573 lines
18 KiB
Plaintext
573 lines
18 KiB
Plaintext
15 January 2016: mitmproxy 0.16
|
|
|
|
* Completely revised HTTP2 implementation based on hyper-h2 (Thomas Kriechbaumer)
|
|
|
|
* Export flows as cURL command, Python code or raw HTTP (Shadab Zafar)
|
|
|
|
* Fixed compatibility with the Android Emulator (Will Coster)
|
|
|
|
* Script Reloader: Inline scripts are reloaded automatically if modified (Matthew Shao)
|
|
|
|
* Inline script hooks for TCP mode (Michael J. Bazzinotti)
|
|
|
|
* Add default ciphers to support iOS9 App Transport Security (Jorge Villacorta)
|
|
|
|
* Basic Authentication for mitmweb (Guillem Anguera)
|
|
|
|
* Exempt connections from interception based on TLS Server Name Indication (David Weinstein)
|
|
|
|
* Provide Python Wheels for faster installation
|
|
|
|
* Numerous bugfixes and minor improvements
|
|
|
|
|
|
4 December 2015: mitmproxy 0.15
|
|
|
|
* Support for loading and converting older dumpfile formats (0.13 and up)
|
|
|
|
* Content views for inline script (@chrisczub)
|
|
|
|
* Better handling of empty header values (Benjamin Lee/@bltb)
|
|
|
|
* Fix a gnarly memory leak in mitmdump
|
|
|
|
* A number of bugfixes and small improvements
|
|
|
|
|
|
6 November 2015: mitmproxy 0.14
|
|
|
|
* Statistics: 399 commits, 13 contributors, 79 closed issues, 37 closed
|
|
PRs, 103 days
|
|
|
|
* Docs: Greatly updated docs now hosted on ReadTheDocs!
|
|
http://docs.mitmproxy.org
|
|
|
|
* Docs: Fixed Typos, updated URLs etc. (Nick Badger, Ben Lerner, Choongwoo
|
|
Han, onlywade, Jurriaan Bremer)
|
|
|
|
* mitmdump: Colorized TTY output
|
|
|
|
* mitmdump: Use mitmproxy's content views for human-readable output (Chris
|
|
Czub)
|
|
|
|
* mitmproxy and mitmdump: Support for displaying UTF8 contents
|
|
|
|
* mitmproxy: add command line switch to disable mouse interaction (Timothy
|
|
Elliott)
|
|
|
|
* mitmproxy: bug fixes (Choongwoo Han, sethp-jive, FreeArtMan)
|
|
|
|
* mitmweb: bug fixes (Colin Bendell)
|
|
|
|
* libmproxy: Add ability to fall back to TCP passthrough for non-HTTP
|
|
connections.
|
|
|
|
* libmproxy: Avoid double-connect in case of TLS Server Name Indication.
|
|
This yields a massive speedup for TLS handshakes.
|
|
|
|
* libmproxy: Prevent unneccessary upstream connections (macmantrl)
|
|
|
|
* Inline Scripts: New API for HTTP Headers:
|
|
http://docs.mitmproxy.org/en/latest/dev/models.html#netlib.http.Headers
|
|
|
|
* Inline Scripts: Properly handle exceptions in `done` hook
|
|
|
|
* Inline Scripts: Allow relative imports, provide `__file__`
|
|
|
|
* Examples: Add probabilistic TLS passthrough as an inline script
|
|
|
|
* netlib: Refactored HTTP protocol handling code
|
|
|
|
* netlib: ALPN support
|
|
|
|
* netlib: fixed a bug in the optional certificate verification.
|
|
|
|
* netlib: Initial Python 3.5 support (this is the first prerequisite for
|
|
3.x support in mitmproxy)
|
|
|
|
|
|
24 July 2015: mitmproxy 0.13
|
|
|
|
* Upstream certificate validation. See the --verify-upstream-cert,
|
|
--upstream-trusted-cadir and --upstream-trusted-ca parameters. Thanks to
|
|
Kyle Morton (github.com/kyle-m) for his work on this.
|
|
|
|
* Add HTTP transparent proxy mode. This uses the host headers from HTTP
|
|
traffic (rather than SNI and IP address information from the OS) to
|
|
implement perform transparent proxying. Thanks to github.com/ijiro123 for
|
|
this feature.
