1119 lines
56 KiB
Markdown
1119 lines
56 KiB
Markdown
# Release History
|
||
|
||
## Unreleased: mitmproxy next
|
||
|
||
* ASGI/WSGI apps can now listen on all ports for a specific hostname.
|
||
This makes it simpler to accept both HTTP and HTTPS.
|
||
|
||
### Breaking Changes
|
||
|
||
* The `onboarding_port` option has been removed. The onboarding app now responds
|
||
to all requests for the hostname specified in `onboarding_host`.
|
||
* `connection.Client` and `connection.Server` now accept keyword arguments only.
|
||
This is a breaking change for custom addons that use these classes directly.
|
||
|
||
## 02 November 2022: mitmproxy 9.0.1
|
||
|
||
* The precompiled binaries now ship with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786.
|
||
* Performance and stability improvements for WireGuard mode.
|
||
([#5694](https://github.com/mitmproxy/mitmproxy/issues/5694), @mhils, @decathorpe)
|
||
* Fix a bug where the standalone Linux binaries would require libffi to be installed.
|
||
([#5699](https://github.com/mitmproxy/mitmproxy/issues/5699), @mhils)
|
||
* Hard exit when mitmproxy cannot write logs, fixes endless loop when parent process exits.
|
||
([#4669](https://github.com/mitmproxy/mitmproxy/issues/4669), @Prinzhorn)
|
||
* Fix a permission error affecting the Docker images.
|
||
([#5700](https://github.com/mitmproxy/mitmproxy/issues/5700), @mhils)
|
||
|
||
|
||
## 28 October 2022: mitmproxy 9.0.0
|
||
|
||
### Major Features
|
||
|
||
* Add Raw UDP support.
|
||
([#5414](https://github.com/mitmproxy/mitmproxy/pull/5414), @meitinger)
|
||
* Add WireGuard mode to enable transparent proxying via WireGuard.
|
||
([#5562](https://github.com/mitmproxy/mitmproxy/pull/5562), @decathorpe, @mhils)
|
||
* Add DTLS support.
|
||
([#5397](https://github.com/mitmproxy/mitmproxy/pull/5397), @kckeiks).
|
||
* Add a quick help bar to mitmproxy.
|
||
([#5381](https://github.com/mitmproxy/mitmproxy/pull/5381/), [#5652](https://github.com/mitmproxy/mitmproxy/pull/5652), @kckeiks, @mhils).
|
||
|
||
### Deprecations
|
||
|
||
* Deprecate `add_log` event hook. Users should use the builtin `logging` module instead.
|
||
See [the docs](https://docs.mitmproxy.org/dev/addons-api-changelog/) for details and upgrade instructions.
|
||
([#5590](https://github.com/mitmproxy/mitmproxy/pull/5590), @mhils)
|
||
* Deprecate `mitmproxy.ctx.log` in favor of Python's builtin `logging` module.
|
||
See [the docs](https://docs.mitmproxy.org/dev/addons-api-changelog/) for details and upgrade instructions.
|
||
([#5590](https://github.com/mitmproxy/mitmproxy/pull/5590), @mhils)
|
||
|
||
### Breaking Changes
|
||
|
||
* The `mode` option is now a list of server specs instead of a single spec.
|
||
The CLI interface is unaffected, but users may need to update their `config.yaml`.
|
||
([#5393](https://github.com/mitmproxy/mitmproxy/pull/5393), @mhils)
|
||
|
||
### Full Changelog
|
||
|
||
* Mitmproxy binaries now ship with Python 3.11.
|
||
([#5678](https://github.com/mitmproxy/mitmproxy/issues/5678), @mhils)
|
||
* One mitmproxy instance can now spawn multiple proxy servers.
|
||
([#5393](https://github.com/mitmproxy/mitmproxy/pull/5393), @mhils)
|
||
* Add syntax highlighting to JSON and msgpack content view.
|
||
([#5623](https://github.com/mitmproxy/mitmproxy/issues/5623), @SapiensAnatis)
|
||
* Add MQTT content view.
|
||
([#5588](https://github.com/mitmproxy/mitmproxy/pull/5588), @nikitastupin, @abbbe)
|
||
* Setting `connection_strategy` to `lazy` now also disables early
|
||
upstream connections to fetch TLS certificate details.
|
||
([#5487](https://github.com/mitmproxy/mitmproxy/pull/5487), @mhils)
|
||
* Fix order of event hooks on startup.
|
||
([#5376](https://github.com/mitmproxy/mitmproxy/issues/5376), @meitinger)
|
||
* Include server information in bind/listen errors.
|
||
([#5495](https://github.com/mitmproxy/mitmproxy/pull/5495), @meitinger)
|
||
* Include information about lazy connection_strategy in related errors.
|
||
([#5465](https://github.com/mitmproxy/mitmproxy/pull/5465), @meitinger, @mhils)
|
||
* Fix `tls_version_server_min` and `tls_version_server_max` options.
|
||
([#5546](https://github.com/mitmproxy/mitmproxy/issues/5546), @mhils)
|
||
* Added Magisk module generation for Android onboarding.
|
||
([#5547](https://github.com/mitmproxy/mitmproxy/pull/5547), @jorants)
|
||
* Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc version to 2.31.
|
||
([#5547](https://github.com/mitmproxy/mitmproxy/pull/5547), @jorants)
|
||
* Add "Save filtered" button in mitmweb.
|
||
([#5531](https://github.com/mitmproxy/mitmproxy/pull/5531), @rnbwdsh, @mhils)
|
||
* Render application/prpc content as gRPC/Protocol Buffers
|
||
([#5568](https://github.com/mitmproxy/mitmproxy/pull/5568), @selfisekai)
|
||
* Mitmweb now supports `content_view_lines_cutoff`.
|
||
([#5548](https://github.com/mitmproxy/mitmproxy/pull/5548), @sanlengjingvv)
|
||
* Fix a mitmweb crash when scrolling down the flow list.
|
||
([#5507](https://github.com/mitmproxy/mitmproxy/pull/5507), @LIU-shuyi)
|
||
* Add HTTP/3 binary frame content view.
|
||
([#5582](https://github.com/mitmproxy/mitmproxy/pull/5582), @mhils)
|
||
* Fix mitmweb not properly opening a browser and being stuck on some Linux.
|
||
([#5522](https://github.com/mitmproxy/mitmproxy/issues/5522), @Prinzhorn)
|
||
* Fix race condition when updating mitmweb WebSocket connections that are closing.
|
||
([#5405](https://github.com/mitmproxy/mitmproxy/issues/5405), [#5686](https://github.com/mitmproxy/mitmproxy/issues/5686), @mhils)
|
||
* Fix mitmweb crash when using filters.
|
||
([#5658](https://github.com/mitmproxy/mitmproxy/issues/5658), [#5661](https://github.com/mitmproxy/mitmproxy/issues/5661), @LIU-shuyi, @mhils)
|
||
* Fix missing default port when starting a browser.
|
||
([#5687](https://github.com/mitmproxy/mitmproxy/issues/5687), @rbdixon)
|
||
* Add docs for transparent mode on Windows.
