3
use "peer_address" instead of "sock_address"
2016-03-15 21:32:06 +08:00
ba933dff2c
Add 'UsernamePasswordAuth' 'UsernamePasswordAuthResponse' to SOCKS
2016-03-15 14:33:20 +08:00
e9bff5ac56
add resolved IP address in "Details" tab
2016-03-10 21:23:31 +08:00
0169271bf9
New option: Add server certs to client chain
...
If enabled, append all server certificates to the certificate chain
served to the client, as extras. Can be used to bypass certain
certificate pinning impementations.
2016-03-08 18:13:36 +00:00
2bec6a35e2
fix #956
2016-02-19 00:30:37 +01:00
ecb26c3c82
Merge remote-tracking branch 'duffer/pretty-host'
2016-02-18 23:17:02 +01:00
9dc1224282
Incorporate comments made during review
2016-02-18 20:12:45 +05:30
20352f3453
fix test paths, move coverage config into setup.py
2016-02-18 13:24:17 +01:00
d33d3663ec
combine projects
2016-02-18 13:03:40 +01:00
175109e44e
Use host header values only when the ports match
2016-02-18 07:01:52 +05:30
6f96da08c9
Handle port numbers in host header
...
from: https://github.com/mitmproxy/netlib/pull/121
2016-02-17 08:48:59 +05:30
6b585023fd
move tservers helper
2016-02-16 21:53:16 +01:00
5101843683
fix wheel creation, re-add MANIFEST.in
2016-02-16 04:28:10 +01:00
a69d223b33
Preserve host header when modifying request path
...
Currently the path_components and query setters of the Request object
use the url setter under the hood. The url setter updates all parts of
the URL including the host. If the host header and the host in the
request URL are different (as is common when making HTTPS requests)
then the host header will be updated to the value in the URL as a
result of modifying the path.
This change fixes this problem by modifying the query and
path_components setters to not use the url setter and instead directly
update the path field.
2016-02-15 16:21:20 -08:00
4583fa7922
remove MANIFEST.in, move Dockerfile to root
2016-02-16 00:57:42 +01:00
10f9b6faa7
fix release tool, refs #947
2016-02-16 00:22:38 +01:00
3d9a5157e7
use own shields instance, update pathod readme
2016-02-15 21:13:06 +01:00
a1190c3696
adjust travis
2016-02-15 17:06:32 +01:00
b211bef9a1
fix tests
2016-02-15 16:34:38 +01:00
d7158f975e
move tests into shared folder
2016-02-15 16:34:22 +01:00
95cef3c0e9
merge metadata files
2016-02-15 15:43:59 +01:00
43c3e164ec
add netlib
2016-02-15 14:58:48 +01:00
aafa69a738
bump version
2016-02-14 17:25:30 +01:00
1dcb8b14ac
bump version
2016-02-08 15:09:29 +01:00
ead9b0ab8c
fix http version string
2016-02-08 15:09:25 +01:00
655b521749
fix docstrings
2016-02-08 04:33:10 +01:00
173ff0b235
fix py3 compat
2016-02-08 04:28:49 +01:00
fe0ed63c4a
add Serializable ABC
2016-02-08 04:16:58 +01:00
4873547de3
minor fixes
2016-02-08 02:10:48 +01:00
8f8796f9d9
expose OpenSSL's HAS_ALPN
2016-02-08 00:40:55 +01:00
0336a53aa8
Merge branch 'master' of https://github.com/mitmproxy/netlib
2016-02-02 18:16:05 +01:00
a188ae5ac5
allow creation of certs without CN
2016-02-02 18:15:55 +01:00
e222858f01
bump dependency and remove deprecated fields
2016-02-02 17:39:49 +01:00
81b32cf426
Merge pull request #116 from Kriechi/hyperframe
...
migrate to hyperframe
2016-02-01 20:28:14 +01:00
931b5459e9
remove code duplication
2016-02-01 20:19:34 +01:00
a3af0ce71d
tests++
2016-02-01 20:10:18 +01:00
bda49dd178
fix #113 , make Reader.peek() work on Python 3
2016-02-01 19:38:14 +01:00
e98c729bb9
test on python3
2016-01-31 20:19:32 +01:00
280b491ab2
migrate to hyperframe
2016-01-31 20:03:25 +01:00
d253ebc142
fix test request and response headers
2016-01-30 22:03:24 +01:00
1b487539b1
move tservers to netlib module
2016-01-25 09:20:44 +01:00
b8e8c4d682
Simplified setting the source_address in the TCPClient constructor
2016-01-11 08:10:36 +01:00
4bb9f3d35b
Added getter/setter for TCPClient source_address
2016-01-08 18:04:47 +01:00
d1e6b5366c
bump version
2015-12-25 16:00:50 +01:00
71834421bb
bump version
2015-12-03 18:13:24 +01:00
c1385c9a17
Fix to ignore empty header value.
