* improve UX when users specify invalid certs
if we don't do this ourselves, OpenSSL will greet users with the ever-fascinating 'no shared ciphers' error during the first handshake.
* fixup test
* fix: include intermediate certs for QUIC
* [autofix.ci] apply automated fixes
* warn if `certs` has a certificate that's a CA
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Didn't work with the file from Fiddler, because of the BOM at the beginning of the file
* Update CHANGELOG.md
* [autofix.ci] apply automated fixes
* Added sample HAR with BOM as it comes from Fiddler
* Both HAR and JSON for it
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Denis Stanishevskiy <>
Co-authored-by: Maximilian Hils <git@maximilianhils.com>
* remove version from state and create new script to extract version
* fix lint
* [autofix.ci] apply automated fixes
* fix web/gen script to error on file permissions
* [autofix.ci] apply automated fixes
* add version to footer
* adjust tests
* [autofix.ci] apply automated fixes
* update changelog
* move version back into state
* [autofix.ci] apply automated fixes
* nits
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Maximilian Hils <git@maximilianhils.com>
To exercise incompatible version negotiation, we must not use version 0,
as this would cause the client's INITIAL packet to be erroneously
interpreted as a VERSION_NEGOTIATION packet - but with a corrupt format.
So far this has not caused any errors, because aioquic's
`pull_quic_header` did not fully parse VERSION_NEGOTIATION packets, but
this will change with the next aioquic version.
Use one of the reserved version numbers of the form 0x?a?a?a?a, as
defined in https://datatracker.ietf.org/doc/html/rfc9000#section-15
* Use existing API to unpack/pack domain names in HTTPS records
* [autofix.ci] apply automated fixes
* tangentially related grammar fix
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Maximilian Hils <github@maximilianhils.com>
* Fix the issue #6944: non-linear growth in processing time with mitmproxy regarding packet size. Replace the string (bytes) concatenation implementation of request_body_buf and response_body_buf to a list of chunk of bytes.
* Update the CHANGELOG.md regarding issue #6944
* [autofix.ci] apply automated fixes
* Update CHANGELOG.md
* [autofix.ci] apply automated fixes
* move receivebuffer into dedicated class
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Maximilian Hils <git@maximilianhils.com>
* Update and rename strip_ech addon to use new DNS HTTPS records API
* Update CHANGELOG.md
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
#### Description
On get_message_content_view, the content type wasn't including the
boundary, and was only setting the MIME type. This made the multipart
content view unusable, as the boundary was required on parsing. To fix
the issue, we assign the full content type instead.
This wasn't triggered by any previous tests because they would test
against the multipart parser directly, and not the generic parser.
#### Checklist
- [X] I have updated tests where applicable.
- [x] I have added an entry to the CHANGELOG.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
#### Description
This allows the "nonexistent" file error check to pass on systems that
don't use English as their primary language. With this, all mitmproxy
tests can pass on non-English machines.
Fixes#6723
#### Checklist
- [X] I have updated tests where applicable.
- [ ] I have added an entry to the CHANGELOG.
Bumps the github-actions group with 3 updates:
[install-pinned/ruff](https://github.com/install-pinned/ruff),
[apple-actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs)
and
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).