|
||
([#5402](https://github.com/mitmproxy/mitmproxy/issues/5402), @stephenspol)
|
||
|
||
## 28 June 2022: mitmproxy 8.1.1
|
||
|
||
* Support specifying the local address for outgoing connections
|
||
([#5364](https://github.com/mitmproxy/mitmproxy/discussions/5364), @meitinger)
|
||
* Fix a bug where an excess empty chunk has been sent for chunked HEAD request.
|
||
([#5372](https://github.com/mitmproxy/mitmproxy/discussions/5372), @jixunmoe)
|
||
* Drop pkg_resources dependency.
|
||
([#5401](https://github.com/mitmproxy/mitmproxy/issues/5401), @PavelICS)
|
||
* Fix huge (>65kb) http2 responses corrupted.
|
||
([#5428](https://github.com/mitmproxy/mitmproxy/issues/5428), @dhabensky)
|
||
* Remove overambitious assertions in the HTTP state machine,
|
||
fix some error handling.
|
||
([#5383](https://github.com/mitmproxy/mitmproxy/issues/5383), @mhils)
|
||
* Use default_factory for parser_options.
|
||
([#5474](https://github.com/mitmproxy/mitmproxy/issues/5474), @rathann)
|
||
|
||
## 15 May 2022: mitmproxy 8.1.0
|
||
|
||
* DNS support
|
||
([#5232](https://github.com/mitmproxy/mitmproxy/pull/5232), @meitinger)
|
||
* Mitmproxy now requires Python 3.9 or above.
|
||
([#5233](https://github.com/mitmproxy/mitmproxy/issues/5233), @mhils)
|
||
* Fix a memory leak in mitmdump where flows were kept in memory.
|
||
([#4786](https://github.com/mitmproxy/mitmproxy/issues/4786), @mhils)
|
||
* Replayed flows retain their current position in the flow list.
|
||
([#5227](https://github.com/mitmproxy/mitmproxy/issues/5227), @mhils)
|
||
* Periodically send HTTP/2 ping frames to keep connections alive.
|
||
([#5046](https://github.com/mitmproxy/mitmproxy/issues/5046), @EndUser509)
|
||
* Console Performance Improvements
|
||
([#3427](https://github.com/mitmproxy/mitmproxy/issues/3427), @BkPHcgQL3V)
|
||
* Warn users if server side event responses are received without streaming.
|
||
([#4469](https://github.com/mitmproxy/mitmproxy/issues/4469), @mhils)
|
||
* Add flatpak support to the browser addon
|
||
([#5200](https://github.com/mitmproxy/mitmproxy/issues/5200), @pauloromeira)
|
||
* Add example addon to dump contents to files based on a filter expression
|
||
([#5190](https://github.com/mitmproxy/mitmproxy/issues/5190), @redraw)
|
||
* Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy
|
||
([#5109](https://github.com/mitmproxy/mitmproxy/issues/5109), @mhils)
|
||
* Make sure that mitmproxy displays error messages on startup.
|
||
([#5225](https://github.com/mitmproxy/mitmproxy/issues/5225), @mhils)
|
||
* Add example addon for domain fronting.
|
||
([#5217](https://github.com/mitmproxy/mitmproxy/issues/5217), @randomstuff)
|
||
* Improve cut addon to better handle binary contents
|
||
([#3965](https://github.com/mitmproxy/mitmproxy/issues/3965), @mhils)
|
||
* Fix text truncation for full-width characters
|
||
([#4278](https://github.com/mitmproxy/mitmproxy/issues/4278), @kjy00302)
|
||
* Fix mitmweb export copy failed in non-secure domain.
|
||
([#5264](https://github.com/mitmproxy/mitmproxy/issues/5264), @Pactortester)
|
||
* Add example script for manipulating cookies.
|
||
([#5278](https://github.com/mitmproxy/mitmproxy/issues/5278), @WillahScott)
|
||
* When opening an external viewer for message contents, mailcap files are not considered anymore.
|
||
This preempts the upcoming deprecation of Python's `mailcap` module.
|
||
([#5297](https://github.com/mitmproxy/mitmproxy/issues/5297), @KORraNpl)
|
||
* Fix hostname encoding for IDNA domains in upstream mode.
|
||
([#5316](https://github.com/mitmproxy/mitmproxy/issues/5316), @nneonneo)
|
||
* Fix hot reloading of contentviews.
|
||
([#5319](https://github.com/mitmproxy/mitmproxy/issues/5319), @nneonneo)
|
||
* Ignore HTTP/2 information responses instead of raising an error.
|
||
([#5332](https://github.com/mitmproxy/mitmproxy/issues/5332), @mhils)
|
||
* Improve performance and memory usage by reusing OpenSSL contexts.
|
||
([#5339](https://github.com/mitmproxy/mitmproxy/issues/5339), @mhils)
|
||
* Fix handling of multiple Cookie headers when proxying HTTP/2 to HTTP/1
|
||
([#5337](https://github.com/mitmproxy/mitmproxy/issues/5337), @rinsuki)
|
||
* Improve http_manipulate_cookies.py example.
|
||
([#5578](https://github.com/mitmproxy/mitmproxy/issues/5578), @insilications)
|
||
|
||
## 19 March 2022: mitmproxy 8.0.0
|
||
|
||
### Major Changes
|
||
|
||
* Major improvements to the web interface (@gorogoroumaru)
|
||
* Event hooks can now be async (@nneonneo, [#5106](https://github.com/mitmproxy/mitmproxy/issues/5106))
|
||
* New [`tls_{established,failed}_{client,server}` event hooks](https://docs.mitmproxy.org/dev/api/events.html#TLSEvents)
|
||
to record negotiation success/failure (@mhils, [#4790](https://github.com/mitmproxy/mitmproxy/pull/4790))
|
||
|
||
### Security Fixes
|
||
|
||
* [CVE-2022-24766](https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3):
|
||
Fix request smuggling vulnerability reported by @zeyu2001 (@mhils)
|
||
|
||
### Full Changelog
|
||
|
||
* Support proxy authentication for SOCKS v5 mode (@starplanet)
|
||
* Make it possible to ignore connections in the tls_clienthello event hook (@mhils)
|
||
* fix some responses not being decoded properly if the encoding was uppercase (#4735, @Mattwmaster58)
|
||
* Trigger event hooks for flows with semantically invalid requests, for example invalid content-length headers (@mhils)
|
||
* Improve error message on TLS version mismatch (@mhils)
|
||
* Windows: Switch to Python's default asyncio event loop, which increases the number of sockets
|
||
that can be processed simultaneously (@mhils)
|
||
* Add `client_replay_concurrency` option, which allows more than one client replay request to be in-flight at a time. (@rbdixon)
|
||
* New content view which handles gRPC/protobuf. Allows to apply custom definitions to visualize different field decodings.
|
||
Includes example addon which applies custom definitions for selected gRPC traffic (@mame82)
|
||
* Fix a crash caused when editing string option (#4852, @rbdixon)
|
||
* Base container image bumped to Debian 11 Bullseye (@Kriechi)
|
||
* Upstream replays don't do CONNECT on plaintext HTTP requests (#4876, @HoffmannP)
|
||
* Remove workarounds for old pyOpenSSL versions (#4831, @KarlParkinson)
|
||
* Add fonts to asset filter (~a) (#4928, @elespike)
|
||
* Fix bug that crashed when using `view.flows.resolve` (#4916, @rbdixon)
|
||
* Fix a bug where `running()` is invoked twice on startup (#3584, @mhils)
|
||
* Correct documentation example for User-Agent header modification (#4997, @jamesyale)
|
||
* Fix random connection stalls (#5040, @EndUser509)
|
||
* Add `n` new flow keybind to mitmweb (#5061, @ianklatzco)
|
||
* Fix compatibility with BoringSSL (@pmoulton)
|
||
* Added `WebSocketMessage.injected` flag (@Prinzhorn)
|
||
* Add example addon for saving streamed data to individual files (@EndUser509)
|
||
* Change connection event hooks to be blocking.