...
According to Augmented BNF in the following RFCs
http://tools.ietf.org/html/rfc5234#section-3.6
http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1
field-value = *( field-content | LWS )
http://tools.ietf.org/html/rfc7230#section-3.2
field-value = *( field-content / obs-fold )
... the HTTP message header `field-value` is allowed to be empty.
2015-11-17 04:51:20 +11:00
2bd7bcb371
Porting to Python 3.4
...
Updated wsgi to support Python 3.4 byte strings.
Updated test_wsgi to remove py.test warning for TestApp having an
__init__ constructor.
samc$ sudo py.test netlib/test/test_wsgi.py -r w
= test session starts =
platform darwin -- Python 3.4.1, pytest-2.8.2, py-1.4.30, pluggy-0.3.1
rootdir: /Users/samc/src/python/netlib, inifile:
collected 6 items
netlib/test/test_wsgi.py ......
= 6 passed in 0.20 seconds =
2015-11-11 20:27:10 -06:00
6689a342ae
Porting to Python 3.4
...
Fixed byte string formatting for hexdump.
= test session starts =
platform darwin -- Python 3.4.1, pytest-2.8.2, py-1.4.30, pluggy-0.3.1
rootdir: /Users/samc/src/python/netlib, inifile:
collected 11 items
netlib/test/test_utils.py ...........
= 11 passed in 0.23 seconds =
2015-11-11 19:53:51 -06:00
2d48f12332
Revert "Porting netlib to python3.4"
...
This reverts commit 8237183485
2015-11-11 19:41:42 -06:00
8237183485
Porting netlib to python3.4
...
Updated utils.py using 2to3-3.4
Updated hexdump to use .format() with .encode() to support python 3.4
Python 3.5 supports .format() on bytes objects, but 3.4 is the current
default on Ubuntu.
samc$ py.test netlib/test/test_utils.py
= test session starts =
platform darwin -- Python 3.4.1, pytest-2.8.2, py-1.4.30, pluggy-0.3.1
rootdir: /Users/samc/src/python/netlib, inifile:
collected 11 items
netlib/test/test_utils.py ...........
= 11 passed in 0.19 seconds =
2015-11-11 11:32:02 -06:00
9cab9ee5d6
Bump version for next release cycle
2015-11-07 09:30:49 +13:00
3e2eb3fef1
Bump version
2015-11-06 13:51:15 +13:00
810c2f2414
Merge remote-tracking branch 'origin/hostname-validation'
2015-11-04 21:33:32 +01:00
9d12425d5e
Set default cert expiry to <39 months
...
This sould fix mitmproxy/mitmproxy#815
2015-11-04 11:28:02 +01:00
9d36f8e43f
minor fixes
2015-11-01 18:20:00 +01:00
5af9df326a
fix certificate verification
...
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:
1. Exactly mirror the host names presented by the server in the
spoofed certificate presented to the client.
2. Require the client to send the TLS Server Name Indication
extension. While this does not work with older clients,
we can validate the hostname on the proxy.
Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
67229fbdf7
Merge branch 'http-models'
2015-09-28 13:53:59 +02:00
87566da3ba
fix mitmproxy/mitmproxy#784
2015-09-28 11:18:00 +02:00
23d13e4c12
test response model, push coverage to 100% branch cov
2015-09-27 00:49:41 +02:00
466888b01a
improve request tests, coverage++
2015-09-26 20:07:11 +02:00
49ea8fc0eb
refactor response model
2015-09-26 17:39:50 +02:00
106f7046d3
refactor request model
2015-09-26 00:39:04 +02:00
45f2ea33b2
minor fixes
2015-09-25 18:24:18 +02:00
c7b8322500
also accept bytes as arguments
2015-09-22 01:56:09 +02:00
f937522773
Headers: return str on all Python versions
2015-09-22 01:48:35 +02:00
9fbeac50ce
revert websocket changes from 73586b1b
...