Updates `install-pinned/ruff` from
fe472defb50a6a2c00ea3a3982534e86e69991e8 to
38b373a3a8635c2be31d92314e816a491fda910a
<details>
<summary>Commits</summary>
<ul>
<li><a
href="38b373a3a8"><code>38b373a</code></a>
update README.md (ruff 0.3.0)</li>
<li><a
href="06af3ea1c3"><code>06af3ea</code></a>
update pins (ruff 0.3.0)</li>
<li><a
href="be1c354876"><code>be1c354</code></a>
update README.md (ruff 0.2.2)</li>
<li><a
href="c9779bbd5b"><code>c9779bb</code></a>
update pins (ruff 0.2.2)</li>
<li><a
href="48831a86ce"><code>48831a8</code></a>
update README.md (ruff 0.2.1)</li>
<li><a
href="6775b5f352"><code>6775b5f</code></a>
update pins (ruff 0.2.1)</li>
<li><a
href="bc12a64c2f"><code>bc12a64</code></a>
update README.md (ruff 0.2.0)</li>
<li><a
href="3b8cceff45"><code>3b8ccef</code></a>
update pins (ruff 0.2.0)</li>
<li>See full diff in <a
href="fe472defb5...38b373a3a8">compare
view</a></li>
</ul>
</details>
<br />
Updates `apple-actions/import-codesign-certs` from
5565bb656f60c98c8fc515f3444dd8db73545dc2 to
493007ed063995cf2d4fbca064704150548f8bb5
<details>
<summary>Commits</summary>
<ul>
<li><a
href="493007ed06"><code>493007e</code></a>
Merge pull request <a
href="https://redirect.github.com/apple-actions/import-codesign-certs/issues/62">#62</a>
from himself65/patch-1</li>
<li><a
href="2e5aa07267"><code>2e5aa07</code></a>
Update README.md</li>
<li>See full diff in <a
href="5565bb656f...493007ed06">compare
view</a></li>
</ul>
</details>
<br />
Updates `docker/setup-buildx-action` from 3.0.0 to 3.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<ul>
<li><code>cache-binary</code> input to enable/disable caching binary to
GHA cache backend by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/300">docker/setup-buildx-action#300</a></li>
<li>build(deps): bump <code>@babel/traverse</code> from 7.17.3 to
7.23.2 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/282">docker/setup-buildx-action#282</a></li>
<li>build(deps): bump <code>@docker/actions-toolkit</code> from 0.12.0
to 0.17.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/281">docker/setup-buildx-action#281</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/284">docker/setup-buildx-action#284</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/299">docker/setup-buildx-action#299</a></li>
<li>build(deps): bump uuid from 9.0.0 to 9.0.1 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/271">docker/setup-buildx-action#271</a></li>
<li>build(deps): bump undici from 5.26.3 to 5.28.3 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/297">docker/setup-buildx-action#297</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0">https://github.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0d103c3126"><code>0d103c3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/300">#300</a>
from crazy-max/cache-binary</li>
<li><a
href="f19477aacd"><code>f19477a</code></a>
chore: update generated content</li>
<li><a
href="a4180f835d"><code>a4180f8</code></a>
cache-binary input to enable/disable caching binary to GHA cache
backend</li>
<li><a
href="524315340d"><code>5243153</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/299">#299</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="3679a54023"><code>3679a54</code></a>
chore: update generated content</li>
<li><a
href="37a22a2fb2"><code>37a22a2</code></a>
build(deps): bump <code>@docker/actions-toolkit</code> from 0.14.0 to
0.17.0</li>
<li><a
href="65afe610a1"><code>65afe61</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/297">#297</a>
from docker/dependabot/npm_and_yarn/undici-5.28.3</li>
<li><a
href="fcb8f722fd"><code>fcb8f72</code></a>
chore: update generated content</li>
<li><a
href="f62b9a17c0"><code>f62b9a1</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/298">#298</a>
from crazy-max/bump-gha</li>
<li><a
href="74c5b717e5"><code>74c5b71</code></a>
bump codecov/codecov-action from 3 to 4</li>
<li>Additional commits viewable in <a
href="f95db51fdd...0d103c3126">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
#### Description
The mutual exclusivity of the allow-hosts and ignore-hosts parameters
looks like an unnecessary obstacle and does not make much sense.
It is very convenient to use a proxy only for the domain of your
service, but at the same time ignore some subdomains, especially when
they serve some kind of CDNs with a large amount of data.
Although this filtering could be implemented using regexp with negative
lookahead, but it complicates configuration and is not as clear as
conjuction of allow and deny filters.
#### Checklist
- [x] I have updated tests where applicable.
- [x] I have added an entry to the CHANGELOG.
---------
Co-authored-by: Denis Stanishevskiy <>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
#### Description
Fixes#4506
`mitmproxy` during server-replay mode, calculates the hashes of flows
from input files based on user defined filters and uses them to compare
against hashes of incoming requests to serve the corresponding stored
response by matching the hash. However, during runtime, if the user
changes any of the filters, `mitmproxy` fails to recalculate the hashes
of input flows and hence doesn't return the intended response. This PR
fixes this issue by recomputing the hashes for every flow whenever a
filter(option) used for computing hashes is changed.
#### Checklist
- [x] I have updated tests where applicable.
- [x] I have added an entry to the CHANGELOG.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Maximilian Hils <git@maximilianhils.com>
Maximilian Hils