|
|
|
|
* Add ~src and ~dst REGEX filters, allowing matching on source and
|
|
destination addresses in the form of <IP>:<Port>
|
|
|
|
* mitmproxy console: change g/G keyboard shortcuts to match less. Thanks to
|
|
Jose Luis Honorato (github.com/jlhonora).
|
|
|
|
* mitmproxy console: Flow marking and unmarking. Marked flows are not
|
|
deleted when the flow list is cleared. Thanks to Jake Drahos
|
|
(github.com/drahosj).
|
|
|
|
* mitmproxy console: add marking of flows
|
|
|
|
* Remove the certforward feature. It was added to allow exploitation of
|
|
#gotofail, which is no longer a common vulnerability. Permitting this
|
|
hugely increased the complexity of packaging and distributing mitmproxy.
|
|
|
|
|
|
|
|
|
|
3 June 2015: mitmproxy 0.12.1
|
|
|
|
* mitmproxy console: mouse interaction - scroll in the flow list, click on
|
|
flow to view, click to switch between tabs.
|
|
|
|
* Update our crypto defaults: SHA256, 2048 bit RSA, 4096 bit DH parameters.
|
|
|
|
* BUGFIX: crash under some circumstances when copying to clipboard.
|
|
|
|
* BUGFIX: occasional crash when deleting flows.
|
|
|
|
|
|
18 May 2015: mitmproxy 0.12
|
|
|
|
* mitmproxy console: Significant revamp of the UI. The major changes are
|
|
listed below, and in addition almost every aspect of the UI has
|
|
been tweaked, and performance has improved significantly.
|
|
|
|
* mitmproxy console: A new options screen has been created ("o" shortcut),
|
|
and many options that were previously manipulated directly via a
|
|
keybinding have been moved there.
|
|
|
|
* mitmproxy console: Big improvement in palettes. This includes improvements
|
|
to all colour schemes. Palettes now set the terminal background colour by
|
|
default, and a new --palette-transparent option has been added to disable
|
|
this.
|
|
|
|
* mitmproxy console: g/G shortcuts throughout mitmproxy console to jump
|
|
to the beginning/end of the current view.
|
|
|
|
* mitmproxy console: switch palettes on the fly from the options screen.
|
|
|
|
* mitmproxy console: A cookie editor has been added for mitmproxy console
|
|
at long last.
|
|
|
|
* mitmproxy console: Various components of requests and responses can be
|
|
copied to the clipboard from mitmproxy - thanks to @marceloglezer.
|
|
|
|
* Support for creating new requests from scratch in mitmproxy console (@marceloglezer).
|
|
|
|
* SSLKEYLOGFILE environment variable to specify a logging location for TLS
|
|
master keys. This can be used with tools like Wireshark to allow TLS
|
|
decoding.
|
|
|
|
* Server facing SSL cipher suite specification (thanks to Jim Shaver).
|
|
|
|
* Official support for transparent proxying on FreeBSD - thanks to Mike C
|
|
(http://github.com/mike-pt).
|
|
|
|
* Many other small bugfixes and improvemenets throughout the project.
|
|
|
|
|
|
29 Dec 2014: mitmproxy 0.11.2:
|
|
|
|
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
|
|
.mitmproxy directory.
|
|
* Better handling of servers that reject connections that are not SNI.
|
|
* Many other small bugfixes and improvements.
|
|
|
|
|
|
15 November 2014: mitmproxy 0.11.1:
|
|
|
|
* Bug fixes: connection leaks some crashes
|
|
|
|
|
|
7 November 2014: mitmproxy 0.11:
|
|
|
|
* Performance improvements for mitmproxy console
|
|
|
|
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
|
|
|
|
* Data streaming for response bodies exceeding a threshold
|
|
(bradpeabody@gmail.com)
|
|
|
|
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
|
|
untouched
|
|
|
|
* Finer-grained control of traffic replay, including options to ignore
|
|
contents or parameters when matching flows (marcelo.glezer@gmail.com)
|
|
|
|
* Pass arguments to inline scripts
|
|
|
|
* Configurable size limit on HTTP request and response bodies
|
|
|
|
* Per-domain specification of interception certificates and keys (see
|
|
--cert option)
|
|
|
|
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
|
|
--cert-forward)
|
|
|
|
* Search and highlighting for HTTP request and response bodies in
|
|
mitmproxy console (pedro@worcel.com)
|
|
|
|
* Transparent proxy support on Windows
|
|
|
|
* Improved error messages and logging
|
|
|
|
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
|
|
|
|
* Content view mode for WBXML (davidshaw835@air-watch.com)
|
|
|
|
* Better documentation, with a new section on proxy modes
|
|
|
|
* Generic TCP proxy mode
|
|
|
|
* Countless bugfixes and other small improvements
|
|
|
|
* pathod: Hugely improved SSL support, including dynamic generation of certificates
|
|
using the mitproxy cacert
|
|
|
|
7 November 2014: pathod 0.11:
|
|
|
|
* Hugely improved SSL support, including dynamic generation of certificates
|
|
using the mitproxy cacert
|
|
|
|
* pathoc -S dumps information on the remote SSL certificate chain
|
|
|
|
* Big improvements to fuzzing, including random spec selection and memoization to avoid repeating randomly generated patterns
|
|
|
|
* Reflected patterns, allowing you to embed a pathod server response specification in a pathoc request, resolving both on client side. This makes fuzzing proxies and other intermediate systems much better.