The DEFAULT construct is very weird,
but with None we apparently break pathod
in some difficult-to-debug ways.
Revisit once we do more here.
2015-09-21 22:49:39 +02:00
e9fe45f3f4
backport changes
2015-09-21 18:45:49 +02:00
1ff8f294b4
minor encoding fixes
2015-09-21 18:34:43 +02:00
73586b1be9
python 3++
2015-09-21 00:44:17 +02:00
daebd1bd27
python3++
2015-09-20 20:35:45 +02:00
0ad5cbc6bf
python3++
2015-09-20 19:56:45 +02:00
693cdfc6d7
python3++
2015-09-20 19:40:09 +02:00
3f1ca556d1
python3++
2015-09-20 18:12:55 +02:00
91cdd78201
improve http error messages
2015-09-19 11:59:40 +02:00
551d9f11e5
experimental: don't interfere with headers
2015-09-18 18:05:50 +02:00
d1904c2f52
python3++
2015-09-18 15:38:31 +02:00
7b6b157547
properly handle SNI IPs
...
fixes mitmproxy/mitmproxy#772
We must use the ipaddress package here, because that's what cryptography
uses. If we opt for something else, we have nasty namespace conflicts.
2015-09-18 15:35:02 +02:00
266b80238d
fix tests
2015-09-17 17:29:55 +02:00
d798ed955d
python3++
2015-09-17 16:31:50 +02:00
8d71059d77
clean up http message models
2015-09-17 15:16:12 +02:00
a07e43df8b
http1: add assemble_body function
2015-09-17 02:39:42 +02:00
dad9f06cb9
organize exceptions, improve content-length handling
2015-09-17 02:14:14 +02:00
265f31e878
adjust http1-related code
2015-09-16 18:43:24 +02:00
a077d8877d
finish netlib.http.http1 refactor
2015-09-16 00:04:23 +02:00
11e7f476bd
wip
2015-09-15 19:12:15 +02:00
997fcde8ce
make clean_bin unicode-aware
2015-09-12 17:03:09 +02:00
a38142d595
don't yield empty chunks
2015-09-11 01:17:39 +02:00
92c763f469
fix mitmproxy/mitmproxy#759
2015-09-10 12:32:38 +02:00
a5f7752cf1
add ssl_read_select
2015-09-10 11:30:41 +02:00
32b3c32138
add tcp.Address.__hash__
2015-09-08 21:31:27 +02:00
fc86bbd03e
let Headers inherit from object
...
fixes mitmproxy/mitmproxy#753
2015-09-08 15:16:25 +02:00
50bf92ccce
Merge branch 'master' of https://github.com/mitmproxy/netlib
2015-09-05 18:16:41 +02:00
66ee1f465f
headers: adjust everything
2015-09-05 18:15:47 +02:00
3718e59308
finalize Headers, add tests
2015-09-05 15:27:48 +02:00
5f97701958
add new headers class
2015-09-05 13:26:36 +02:00
3ebe5a5147
http2: do net let Settings frames escape
2015-09-03 21:24:07 +02:00
53abf5f4d7
http2: handle Ping in protocol
2015-09-03 21:24:07 +02:00
2d0d240abc
Merge branch 'master' of https://github.com/mitmproxy/netlib
2015-08-29 20:56:19 +02:00
4a8fd79e33
don't yield prefix and suffix
2015-08-29 20:54:54 +02:00
1265945f55
move sslversion mapping to netlib
2015-08-29 12:30:35 +02:00
982d8000c4
wip
2015-08-28 17:35:48 +02:00
3e3b59aa71
http2: fix priority stream dependency check
2015-08-26 20:58:00 +02:00
de0ced73f8
fix error messages
2015-08-25 18:33:55 +02:00
21858995ae
request -> request_method
2015-08-24 18:16:34 +02:00
622665952c
minor stylistic fixes
2015-08-24 16:52:32 +02:00
cd9701050f
read_response depends on request for stream_id
2015-08-21 10:04:57 +02:00
53f2582313
http2: fix unhandled settings frame
2015-08-20 20:36:51 +02:00
16f697f68a
http2: disable features we do not support yet
2015-08-20 10:27:06 +02:00
94b7beae2a
http2: implement basic flow control updates
2015-08-20 10:27:06 +02:00
eb34305518
http2: fix frame length field
2015-08-20 10:27:06 +02:00
e20d4e5c02
http2: add callback to handle unexpected frames
2015-08-20 10:27:06 +02:00
1025c15242
fix typo
2015-08-20 10:27:06 +02:00
9920de1e15
tcp._Connection: clean up code, fix inheritance