|
||
Processing will only resume once the event hook has finished. (@Prinzhorn)
|
||
* Reintroduce `Flow.live`, which signals if a flow belongs to a currently active connection. (#4207, @mhils)
|
||
* Speculative fix for some rare HTTP/2 connection stalls (#5158, @EndUser509)
|
||
* Add ability to specify custom ports with LDAP authentication (#5068, @demonoidvk)
|
||
* Add support for rotating saved streams every hour or day (@EndUser509)
|
||
* Console Improvements on Windows (@mhils)
|
||
* Fix processing of `--set` options (#5067, @marwinxxii)
|
||
* Lowercase user-added header names and emit a log message to notify the user when using HTTP/2 (#4746, @mhils)
|
||
* Exit early if there are errors on startup (#4544, @mhils)
|
||
* Fixed encoding guessing: only search for meta tags in HTML bodies (##4566, @Prinzhorn)
|
||
* Binaries are now built with Python 3.10 (@mhils)
|
||
|
||
## 28 September 2021: mitmproxy 7.0.4
|
||
|
||
* Do not add a Content-Length header for chunked HTTP/1 messages (@matthewhughes934)
|
||
|
||
## 16 September 2021: mitmproxy 7.0.3
|
||
|
||
* [CVE-2021-39214](https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38):
|
||
Fix request smuggling vulnerabilities reported by @chinchila (@mhils)
|
||
* Expose TLS 1.0 as possible minimum version on older pyOpenSSL releases (@mhils)
|
||
* Fix compatibility with Python 3.10 (@mhils)
|
||
|
||
## 4 August 2021: mitmproxy 7.0.2
|
||
|
||
* Fix a WebSocket crash introduced in 7.0.1 (@mhils)
|
||
|
||
## 3 August 2021: mitmproxy 7.0.1
|
||
|
||
* Performance: Re-use OpenSSL contexts to enable TLS session resumption (@mhils)
|
||
* Disable HTTP/2 CONNECT for Secure Web Proxies to fix compatibility with Firefox (@mhils)
|
||
* Use local IP address as certificate subject if no other info is available (@mhils)
|
||
* Make it possible to return multiple chunks for HTTP stream modification (@mhils)
|
||
* Don't send WebSocket CONTINUATION frames when the peer does not send any (@Pilphe)
|
||
* Fix HTTP stream modify example. (@mhils)
|
||
* Fix a crash caused by no-op assignments to `Server.address` (@SaladDais)
|
||
* Fix a crash when encountering invalid certificates (@mhils)
|
||
* Fix a crash when pressing the Home/End keys in some screens (@rbdixon)
|
||
* Fix a crash when reading corrupted flow dumps (@mhils)
|
||
* Fix multiple crashes on flow export (@mhils)
|
||
* Fix a bug where ASGI apps did not see the request body (@mhils)
|
||
* Minor documentation improvements (@mhils)
|
||
|
||
## 16 July 2021: mitmproxy 7.0
|
||
|
||
### New Proxy Core (@mhils, [blog post](https://www.mitmproxy.org/posts/releases/mitmproxy7/))
|
||
|
||
Mitmproxy has a completely new proxy core, fixing many longstanding issues:
|
||
|
||
* **Secure Web Proxy:** Mitmproxy now supports TLS-over-TLS to already encrypt the connection to the proxy.
|
||
* **Server-Side Greetings:** Mitmproxy now supports proxying raw TCP connections, including ones that start
|
||
with a server-side greeting (e.g. SMTP).
|
||
* **HTTP/1 – HTTP/2 Interoperability:** mitmproxy can now accept an HTTP/2 connection from the client,
|
||
and forward it to an HTTP/1 server.
|
||
* **HTTP/2 Redirects:** The request destination can now be changed on HTTP/2 flows.
|
||
* **Connection Strategy:** Users can now specify if they want mitmproxy to eagerly connect upstream
|
||
or wait as long as possible. Eager connections are required to detect protocols with server-side
|
||
greetings, lazy connections enable the replay of responses without connecting to an upstream server.
|
||
* **Timeout Handling:** Mitmproxy will now clean up idle connections and also abort requests if the client disconnects
|
||
in the meantime.
|
||
* **Host Header-based Proxying:** If the request destination is unknown, mitmproxy now falls back to proxying
|
||
based on the Host header. This means that requests can often be redirected to mitmproxy using
|
||
DNS spoofing only.
|
||
* **Internals:** All protocol logic is now separated from I/O (["sans-io"](https://sans-io.readthedocs.io/)).
|
||
This greatly improves testing capabilities, prevents a wide array of race conditions, and increases
|
||
proper isolation between layers.
|
||
|
||
### Additional Changes
|
||
|
||
* mitmproxy's command line interface now supports Windows (@mhils)
|
||
* The `clientconnect`, `clientdisconnect`, `serverconnect`, `serverdisconnect`, and `log`
|
||
events have been replaced with new events, see addon documentation for details (@mhils)
|
||
* Contentviews now implement `render_priority` instead of `should_render`, allowing more specialization (@mhils)
|
||
* Addition of block_list option to block requests with a set status code (@ericbeland)
|
||
* Make mitmweb columns configurable and customizable (@gorogoroumaru)
|
||
* Automatic JSON view mode when `+json` suffix in content type (@kam800)
|
||
* Use pyca/cryptography to generate certificates, not pyOpenSSL (@mhils)
|
||
* Remove the legacy protocol stack (@Kriechi)
|
||
* Remove all deprecated pathod and pathoc tools and modules (@Kriechi)
|
||
* In reverse proxy mode, mitmproxy now does not assume TLS if no scheme
|
||
is given but a custom port is provided (@mhils)
|
||
* Remove the following options: `http2_priority`, `relax_http_form_validation`, `upstream_bind_address`,
|
||
`spoof_source_address`, and `stream_websockets`. If you depended on one of them please let us know.
|
||
mitmproxy never phones home, which means we don't know how prominently these options were used. (@mhils)
|
||
* Fix IDNA host 'Bad HTTP request line' error (@grahamrobbins)
|
||
* Pressing `?` now exits console help view (@abitrolly)
|
||
* `--modify-headers` now works correctly when modifying a header that is also part of the filter expression (@Prinzhorn)
|
||
* Fix SNI-related reproducibility issues when exporting to curl/httpie commands. (@dkasak)
|
||
* Add option `export_preserve_original_ip` to force exported command to connect to IP from original request.
