249 lines
7.9 KiB
Plaintext
249 lines
7.9 KiB
Plaintext
28 January 2014: mitmproxy 0.10:
|
|
|
|
* Support for multiple scripts and multiple script arguments
|
|
|
|
* Easy certificate install through the in-proxy web app, which is now
|
|
enabled by default
|
|
|
|
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
|
|
|
|
* Reverse proxy now works with SSL
|
|
|
|
* Search within a request/response using the "/" and "n" shortcut keys
|
|
|
|
* A view that beatifies CSS files if cssutils is available
|
|
|
|
* Bug fix, documentation improvements, and more.
|
|
|
|
|
|
25 August 2013: mitmproxy 0.9.2:
|
|
|
|
* Improvements to the mitmproxywrapper.py helper script for OSX.
|
|
|
|
* Don't take minor version into account when checking for serialized file
|
|
compatibility.
|
|
|
|
* Fix a bug causing resource exhaustion under some circumstances for SSL
|
|
connections.
|
|
|
|
* Revamp the way we store interception certificates. We used to store these
|
|
on disk, they're now in-memory. This fixes a race condition related to
|
|
cert handling, and improves compatibility with Windows, where the rules
|
|
governing permitted file names are weird, resulting in errors for some
|
|
valid IDNA-encoded names.
|
|
|
|
* Display transfer rates for responses in the flow list.
|
|
|
|
* Many other small bugfixes and improvements.
|
|
|
|
|
|
|
|
|
|
16 June 2013: mitmproxy 0.9.1:
|
|
|
|
* Use "correct" case for Content-Type headers added by mitmproxy.
|
|
|
|
* Make UTF environment detection more robust.
|
|
|
|
* Improved MIME-type detection for viewers.
|
|
|
|
* Always read files in binary mode (Windows compatibility fix).
|
|
|
|
* Some developer documentation.
|
|
|
|
|
|
15 May 2013: mitmproxy 0.9:
|
|
|
|
* Upstream certs mode is now the default.
|
|
|
|
* Add a WSGI container that lets you host in-proxy web applications.
|
|
|
|
* Full transparent proxy support for Linux and OSX.
|
|
|
|
* Introduce netlib, a common codebase for mitmproxy and pathod
|
|
(http://github.com/cortesi/netlib).
|
|
|
|
* Full support for SNI.
|
|
|
|
* Color palettes for mitmproxy, tailored for light and dark terminal
|
|
backgrounds.
|
|
|
|
* Stream flows to file as responses arrive with the "W" shortcut in
|
|
mitmproxy.
|
|
|
|
* Extend the filter language, including ~d domain match operator, ~a to
|
|
match asset flows (js, images, css).
|
|
|
|
* Follow mode in mitmproxy ("F" shortcut) to "tail" flows as they arrive.
|
|
|
|
* --dummy-certs option to specify and preserve the dummy certificate
|
|
directory.
|
|
|
|
* Server replay from the current captured buffer.
|
|
|
|
* Huge improvements in content views. We now have viewers for AMF, HTML,
|
|
JSON, Javascript, images, XML, URL-encoded forms, as well as hexadecimal
|
|
and raw views.
|
|
|
|
* Add Set Headers, analagous to replacement hooks. Defines headers that are set
|
|
on flows, based on a matching pattern.
|
|
|
|
* A graphical editor for path components in mitmproxy.
|
|
|
|
* A small set of standard user-agent strings, which can be used easily in
|
|
the header editor.
|
|
|
|
* Proxy authentication to limit access to mitmproxy
|
|
|
|
|
|
5 April 2012: mitmproxy 0.8:
|
|
|
|
* Detailed tutorial for Android interception. Some features that land in
|
|
this release have finally made reliable Android interception possible.
|
|
|
|
* Upstream-cert mode, which uses information from the upstream server to
|
|
generate interception certificates.
|
|
|
|
* Replacement patterns that let you easily do global replacements in flows
|
|
matching filter patterns. Can be specified on the command-line, or edited
|
|
interactively.
|
|
|
|
* Much more sophisticated and usable pretty printing of request bodies.
|
|
Support for auto-indentation of Javascript, inspection of image EXIF
|
|
data, and more.
|
|
|
|
* Details view for flows, showing connection and SSL cert information (X
|
|
keyboard shortcut).
|
|
|
|
* Server certificates are now stored and serialized in saved traffic for
|
|
later analysis. This means that the 0.8 serialization format is NOT
|
|
compatible with 0.7.
|
|
|
|
* Many other improvements, including bugfixes, and expanded scripting API,
|
|
and more sophisticated certificate handling.