2015-08-19 16:06:33 +02:00
6810fba54e
add ssl peek polyfill
2015-08-19 16:05:42 +02:00
9686a77dcb
http2: implement request target
2015-08-18 22:17:00 +02:00
07a1356e2f
http2: add support for too large header frames
2015-08-18 21:22:42 +02:00
0d384ac2a9
http2: add support for too large data frames
2015-08-18 21:22:42 +02:00
231656859f
TCPClient: more sophisticated address handling
2015-08-18 21:08:42 +02:00
62416daa4a
add Reader.peek()
2015-08-18 21:08:01 +02:00
c92dc1b868
re-add form_out
2015-08-18 21:07:38 +02:00
3d30667125
Bump netlib version - 0.13.1 is already out
2015-08-17 10:21:30 +12:00
85cede47aa
allow direct ALPN callback method
2015-08-16 11:41:34 +02:00
b7e6e1c9b2
add HTTP/1.1 ALPN version string
2015-08-15 17:49:59 +02:00
6a30ad2ad2
fix minor style offences
2015-08-10 20:50:05 +02:00
ff27d65f08
cleanup whitespace
2015-08-10 20:44:36 +02:00
476badf45c
cleanup imports
2015-08-10 20:36:47 +02:00
690b8b4f4e
add move tests and code from mitmproxy
2015-08-10 20:34:27 +02:00
c2832ef72b
fix mitmproxy/mitmproxy#705
2015-08-03 18:06:31 +02:00
6a678d86e1
fix mitmproxy tests
2015-08-02 11:27:01 +02:00
0be84fd6b9
fix tutils imports
2015-08-01 14:49:15 +02:00
a837230320
move code from mitmproxy to netlib
2015-08-01 12:40:40 +02:00
7b10817670
http2: improve protocol
2015-07-30 19:40:00 +02:00
c7fcc2cca5
add on-the-wire representation methods
2015-07-29 11:27:43 +02:00
827fe824d9
move code from mitmproxy to netlib
2015-07-27 11:48:38 +02:00
fb48217224
improve pyopenssl version check
2015-07-25 13:30:25 +02:00
b57c1386a1
Merge pull request #81 from Kriechi/protocol-refactor
...
HTTP protocol refactoring
2015-07-24 16:50:56 +02:00
1b26161382
add distinct error for cert verification issues
2015-07-24 16:47:28 +02:00
657973eca3
fix bugs
2015-07-22 16:13:06 +02:00
faf17d3d60
http2: make proper use of odict
2015-07-22 15:30:51 +02:00
ecc7ffe928
reduce public interface
...
use private indicator pattern “_methodname”
2015-07-22 15:30:51 +02:00
83f013fca1
introduce EmptyRequest class
2015-07-22 15:30:51 +02:00
d62dbee0f6
rename content -> body
2015-07-22 15:30:51 +02:00
37a0cb858c
introduce ConnectRequest class
2015-07-22 15:30:51 +02:00
4617ab8a3a
add Request class and unify read_request interface
2015-07-22 15:30:51 +02:00
808b294865
refactor HTTP/1 as protocol
2015-07-22 15:30:51 +02:00
230c16122b
change HTTP2 interface to match HTTP1
2015-07-22 15:30:51 +02:00
bab6cbff1e
extract authentication methods from protocol
2015-07-22 15:30:51 +02:00
f50deb7b76
move bits around
2015-07-22 15:30:51 +02:00
bd5ee21284
refactor websockets into protocol
2015-07-22 15:30:50 +02:00
6dcfc35011
introduce http_semantics module
...
used for generic HTTP representation
everything should apply for HTTP/1 and HTTP/2
2015-07-22 15:30:50 +02:00
e316a9cdb4
bump version
2015-07-22 13:39:48 +02:00
c17af4162b
Added a fix for pre-1.0 OpenSSL which wasn't correctly erring on failed certificate validation
2015-07-21 19:15:11 -07:00
155bdeb123
Fixing default CA which ought to be read as a pemfile and not a directory
2015-07-21 18:09:42 -07:00
9fdc412fa0
bump version
2015-07-22 00:17:05 +02:00
397b3bba5e
Fixed version error formatting issue
2015-07-21 13:17:46 +03:00
880c66fe48
socks: optionally fail early
2015-07-03 02:45:12 +02:00
9aaf10120d
socks: add assert_socks5 method
2015-07-03 02:01:30 +02:00
0a2b25187f
Fixing how certifi is made the default ca_path to simplify calling logic.