|
|
|
|
|
|
28 January 2014: mitmproxy 0.10:
|
|
|
|
* Support for multiple scripts and multiple script arguments
|
|
|
|
* Easy certificate install through the in-proxy web app, which is now
|
|
enabled by default
|
|
|
|
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
|
|
|
|
* Reverse proxy now works with SSL
|
|
|
|
* Search within a request/response using the "/" and "n" shortcut keys
|
|
|
|
* A view that beatifies CSS files if cssutils is available
|
|
|
|
* Bug fix, documentation improvements, and more.
|
|
|
|
|
|
25 August 2013: mitmproxy 0.9.2:
|
|
|
|
* Improvements to the mitmproxywrapper.py helper script for OSX.
|
|
|
|
* Don't take minor version into account when checking for serialized file
|
|
compatibility.
|
|
|
|
* Fix a bug causing resource exhaustion under some circumstances for SSL
|
|
connections.
|
|
|
|
* Revamp the way we store interception certificates. We used to store these
|
|
on disk, they're now in-memory. This fixes a race condition related to
|
|
cert handling, and improves compatibility with Windows, where the rules
|
|
governing permitted file names are weird, resulting in errors for some
|
|
valid IDNA-encoded names.
|
|
|
|
* Display transfer rates for responses in the flow list.
|
|
|
|
* Many other small bugfixes and improvements.
|
|
|
|
|
|
25 August 2013: pathod 0.9.2:
|
|
|
|
* Adapt to interface changes in netlib
|
|
|
|
|
|
16 June 2013: mitmproxy 0.9.1:
|
|
|
|
* Use "correct" case for Content-Type headers added by mitmproxy.
|
|
|
|
* Make UTF environment detection more robust.
|
|
|
|
* Improved MIME-type detection for viewers.
|
|
|
|
* Always read files in binary mode (Windows compatibility fix).
|
|
|
|
* Some developer documentation.
|
|
|
|
|
|
15 May 2013: mitmproxy 0.9:
|
|
|
|
* Upstream certs mode is now the default.
|
|
|
|
* Add a WSGI container that lets you host in-proxy web applications.
|
|
|
|
* Full transparent proxy support for Linux and OSX.
|
|
|
|
* Introduce netlib, a common codebase for mitmproxy and pathod
|
|
(http://github.com/cortesi/netlib).
|
|
|
|
* Full support for SNI.
|
|
|
|
* Color palettes for mitmproxy, tailored for light and dark terminal
|
|
backgrounds.
|
|
|
|
* Stream flows to file as responses arrive with the "W" shortcut in
|
|
mitmproxy.
|
|
|
|
* Extend the filter language, including ~d domain match operator, ~a to
|
|
match asset flows (js, images, css).
|
|
|
|
* Follow mode in mitmproxy ("F" shortcut) to "tail" flows as they arrive.
|
|
|
|
* --dummy-certs option to specify and preserve the dummy certificate
|
|
directory.
|
|
|
|
* Server replay from the current captured buffer.
|
|
|
|
* Huge improvements in content views. We now have viewers for AMF, HTML,
|
|
JSON, Javascript, images, XML, URL-encoded forms, as well as hexadecimal
|
|
and raw views.
|
|
|
|
* Add Set Headers, analagous to replacement hooks. Defines headers that are set
|
|
on flows, based on a matching pattern.