|
||
Only supports curl at the moment. (@dkasak)
|
||
* Major proxy protocol testing (@r00t-)
|
||
* Switch Docker image release to be based on Debian (@PeterDaveHello)
|
||
* Multiple Browsers: The `browser.start` command may be executed more than once to start additional
|
||
browser sessions. (@rbdixon)
|
||
* Improve readability of SHA256 fingerprint. (@wrekone)
|
||
* Metadata and Replay Flow Filters: Flows may be filtered based on metadata and replay status. (@rbdixon)
|
||
* Flow control: don't read connection data faster than it can be forwarded. (@hazcod)
|
||
* Docker images for ARM64 architecture (@hazcod, @mhils)
|
||
* Fix parsing of certificate issuer/subject with escaped special characters (@Prinzhorn)
|
||
* Customize markers with emoji, and filters: The `flow.mark` command may be used to mark a flow with either the default
|
||
"red ball" marker, a single character, or an emoji like `:grapes:`. Use the `~marker` filter to filter on marker
|
||
characters. (@rbdixon)
|
||
* New `flow.comment` command to add a comment to the flow. Add `~comment <regex>` filter syntax to search flow comments.
|
||
(@rbdixon)
|
||
* Fix multipart forms losing `boundary` values on edit. (@roytu)
|
||
* `Transfer-Encoding: chunked` HTTP message bodies are now retained if they are below the stream_large_bodies limit.
|
||
(@mhils)
|
||
* `json()` method for HTTP Request and Response instances will return decoded JSON body. (@rbdixon)
|
||
* Support for HTTP/2 Push Promises has been dropped. (@mhils)
|
||
* Make it possible to set sequence options from the command line. (@Yopi)
|
||
|
||
## 15 December 2020: mitmproxy 6.0.2
|
||
|
||
* Fix reading of saved flows in mitmweb.
|
||
|
||
## 13 December 2020: mitmproxy 6.0.1
|
||
|
||
* Fix flow serialization in mitmweb.
|
||
|
||
## 13 December 2020: mitmproxy 6.0
|
||
|
||
* Mitmproxy now requires Python 3.8 or above.
|
||
* Deprecation of pathod and pathoc tools and modules. Future releases will not contain them! (@Kriechi)
|
||
* SSLKEYLOGFILE now supports TLS 1.3 secrets (@mhils)
|
||
* Fix query parameters in asgiapp addon (@jpstotz)
|
||
* Fix command history failing on file I/O errors (@Kriechi)
|
||
* Add example addon to suppress unwanted error messages sent by mitmproxy. (@anneborcherding)
|
||
* Updated imports and styles for web scanner helper addons. (@anneborcherding)
|
||
* Inform when underscore-formatted options are used in client arg. (@jrblixt)
|
||
* ASGIApp now ignores loaded HTTP flows from somewhere. (@linw1995)
|
||
* Binaries are now built with Python 3.9 (@mhils)
|
||
* Fixed the web UI showing blank page on clicking details tab when server address is missing (@samhita-sopho)
|
||
* Tests: Replace asynctest with stdlib mock (@felixonmars)
|
||
* MapLocal now keeps its configuration when other options are set. (@mhils)
|
||
* Host headers with non-standard ports are now properly updated in reverse proxy mode. (@mhils)
|
||
* Fix missing host header when replaying HTTP/2 flows (@Granitosaurus)
|
||
|
||
## 01 November 2020: mitmproxy 5.3
|
||
|
||
### Full Changelog
|
||
|
||
* Support for Python 3.9 (@mhils)
|
||
* Add MsgPack content viewer (@tasn)
|
||
* Use `@charset` to decode CSS files if available (@Prinzhorn)
|
||
* Fix links to anticache docs in mitmweb and use HTTPS for links to documentation (@rugk)
|
||
* Updated typing for WebsocketMessage.content (@Prinzhorn)
|
||
* Add option `console_strip_trailing_newlines`, and no longer strip trailing newlines by default (@capt8bit)
|
||
* Prevent transparent mode from connecting to itself in the basic cases (@Prinzhorn)
|
||
* Display HTTP trailers in mitmweb (@sanlengjingvv)
|
||
* Revamp onboarding app (@mhils)
|
||
* Add ASGI support for embedded apps (@mhils)
|
||
* Updated raw exports to not remove headers (@wchasekelley)
|
||
* Fix file unlinking before external viewer finishes loading (@wchasekelley)
|
||
* Add --cert-passphrase command line argument (@mirosyn)
|
||
* Add interactive tutorials to the documentation (@mplattner)
|
||
* Support `deflateRaw` for `Content-Encoding`'s (@kjoconnor)
|
||
* Fix broken requests without body on HTTP/2 (@Kriechi)
|
||
* Add support for sending (but not parsing) HTTP Trailers to the HTTP/1.1 protocol (@bburky)
|
||
* Add support to echo http trailers in dumper addon (@shiv6146)
|
||
* Fix OpenSSL requiring different CN for root and leaf certificates (@mhils)
|
||
* ... and various other fixes, documentation improvements, dependency version bumps, etc.
|
||
|
||
## 18 July 2020: mitmproxy 5.2
|
||
|
||
* Add Filter message to mitmdump (@sarthak212)
|
||
* Display TCP flows at flow list (@Jessonsotoventura, @nikitastupin, @mhils)
|
||
* Colorize JSON Contentview (@sarthak212)
|
||
* Fix console crash when entering regex escape character in half-open string (@sarthak212)
|
||
* Integrate contentviews to TCP flow details (@nikitastupin)
|
||
* Added add-ons that enhance the performance of web application scanners (@anneborcherding)
|
||
* Increase WebSocket message timestamp precision (@JustAnotherArchivist)
|
||
* Fix HTTP reason value on HTTP/2 reponses (@rbdixon)
|
||
* mitmweb: support wslview to open a web browser (@G-Rath)
|
||
* Fix dev version detection with parent git repo (@JustAnotherArchivist)
|
||
* Restructure examples and supported addons (@mhils)
|
||
* Certificate generation: mark SAN as critical if no CN is set (@mhils)
|
||
* Simplify Replacements with new ModifyBody addon (@mplattner)
|
||
* Rename SetHeaders addon to ModifyHeaders (@mplattner)
|
||
* mitmweb: "New -> File" menu option has been renamed to "Clear All" (@yogeshojha)
|
||
* Add new MapRemote addon to rewrite URLs of requests (@mplattner)
|
||
* Add support for HTTP Trailers to the HTTP/2 protocol (@sanlengjingvv and @Kriechi)
|
||
* Fix certificate runtime error during expire cleanup (@gorogoroumaru)
|
||
* Fixed the DNS Rebind Protection for secure support of IPv6 addresses (@tunnelpr0)
|
||
* WebSockets: match the HTTP-WebSocket flow for the ~websocket filter (@Kriechi)
|
||
* Fix deadlock caused by the "replay.client.stop" command (@gorogoroumaru)
|
||
* Add new MapLocal addon to serve local files instead of remote resources (@mplattner and @mhils)
|
||
* Add minimal TCP interception and modification (@nikitastupin)
|
||
* Add new CheckSSLPinning addon to check SSL-Pinning on client (@su-vikas)
|
||
* Add a JSON dump script: write data into a file or send to an endpoint as JSON (@emedvedev)
|
||
* Fix console output formatting (@sarthak212)
|
||
* Add example for proxy authentication using selenium (@anneborcherding and @weichweich)
|
||
|
||
## 13 April 2020: mitmproxy 5.1.1
|
||
|
||
* Fixed Docker images not starting due to missing shell
|
||
|
||
## 13 April 2020: mitmproxy 5.1
|
||