2015-06-26 14:57:00 -07:00
2723a0e573
remove certffi
2015-06-26 13:26:35 +02:00
41925b01f7
Fix printing of SSL version error
...
Fixes #73
2015-06-25 10:37:01 +12:00
db6576ca6f
Merge pull request #76 from kyle-m/master
...
Provide debugging information when upstream server certificate fails validation
2015-06-24 09:27:08 +12:00
80dd703a2a
Merge branch 'Kriechi-ssl-version-handling'
2015-06-23 22:18:10 +12:00
239f4758af
Remove dependence on pathod in test suite.
2015-06-23 22:16:03 +12:00
d1452424be
Cleaning up upstream server verification. Adding storage of cerificate
...
verification errors on TCPClient object to enable warnings in downstream
projects.
2015-06-22 17:31:13 -07:00
7afe44ba4e
Updating TCPServer to allow tests (and potentially other use cases) to serve
...
certificate chains instead of only single certificates.
2015-06-22 16:48:09 -07:00
58118d607e
unify SSL version/method handling
2015-06-22 20:39:34 +02:00
2aa1b98fbf
netlib/test.py -> test/tservers.py
2015-06-22 14:52:23 +12:00
f5c5deb2ae
fix http user agents
2015-06-18 17:36:58 +02:00
69e71097f7
mark unused variables and arguments
2015-06-18 17:14:38 +02:00
4579c67150
Merge branch 'master' of https://github.com/kyle-m/netlib into kyle-m-master
2015-06-18 12:23:03 +12:00
6e301f37d0
Only set OP_NO_COMPRESSION by default if it exists in our version of OpenSSL
...
We'll need to start testing under both new and old versions of OpenSSL
somehow to catch these...
2015-06-18 12:18:22 +12:00
4152b14387
Merge pull request #71 from Kriechi/landscape
...
fix warnings and code smells
2015-06-18 12:07:20 +12:00
836b1eab97
fix warnings and code smells
...
use prospector to find them
2015-06-17 13:10:27 +02:00
c9c93af453
Adding certifi as default CA bundle.
2015-06-16 11:11:10 -07:00
eb823a04a1
http2: improve :authority header
2015-06-16 15:00:29 +02:00
abb37a3ef5
http2: improve test suite
2015-06-16 15:00:28 +02:00
20c136e070
http2: return stream_id from request for response
2015-06-16 15:00:28 +02:00
1c124421e3
http2: fix header_block_fragments and length
2015-06-16 15:00:28 +02:00
d0a9d3cdda
http2: only first headers frame as END_STREAM flag
2015-06-16 15:00:28 +02:00
e3db241a2f
http2: improve frame output
2015-06-16 15:00:28 +02:00
79ff439930
add elliptic curve during TLS handshake
2015-06-16 15:00:28 +02:00
12702b9a01
http2: improve frame output
2015-06-16 14:55:08 +02:00
bb206323ab
Merge pull request #69 from kyle-m/master
...
Adding support for upstream certificate validation when using SSL/TLS…
2015-06-16 10:34:09 +12:00
fe764cde52
Adding support for upstream certificate validation when using SSL/TLS with an
...
instance of TCPClient.
2015-06-15 10:18:54 -07:00
0d137eac6f
simplify ALPN
2015-06-14 19:50:35 +02:00
8d71a5b4ab
http2: add authority header
2015-06-14 19:43:32 +02:00
9c6d237d02
add new TLS methods
2015-06-14 18:17:53 +02:00
5fab755a05
add more tests
2015-06-12 15:27:29 +02:00
a901bc3032
http2: add response creation
2015-06-12 14:45:51 +02:00
8ea157775d
http2: general improvements
2015-06-12 14:42:07 +02:00
eeaed93a83
improve ALPN integration
2015-06-11 15:37:17 +02:00
Maximilian Hils