|
|
|
|
* A graphical editor for path components in mitmproxy.
|
|
|
|
* A small set of standard user-agent strings, which can be used easily in
|
|
the header editor.
|
|
|
|
* Proxy authentication to limit access to mitmproxy
|
|
|
|
* pathod: Proxy mode. You can now configure clients to use pathod as an
|
|
HTTP/S proxy.
|
|
|
|
* pathoc: Proxy support, including using CONNECT to tunnel directly to
|
|
targets.
|
|
|
|
* pathoc: client certificate support.
|
|
|
|
* pathod: API improvements, bugfixes.
|
|
|
|
|
|
15 May 2013: pathod 0.9 (version synced with mitmproxy):
|
|
|
|
* Pathod proxy mode. You can now configure clients to use pathod as an
|
|
HTTP/S proxy.
|
|
|
|
* Pathoc proxy support, including using CONNECT to tunnel directly to
|
|
targets.
|
|
|
|
* Pathoc client certificate support.
|
|
|
|
* API improvements, bugfixes.
|
|
|
|
|
|
16 November 2012: pathod 0.3:
|
|
|
|
A release focusing on shoring up our fuzzing capabilities, especially with
|
|
pathoc.
|
|
|
|
* pathoc -q and -r options, output full request and response text.
|
|
|
|
* pathod -q and -r options, add full request and response text to pathod's
|
|
log buffer.
|
|
|
|
* pathoc and pathod -x option, makes -q and -r options log in hex dump
|
|
format.
|
|
|
|
* pathoc -C option, specify response codes to ignore.
|
|
|
|
* pathoc -T option, instructs pathoc to ignore timeouts.
|
|
|
|
* pathoc -o option, a one-shot mode that exits after the first non-ignored
|
|
response.
|
|
|
|
* pathoc and pathod -e option, which explains the resulting message by
|
|
expanding random and generated portions, and logging a reproducible
|
|
specification.
|
|
|
|
* Streamline the specification langauge. HTTP response message is now
|
|
specified using the "r" mnemonic.
|
|
|
|
* Add a "u" mnemonic for specifying User-Agent strings. Add a set of
|
|
standard user-agent strings accessible through shortcuts.
|
|
|
|
* Major internal refactoring and cleanup.
|
|
|
|
* Many bugfixes.
|
|
|
|
|
|
22 August 2012: pathod 0.2:
|
|
|
|
* Add pathoc, a pathological HTTP client.
|
|
|
|
* Add libpathod.test, a truss for using pathod in unit tests.
|
|
|
|
* Add an injection operator to the specification language.
|
|
|
|
* Allow Python escape sequences in value literals.
|
|
|
|
* Allow execution of requests and responses from file, using the new + operator.
|
|
|
|
* Add daemonization to Pathod, and make it more robust for public-facing use.
|
|
|
|
* Let pathod pick an arbitrary open port if -p 0 is specified.
|
|
|
|
* Move from Tornado to netlib, the network library written for mitmproxy.
|
|
|
|
* Move the web application to Flask.
|
|
|
|
* Massively expand the documentation.
|
|
|
|
|
|
5 April 2012: mitmproxy 0.8:
|
|
|
|
* Detailed tutorial for Android interception. Some features that land in
|
|
this release have finally made reliable Android interception possible.
|
|
|
|
* Upstream-cert mode, which uses information from the upstream server to
|
|
generate interception certificates.
|
|
|
|
* Replacement patterns that let you easily do global replacements in flows
|
|
matching filter patterns. Can be specified on the command-line, or edited
|
|
interactively.
|
|
|
|
* Much more sophisticated and usable pretty printing of request bodies.
|
|
Support for auto-indentation of Javascript, inspection of image EXIF
|
|
data, and more.
|
|
|
|
* Details view for flows, showing connection and SSL cert information (X
|
|
keyboard shortcut).
|
|
|
|
* Server certificates are now stored and serialized in saved traffic for
|
|
later analysis. This means that the 0.8 serialization format is NOT
|
|
compatible with 0.7.
|
|
|
|
* Many other improvements, including bugfixes, and expanded scripting API,
|
|
and more sophisticated certificate handling.
|
|
|
|
|
|
20 February 2012: mitmproxy 0.7:
|
|
|
|
* New built-in key/value editor. This lets you interactively edit URL query
|
|
strings, headers and URL-encoded form data.