|
||
### Major Changes
|
||
|
||
* Initial Support for TLS 1.3
|
||
|
||
### Full Changelog
|
||
|
||
* Reduce leaf certificate validity to one year due to upcoming browser changes (@mhils)
|
||
* Rename mitmweb's `web_iface` option to `web_host` for consistency (@oxr463)
|
||
* Sending a SIGTERM now exits mitmproxy without prompt, SIGINT still asks (@ThinkChaos)
|
||
* Don't force host header on outgoing requests (@mhils)
|
||
* Additional documentation and examples for WebSockets (@Kriechi)
|
||
* Gracefully handle hyphens in domain names (@matosconsulting)
|
||
* Fix header replacement count (@naivekun)
|
||
* Emit serverconnect event only after a connection has been established (@Prinzhorn)
|
||
* Fix ValueError in table mode of server replay flow (@ylmrx)
|
||
* HTTP/2: send all stream reset types to other connection (@rohfle)
|
||
* HTTP/2: fix WINDOW_UPDATE swallowed on closed streams (@Kriechi)
|
||
* Fix wrong behavior of --allow-hosts options (@BlownSnail)
|
||
* Additional and updated documentation for examples, WebSockets, Getting Started (@Kriechi)
|
||
|
||
## 27 December 2019: mitmproxy 5.0.1
|
||
|
||
* Fixed precompiled Linux binaries to not crash in table mode
|
||
* Display webp images in mitmweb (@cixtor)
|
||
|
||
## 16 December 2019: mitmproxy 5.0
|
||
|
||
### Major Changes
|
||
|
||
* Added new Table UI (@Jessonsotoventura)
|
||
* Added EKU extension to certificates. This fixes support for macOS Catalina (@vin01)
|
||
|
||
### Security Fixes
|
||
|
||
* Fixed command injection vulnerabilities when exporting flows as curl/httpie commands (@cript0nauta)
|
||
* Do not echo unsanitized user input in HTTP error responses (@fimad)
|
||
|
||
### Full Changelog
|
||
|
||
* Moved to GitHub CI for Continuous Integration, dropping support for old Linux and macOS releases. (#3728)
|
||
* Vastly improved command parsing, in particular for setting flow filters (@typoon)
|
||
* Added a new flow export for raw responses (@mckeimic)
|
||
* URLs are now edited in an external editor (@Jessonsotoventura)
|
||
* mitmproxy now has a command history (@typoon)
|
||
* Added terminal like keyboard shortcuts for the command bar (ctrl+w, ctrl+a, ctrl+f, ...) (@typoon)
|
||
* Fixed issue with improper handling of non-ascii characters in URLs (@rjt-gupta)
|
||
* Filtering can now use unicode characters (@rjt-gupta)
|
||
* Fixed issue with user keybindings not being able to override default keybindings
|
||
* Improved installation instructions
|
||
* Added support for IPV6-only environments (@sethb157)
|
||
* Fixed bug with server replay (@rjt-gupta)
|
||
* Fixed issue with duplicate error responses (@ccssrryy)
|
||
* Users can now set a specific external editor using $MITMPROXY_EDITOR (@rjt-gupta)
|
||
* Config file can now be called `config.yml` or `config.yaml` (@ylmrx)
|
||
* Fixed crash on `view.focus.[next|prev]` (@ylmrx)
|
||
* Updated documentation to help using mitmproxy certificate on Android (@jannst)
|
||
* Added support to parse IPv6 entries from `pfctl` on MacOS. (@tomlabaude)
|
||
* Fixed instructions on how to build the documentation (@jannst)
|
||
* Added a new `--allow-hosts` option (@pierlon)
|
||
* Added support for zstd content-encoding (@tsaaristo)
|
||
* Fixed issue where the replay server would corrupt the Date header (@tonyb486)
|
||
* Improve speed for WebSocket interception (@MathieuBordere)
|
||
* Fixed issue with parsing JPEG files. (@lusceu)
|
||
* Improve example code style (@BoboTiG)
|
||
* Fixed issue converting void responses to HAR (@worldmind)
|
||
* Color coded http status codes in mitmweb (@arun-94)
|
||
* Added organization to generated certificates (@Abcdefghijklmnopqrstuvwxyzxyz)
|
||
* Errors are now displayed on sys.stderr (@JessicaFavin)
|
||
* Fixed issue with replay timestamps (@rjt-gupta)
|
||
* Fixed copying in mitmweb on macOS (@XZzYassin)
|
||
|
||
## 31 July 2018: mitmproxy 4.0.4
|
||
|
||
* Security: Protect mitmweb against DNS rebinding. (CVE-2018-14505, @atx)
|
||
* Reduce certificate lifetime to two years to be conformant with
|
||
the current CA/Browser Forum Baseline Requirements. (@muffl0n)
|
||
(https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/)
|
||
* Update cryptography to version 2.3.
|
||
|
||
## 15 June 2018: mitmproxy 4.0.3
|
||
|
||
* Add support for IPv6 transparent mode on Windows (#3174)
|
||
* Add Docker images for ARMv7 - Raspberry Pi (#3190)
|
||
* Major overhaul of our release workflow - you probably won't notice it, but for us it's a big thing!
|
||
* Fix the Python version detection on Python 3.5, we now show a more intuitive error message (#3188)
|
||
* Fix application shutdown on Windows (#3172)
|
||
* Fix IPv6 scope suffixes in block addon (#3164)
|
||
* Fix options update when added (#3157)
|
||
* Fix "Edit Flow" button in mitmweb (#3136)
|
||
|
||
## 15 June 2018: mitmproxy 4.0.2
|
||
|
||
* Skipped!
|
||
|
||
## 17 May 2018: mitmproxy 4.0.1
|
||
|
||
### Bugfixes
|
||
|
||
* The previous release had a packaging issue, so we bumped it to v4.0.1 and re-released it.
|
||
* This contains no actual bugfixes or new features.
|
||
|
||
## 17 May 2018: mitmproxy 4.0
|
||
|
||
### Features
|
||
|
||
* mitmproxy now requires Python 3.6!
|
||
* Moved the core to asyncio - which gives us a very significant performance boost!
|
||
* Reduce memory consumption by using `SO_KEEPALIVE` (#3076)
|
||
* Export request as httpie command (#3031)
|
||
* Configure mitmproxy console keybindings with the keys.yaml file. See docs for more.
|
||
|
||
### Breaking Changes
|
||
|
||
* The --conf command-line flag is now --confdir, and specifies the mitmproxy configuration
|
||
directory, instead of the options yaml file (which is at `config.yaml` under the configuration directory).
|
||
* `allow_remote` got replaced by `block_global` and `block_private` (#3100)
|
||
* No more custom events (#3093)
|
||
* The `cadir` option has been renamed to `confdir`
|
||
* We no longer magically capture print statements in addons and translate
|
||
them to logs. Please use `ctx.log.info` explicitly.
|
||
|
||
### Bugfixes
|
||
|
||
* Correctly block connections from remote clients with IPv4-mapped IPv6 client addresses (#3099)
|
||
* Expand `~` in paths during the `cut` command (#3078)
|
||
* Remove socket listen backlog constraint
|
||
* Improve handling of user script exceptions (#3050, #2837)
|
||
* Ignore signal errors on windows
|
||
* Fix traceback for commands with un-terminated escape characters (#2810)
|
||
* Fix request replay when proxy is bound to local interface (#2647)
|
||
* Fix traceback when running scripts on a flow twice (#2838)
|
||
* Fix traceback when killing intercepted flow (#2879)
|
||
* And lots of typos, docs improvements, revamped examples, and general fixes!