|
|
|
|
|
|
20 February 2012: mitmproxy 0.7:
|
|
|
|
* New built-in key/value editor. This lets you interactively edit URL query
|
|
strings, headers and URL-encoded form data.
|
|
|
|
* Extend script API to allow duplication and replay of flows.
|
|
|
|
* API for easy manipulation of URL-encoded forms and query strings.
|
|
|
|
* Add "D" shortcut in mitmproxy to duplicate a flow.
|
|
|
|
* Reverse proxy mode. In this mode mitmproxy acts as an HTTP server,
|
|
forwarding all traffic to a specified upstream server.
|
|
|
|
* UI improvements - use unicode characters to make GUI more compact,
|
|
improve spacing and layout throughout.
|
|
|
|
* Add support for filtering by HTTP method.
|
|
|
|
* Add the ability to specify an HTTP body size limit.
|
|
|
|
* Move to typed netstrings for serialization format - this makes 0.7
|
|
backwards-incompatible with serialized data from 0.6!
|
|
|
|
* Significant improvements in speed and responsiveness of UI.
|
|
|
|
* Many minor bugfixes and improvements.
|
|
|
|
|
|
7 August 2011: mitmproxy 0.6:
|
|
|
|
* New scripting API that allows much more flexible and fine-grained
|
|
rewriting of traffic. See the docs for more info.
|
|
|
|
* Support for gzip and deflate content encodings. A new "z"
|
|
keybinding in mitmproxy to let us quickly encode and decode content, plus
|
|
automatic decoding for the "pretty" view mode.
|
|
|
|
* An event log, viewable with the "v" shortcut in mitmproxy, and the
|
|
"-e" command-line flag in mitmdump.
|
|
|
|
* Huge performance improvements: mitmproxy interface, loading
|
|
large numbers of flows from file.
|
|
|
|
* A new "replace" convenience method for all flow objects, that does a
|
|
universal regex-based string replacement.
|
|
|
|
* Header management has been rewritten to maintain both case and order.
|
|
|
|
* Improved stability for SSL interception.
|
|
|
|
* Default expiry time on generated SSL certs has been dropped to avoid an
|
|
OpenSSL overflow bug that caused certificates to expire in the distant
|
|
past on some systems.
|
|
|
|
* A "pretty" view mode for JSON and form submission data.
|
|
|
|
* Expanded documentation and examples.
|
|
|
|
* Countless other small improvements and bugfixes.
|
|
|
|
|
|
27 June 2011: mitmproxy 0.5:
|
|
|
|
* An -n option to start the tools without binding to a proxy port.
|
|
|
|
* Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
|
|
save files.
|
|
|
|
* Regularize command-line options for mitmproxy and mitmdump.
|
|
|
|
* Add an "SSL exception" to mitmproxy's license to remove possible
|
|
distribution issues.
|
|
|
|
* Add a --cert-wait-time option to make mitmproxy pause after a new SSL
|
|
certificate is generated. This can pave over small discrepancies in
|
|
system time between the client and server.
|
|
|
|
* Handle viewing big request and response bodies more elegantly. Only
|
|
render the first 100k of large documents, and try to avoid running the
|
|
XML indenter on non-XML data.
|
|
|
|
* BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
|
|
flow has been replayed.
|
|
|
|
* BUGFIX: Repair a problem that sometimes caused SSL connections to consume
|
|
100% of CPU.
|
|
|
|
|
|
30 March 2011: mitmproxy 0.4
|
|
|
|
* Full serialization of HTTP conversations
|
|
|
|
* Client and server replay
|
|
|
|
* On-the-fly generation of dummy SSL certificates
|
|
|
|
* mitmdump has "grown up" into a powerful tcpdump-like tool for HTTP/S
|
|
|
|
* Dozens of improvements to the mitmproxy console interface
|
|
|
|
* Python scripting hooks for programmatic modification of traffic
|
|
|
|
|
|
1 March 2010: mitmproxy 0.2
|
|
|
|
* Big speed and responsiveness improvements, thanks to Thomas Roth
|
|
|
|
* Support urwid 0.9.9
|
|
|
|
* Terminal beeping based on filter expressions
|
|
|
|
* Filter expressions for terminal beeps, limits, interceptions and sticky
|
|
cookies can now be passed on the command line.
|
|
|
|
* Save requests and responses to file
|
|
|
|
* Split off non-interactive dump functionality into a new tool called
|
|
mitmdump
|
|
|
|
* "A" will now accept all intercepted connections
|
|
|
|
* Lots of bugfixes
|