|
|
|
|
* Extend script API to allow duplication and replay of flows.
|
|
|
|
* API for easy manipulation of URL-encoded forms and query strings.
|
|
|
|
* Add "D" shortcut in mitmproxy to duplicate a flow.
|
|
|
|
* Reverse proxy mode. In this mode mitmproxy acts as an HTTP server,
|
|
forwarding all traffic to a specified upstream server.
|
|
|
|
* UI improvements - use unicode characters to make GUI more compact,
|
|
improve spacing and layout throughout.
|
|
|
|
* Add support for filtering by HTTP method.
|
|
|
|
* Add the ability to specify an HTTP body size limit.
|
|
|
|
* Move to typed netstrings for serialization format - this makes 0.7
|
|
backwards-incompatible with serialized data from 0.6!
|
|
|
|
* Significant improvements in speed and responsiveness of UI.
|
|
|
|
* Many minor bugfixes and improvements.
|
|
|
|
|
|
7 August 2011: mitmproxy 0.6:
|
|
|
|
* New scripting API that allows much more flexible and fine-grained
|
|
rewriting of traffic. See the docs for more info.
|
|
|
|
* Support for gzip and deflate content encodings. A new "z"
|
|
keybinding in mitmproxy to let us quickly encode and decode content, plus
|
|
automatic decoding for the "pretty" view mode.
|
|
|
|
* An event log, viewable with the "v" shortcut in mitmproxy, and the
|
|
"-e" command-line flag in mitmdump.
|
|
|
|
* Huge performance improvements: mitmproxy interface, loading
|
|
large numbers of flows from file.
|
|
|
|
* A new "replace" convenience method for all flow objects, that does a
|
|
universal regex-based string replacement.
|
|
|
|
* Header management has been rewritten to maintain both case and order.
|
|
|
|
* Improved stability for SSL interception.
|
|
|
|
* Default expiry time on generated SSL certs has been dropped to avoid an
|
|
OpenSSL overflow bug that caused certificates to expire in the distant
|
|
past on some systems.
|
|
|
|
* A "pretty" view mode for JSON and form submission data.
|
|
|
|
* Expanded documentation and examples.
|
|
|
|
* Countless other small improvements and bugfixes.
|
|
|
|
|
|
27 June 2011: mitmproxy 0.5:
|
|
|
|
* An -n option to start the tools without binding to a proxy port.
|
|
|
|
* Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
|
|
save files.
|
|
|
|
* Regularize command-line options for mitmproxy and mitmdump.
|
|
|
|
* Add an "SSL exception" to mitmproxy's license to remove possible
|
|
distribution issues.
|
|
|
|
* Add a --cert-wait-time option to make mitmproxy pause after a new SSL
|
|
certificate is generated. This can pave over small discrepancies in
|
|
system time between the client and server.
|
|
|
|
* Handle viewing big request and response bodies more elegantly. Only
|
|
render the first 100k of large documents, and try to avoid running the
|
|
XML indenter on non-XML data.
|
|
|
|
* BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
|
|
flow has been replayed.
|
|
|
|
* BUGFIX: Repair a problem that sometimes caused SSL connections to consume
|
|
100% of CPU.
|
|
|
|
|
|
30 March 2011: mitmproxy 0.4
|
|
|
|
* Full serialization of HTTP conversations
|
|
|
|
* Client and server replay
|
|
|
|
* On-the-fly generation of dummy SSL certificates
|
|
|
|
* mitmdump has "grown up" into a powerful tcpdump-like tool for HTTP/S
|
|
|
|
* Dozens of improvements to the mitmproxy console interface
|
|
|
|
* Python scripting hooks for programmatic modification of traffic
|
|
|
|
|
|
1 March 2010: mitmproxy 0.2
|
|
|
|
* Big speed and responsiveness improvements, thanks to Thomas Roth
|
|
|
|
* Support urwid 0.9.9
|
|
|
|
* Terminal beeping based on filter expressions
|
|
|
|
* Filter expressions for terminal beeps, limits, interceptions and sticky
|
|
cookies can now be passed on the command line.
|
|
|
|
* Save requests and responses to file
|
|
|
|
* Split off non-interactive dump functionality into a new tool called
|
|
mitmdump
|
|
|
|
* "A" will now accept all intercepted connections
|
|
|
|
* Lots of bugfixes
|