|
||
|
||
## 05 April 2018: mitmproxy 3.0.4
|
||
|
||
* Fix an issue that caused mitmproxy to not retry HTTP requests on timeout.
|
||
* Various other fixes (@kira0204, @fenilgandhi, @tran-tien-dat, @smonami,
|
||
@luzpaz, @fristonio, @kajojify, @Oliver-Fish, @hcbarry, @jplochocki, @MikeShi42,
|
||
@ghillu, @emilstahl)
|
||
|
||
## 25 February 2018: mitmproxy 3.0.3
|
||
|
||
* Fix an issue that caused mitmproxy to lose keyboard control after spawning an external editor.
|
||
|
||
## 23 February 2018: mitmproxy 3.0.1
|
||
|
||
* Fix a quote-related issue affecting the mitmproxy console command prompt.
|
||
|
||
## 22 February 2018: mitmproxy 3.0
|
||
|
||
### Major Changes
|
||
|
||
* Commands: A consistent, typed mechanism that allows addons to expose actions
|
||
to users.
|
||
* Options: A typed settings store for use by mitmproxy and addons.
|
||
* Shift most of mitmproxy's own functionality into addons.
|
||
* Major improvements to mitmproxy console, including an almost complete
|
||
rewrite of the user interface, integration of commands, key bindings, and
|
||
multi-pane layouts.
|
||
* Major Improvements to mitmproxy’s web interface, mitmweb. (Matthew Shao,
|
||
Google Summer of Code 2017)
|
||
* Major Improvements to mitmproxy’s content views and protocol layers (Ujjwal
|
||
Verma, Google Summer of Code 2017)
|
||
* Faster JavaScript and CSS beautifiers. (Ujjwal Verma)
|
||
|
||
### Minor Changes
|
||
|
||
* Vastly improved JavaScript test coverage (Matthew Shao)
|
||
* Options editor for mitmweb (Matthew Shao)
|
||
* Static web-based flow viewer (Matthew Shao)
|
||
* Request streaming for HTTP/1.x and HTTP/2 (Ujjwal Verma)
|
||
* Implement more robust content views using Kaitai Struct (Ujjwal Verma)
|
||
* Protobuf decoding now works without protoc being installed on the host
|
||
system (Ujjwal Verma)
|
||
* PNG, GIF, and JPEG can now be parsed without Pillow, which simplifies
|
||
mitmproxy installation and moves parsing from unsafe C to pure Python (Ujjwal Verma)
|
||
* Add parser for ICO files (Ujjwal Verma)
|
||
* Migrate WebSockets implementation to wsproto. This reduces code size and
|
||
adds WebSocket compression support. (Ujjwal Verma)
|
||
* Add “split view” to split mitmproxy’s UI into two separate panes.
|
||
* Add key binding viewer and editor
|
||
* Add a command to spawn a preconfigured Chrome browser instance from
|
||
mitmproxy
|
||
* Fully support mitmproxy under the Windows Subsystem for Linux (WSL), work
|
||
around display errors
|
||
* Add XSS scanner addon (@ddworken)
|
||
* Add ability to toggle interception (@mattweidner)
|
||
* Numerous documentation improvements (@pauloromeira, @rst0git, @rgerganov,
|
||
@fulldecent, @zhigang1992, @F1ashhimself, @vinaydargar, @jonathanrfisher1,
|
||
@BasThomas, @LuD1161, @ayamamori, @TomTasche)
|
||
* Add filters for websocket flows (@s4chin)
|
||
* Make it possible to create a response to CONNECT requests in http_connect
|
||
(@mengbiping)
|
||
* Redirect stdout in scripts to ctx.log.warn (@nikofil)
|
||
* Fix a crash when clearing the event log (@krsoninikhil)
|
||
* Store the generated certificate for each flow (@dlenski)
|
||
* Add --keep-host-header to retain the host header in reverse proxy mode
|
||
(@krsoninikhil)
|
||
* Fix setting palette options (@JordanLoehr)
|
||
* Fix a crash with brotli encoding (@whackashoe)
|
||
* Provide certificate installation instructions on mitm.it (@ritiek)
|
||
* Fix a bug where we did not properly fall back to IPv4 when IPv6 is unavailable (@titeuf87)
|
||
* Fix transparent mode on IPv6-enabled macOS systems (@Ga-ryo)
|
||
* Fix handling of HTTP messages with multiple Content-Length headers (@surajt97)
|
||
* Fix IPv6 authority form parsing in CONNECT requests (@r1b)
|
||
* Fix event log display in mitmweb (@syahn)
|
||
* Remove private key from PKCS12 file in ~/.mitmproxy (@ograff).
|
||
* Add LDAP as a proxy authentication backend (@charlesdhdt)
|
||
* Use mypy to check the whole codebase (@iharsh234)
|
||
* Fix a crash when duplicating flows (@iharsh234)
|
||
* Fix testsuite when the path contains a “.” (@felixonmars)
|
||
* Store proxy authentication with flows (@lymanZerga11)
|
||
* Match ~d and ~u filters against pretty_host (@dequis)
|
||
* Update WBXML content view (@davidpshaw)
|
||
* Handle HEAD requests for mitm.it to support Chrome in transparent mode on
|
||
iOS (@tomlabaude)
|
||
* Update dns spoofing example to use --keep-host-header (@krsoninikhil)
|
||
* Call error handler on HTTPException (@tarnacious)
|
||
* Make it possible to remove TLS from upstream HTTP connections
|
||
* Update to pyOpenSSL 17.5, cryptography 2.1.4, and OpenSSL 1.1.0g
|
||
* Make it possible to retroactively increase log verbosity.
|
||
* Make logging from addons thread-safe
|
||
* Tolerate imports in user scripts that match hook names
|
||
(`from mitmproxy import log`)
|
||
* Update mitmweb to React 16, which brings performance improvements
|
||
* Fix a bug where reverting duplicated flows crashes mitmproxy
|
||
* Fix a bug where successive requests are sent to the wrong host after a
|
||
request has been redirected.
|
||
* Fix a bug that binds outgoing connections to the wrong interface
|
||
* Fix a bug where custom certificates are ignored in reverse proxy mode
|
||
* Fix import of flows that have been created with mitmproxy 0.17
|
||
* Fix formatting of (IPv6) IP addresses in a number of places
|
||
* Fix replay for HTTP/2 flows
|
||
* Decouple mitmproxy version and flow file format version
|
||
* Fix a bug where “mitmdump -nr” does not exit automatically
|
||
* Fix a crash when exporting flows to curl
|
||
* Fix formatting of sticky cookies
|
||
* Improve script reloading reliability by polling the filesystem instead of using watchdog
|
||
* Fix a crash when refreshing Set-Cookie headers
|
||
* Add connection indicator to mitmweb to alert users when the proxy server stops running
|
||
* Add support for certificates with cyrillic domains
|
||
* Simplify output of mitmproxy --version
|
||
* Add Request.make to simplify request creation in scripts
|
||
* Pathoc: Include a host header on CONNECT requests
|
||
* Remove HTML outline contentview (#2572)
|
||
* Remove Python and Locust export (#2465)
|
||
* Remove emojis from tox.ini because flake8 cannot parse that. :(
|
||
|
||
## 28 April 2017: mitmproxy 2.0.2
|
||
|
||
* Fix mitmweb's Content-Security-Policy to work with Chrome 58+
|
||
* HTTP/2: actually use header normalization from hyper-h2
|
||
|
||
## 15 March 2017: mitmproxy 2.0.1
|
||
|
||
* bump cryptography dependency
|
||
* bump pyparsing dependency
|
||
* HTTP/2: use header normalization from hyper-h2
|
||
|
||
## 21 February 2017: mitmproxy 2.0
|
||
|
||
* HTTP/2 is now enabled by default.
|
||
* Image ContentView: Parse images with Kaitai Struct (kaitai.io) instead of Pillow.
|
||
This simplifies installation, reduces binary size, and allows parsing in pure Python.
|
||
* Web: Add missing flow filters.
|
||
* Add transparent proxy support for OpenBSD.
|
||
* Check the mitmproxy CA for expiration and warn the user to regenerate it if necessary.
|
||
* Testing: Tremendous improvements, enforced 100% coverage for large parts of the
|
||
codebase, increased overall coverage.
|
||
* Enforce individual coverage: one source file -> one test file with 100% coverage.
|
||
* A myriad of other small improvements throughout the project.
|
||
* Numerous bugfixes.
|
||
|
||
## 26 December 2016: mitmproxy 1.0
|
||
|
||
* All mitmproxy tools are now Python 3 only! We plan to support Python 3.5 and higher.
|
||
* Web-Based User Interface: Mitmproxy now officially has a web-based user interface
|
||
called mitmweb. We consider it stable for all features currently exposed
|
||
in the UI, but it still misses a lot of mitmproxy’s options.
|
||
* Windows Compatibility: With mitmweb, mitmproxy is now usable on Windows.
|
||
We are also introducing an installer (kindly sponsored by BitRock) that
|
||
simplifies setup.
|
||
* Configuration: The config file format is now a single YAML file. In most cases,
|
||
converting to the new format should be trivial - please see the docs for
|
||
more information.
|
||
* Console: Significant UI improvements - including sorting of flows by
|
||
size, type and url, status bar improvements, much faster indentation for
|
||
HTTP views, and more.
|
||
* HTTP/2: Significant improvements, but is temporarily disabled by default
|
||
due to wide-spread protocol implementation errors on some large website
|
||
* WebSocket: The protocol implementation is now mature, and is enabled by
|
||
default. Complete UI support is coming in the next release. Hooks for
|
||
message interception and manipulation are available.
|
||
* A myriad of other small improvements throughout the project.
|
||
|
||
## 16 October 2016: mitmproxy 0.18
|
||
|
||
* Python 3 Compatibility for mitmproxy and pathod (Shadab Zafar, GSoC 2016)
|
||
* Major improvements to mitmweb (Clemens Brunner & Jason Hao, GSoC 2016)
|
||
* Internal Core Refactor: Separation of most features into isolated Addons
|
||
* Initial Support for WebSockets
|
||
* Improved HTTP/2 Support
|
||
* Reverse Proxy Mode now automatically adjusts host headers and TLS Server Name Indication
|
||
* Improved HAR export
|
||
* Improved export functionality for curl, python code, raw http etc.
|
||
* Flow URLs are now truncated in the console for better visibility
|
||
* New filters for TCP, HTTP and marked flows.
|
||
* Mitmproxy now handles comma-separated Cookie headers
|
||
* Merge mitmproxy and pathod documentation
|
||
* Mitmdump now sanitizes its console output to not include control characters
|
||
* Improved message body handling for HTTP messages:
|
||
`.raw_content` provides the message body as seen on the wire
|
||
`.content` provides the decompressed body (e.g. un-gzipped)
|
||
`.text` provides the body decompressed and decoded body
|
||
* New HTTP Message getters/setters for cookies and form contents.
|
||
* Add ability to view only marked flows in mitmproxy
|
||
* Improved Script Reloader (Always use polling, watch for whole directory)
|
||
* Use tox for testing
|
||
* Unicode support for tnetstrings
|
||
* Add dumpfile converters for mitmproxy versions 0.11 and 0.12
|
||
* Numerous bugfixes
|
||
|
||
## 9 April 2016: mitmproxy 0.17
|
||
|
||
* Simplify repository and release structure. mitmproxy now comes as a single package, including netlib and pathod.
|
||
* Rename the Python package from libmproxy to mitmproxy.
|
||
* New option to add server certs to client chain (CVE-2016-2402, John Kozyrakis)
|
||
* Enable HTTP/2 by default (Thomas Kriechbaumer)
|
||
* Improved HAR extractor (Shadab Zafar)
|
||
* Add icon for OSX and Windows binaries
|
||
* Add content view for query parameters (Will Coster)
|
||
* Initial work on Python 3 compatibility
|
||
* locust.io export (Zohar Lorberbaum)
|
||
* Fix XSS vulnerability in HTTP errors (Will Coster)
|
||
* Numerous bugfixes and minor improvements
|
||
|
||
## 15 February 2016: mitmproxy 0.16
|
||
|
||
* Completely revised HTTP2 implementation based on hyper-h2 (Thomas Kriechbaumer)
|
||
* Export flows as cURL command, Python code or raw HTTP (Shadab Zafar)
|
||
* Fixed compatibility with the Android Emulator (Will Coster)
|
||
* Script Reloader: Inline scripts are reloaded automatically if modified (Matthew Shao)
|
||
* Inline script hooks for TCP mode (Michael J. Bazzinotti)
|
||
* Add default ciphers to support iOS9 App Transport Security (Jorge Villacorta)
|
||
* Basic Authentication for mitmweb (Guillem Anguera)
|
||
* Exempt connections from interception based on TLS Server Name Indication (David Weinstein)
|
||
* Provide Python Wheels for faster installation
|
||
* Numerous bugfixes and minor improvements
|
||
|
||
## 4 December 2015: mitmproxy 0.15
|
||
|
||
* Support for loading and converting older dumpfile formats (0.13 and up)
|
||
* Content views for inline script (@chrisczub)
|
||
* Better handling of empty header values (Benjamin Lee/@bltb)
|
||
* Fix a gnarly memory leak in mitmdump
|
||
* A number of bugfixes and small improvements
|
||
|
||
## 6 November 2015: mitmproxy 0.14
|
||
|
||
* Statistics: 399 commits, 13 contributors, 79 closed issues, 37 closed
|
||
PRs, 103 days
|
||
* Docs: Greatly updated docs now hosted on ReadTheDocs!
|
||
http://docs.mitmproxy.org
|
||
* Docs: Fixed Typos, updated URLs etc. (Nick Badger, Ben Lerner, Choongwoo
|
||
Han, onlywade, Jurriaan Bremer)
|
||
* mitmdump: Colorized TTY output
|
||
* mitmdump: Use mitmproxy's content views for human-readable output (Chris
|
||
Czub)
|
||
* mitmproxy and mitmdump: Support for displaying UTF8 contents
|
||
* mitmproxy: add command line switch to disable mouse interaction (Timothy
|
||
Elliott)
|
||
* mitmproxy: bug fixes (Choongwoo Han, sethp-jive, FreeArtMan)
|
||
* mitmweb: bug fixes (Colin Bendell)
|
||
* libmproxy: Add ability to fall back to TCP passthrough for non-HTTP
|
||
connections.
|
||
* libmproxy: Avoid double-connect in case of TLS Server Name Indication.
|
||
This yields a massive speedup for TLS handshakes.
|
||
* libmproxy: Prevent unnecessary upstream connections (macmantrl)
|
||
* Inline Scripts: New API for HTTP Headers:
|
||
http://docs.mitmproxy.org/en/latest/dev/models.html#netlib.http.Headers
|
||
* Inline Scripts: Properly handle exceptions in `done` hook
|
||
* Inline Scripts: Allow relative imports, provide `__file__`
|
||
* Examples: Add probabilistic TLS passthrough as an inline script
|
||
* netlib: Refactored HTTP protocol handling code
|
||
* netlib: ALPN support
|
||
* netlib: fixed a bug in the optional certificate verification.
|
||
* netlib: Initial Python 3.5 support (this is the first prerequisite for
|
||
3.x support in mitmproxy)
|
||
|
||
## 24 July 2015: mitmproxy 0.13
|
||
|
||
* Upstream certificate validation. See the --verify-upstream-cert,
|
||
--upstream-trusted-confdir and --upstream-trusted-ca parameters. Thanks to
|
||
Kyle Morton (github.com/kyle-m) for his work on this.
|
||
* Add HTTP transparent proxy mode. This uses the host headers from HTTP
|
||
traffic (rather than SNI and IP address information from the OS) to
|
||
implement perform transparent proxying. Thanks to github.com/ijiro123 for
|
||
this feature.
|
||
* Add ~src and ~dst REGEX filters, allowing matching on source and
|
||
destination addresses in the form of <IP>:<Port>
|
||
* mitmproxy console: change g/G keyboard shortcuts to match less. Thanks to
|
||
Jose Luis Honorato (github.com/jlhonora).
|
||
* mitmproxy console: Flow marking and unmarking. Marked flows are not
|
||
deleted when the flow list is cleared. Thanks to Jake Drahos
|
||
(github.com/drahosj).
|
||
* mitmproxy console: add marking of flows
|
||
* Remove the certforward feature. It was added to allow exploitation of
|
||
#gotofail, which is no longer a common vulnerability. Permitting this
|
||
hugely increased the complexity of packaging and distributing mitmproxy.
|
||
|
||
## 3 June 2015: mitmproxy 0.12.1
|
||
|
||
* mitmproxy console: mouse interaction - scroll in the flow list, click on
|
||
flow to view, click to switch between tabs.
|
||
* Update our crypto defaults: SHA256, 2048 bit RSA, 4096 bit DH parameters.
|
||
* BUGFIX: crash under some circumstances when copying to clipboard.
|
||
* BUGFIX: occasional crash when deleting flows.
|
||
|
||
## 18 May 2015: mitmproxy 0.12
|
||
|
||
* mitmproxy console: Significant revamp of the UI. The major changes are
|
||
listed below, and in addition almost every aspect of the UI has
|
||
been tweaked, and performance has improved significantly.
|
||
* mitmproxy console: A new options screen has been created ("o" shortcut),
|
||
and many options that were previously manipulated directly via a
|
||
keybinding have been moved there.
|
||
* mitmproxy console: Big improvement in palettes. This includes improvements
|
||
to all colour schemes. Palettes now set the terminal background colour by
|
||
default, and a new --palette-transparent option has been added to disable
|
||
this.
|
||
* mitmproxy console: g/G shortcuts throughout mitmproxy console to jump
|
||
to the beginning/end of the current view.
|
||
* mitmproxy console: switch palettes on the fly from the options screen.
|
||
* mitmproxy console: A cookie editor has been added for mitmproxy console
|
||
at long last.
|
||
* mitmproxy console: Various components of requests and responses can be
|
||
copied to the clipboard from mitmproxy - thanks to @marceloglezer.
|
||
* Support for creating new requests from scratch in mitmproxy console (@marceloglezer).
|
||
* SSLKEYLOGFILE environment variable to specify a logging location for TLS
|
||
master keys. This can be used with tools like Wireshark to allow TLS
|
||
decoding.
|
||
* Server facing SSL cipher suite specification (thanks to Jim Shaver).
|
||
* Official support for transparent proxying on FreeBSD - thanks to Mike C
|
||
(http://github.com/mike-pt).
|
||
* Many other small bugfixes and improvemenets throughout the project.
|
||
|
||
## 29 Dec 2014: mitmproxy 0.11.2
|
||
|
||
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
|
||
.mitmproxy directory.
|
||
* Better handling of servers that reject connections that are not SNI.
|
||
* Many other small bugfixes and improvements.
|
||
|
||
## 15 November 2014: mitmproxy 0.11.1
|
||
|
||
* Bug fixes: connection leaks some crashes
|
||
|
||
## 7 November 2014: mitmproxy 0.11
|
||
|
||
* Performance improvements for mitmproxy console
|
||
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
|
||
* Data streaming for response bodies exceeding a threshold
|
||
(bradpeabody@gmail.com)
|
||
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
|
||
untouched
|
||
* Finer-grained control of traffic replay, including options to ignore
|
||
contents or parameters when matching flows (marcelo.glezer@gmail.com)
|
||
* Pass arguments to inline scripts
|
||
* Configurable size limit on HTTP request and response bodies
|
||
* Per-domain specification of interception certificates and keys (see
|
||
--cert option)
|
||
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
|
||
--cert-forward)
|
||
* Search and highlighting for HTTP request and response bodies in
|
||
mitmproxy console (pedro@worcel.com)
|
||
* Transparent proxy support on Windows
|
||
* Improved error messages and logging
|
||
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
|
||
* Content view mode for WBXML (davidshaw835@air-watch.com)
|
||
* Better documentation, with a new section on proxy modes
|
||
* Generic TCP proxy mode
|
||
* Countless bugfixes and other small improvements
|
||
* pathod: Hugely improved SSL support, including dynamic generation of certificates
|
||
using the mitproxy cacert
|
||
|
||
## 7 November 2014: pathod 0.11
|
||
|
||
* Hugely improved SSL support, including dynamic generation of certificates
|
||
using the mitproxy cacert
|
||
* pathoc -S dumps information on the remote SSL certificate chain
|
||
* Big improvements to fuzzing, including random spec selection and memoization to avoid repeating randomly generated patterns
|
||
* Reflected patterns, allowing you to embed a pathod server response specification in a pathoc request, resolving both on client side. This makes fuzzing proxies and other intermediate systems much better.
|
||
|
||
## 28 January 2014: mitmproxy 0.10
|
||
|
||
* Support for multiple scripts and multiple script arguments
|
||
* Easy certificate install through the in-proxy web app, which is now
|
||
enabled by default
|
||
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
|
||
* Reverse proxy now works with SSL
|
||
* Search within a request/response using the "/" and "n" shortcut keys
|
||
* A view that beatifies CSS files if cssutils is available
|
||
* Bug fix, documentation improvements, and more.
|
||
|
||
## 25 August 2013: mitmproxy 0.9.2
|
||
|
||
* Improvements to the mitmproxywrapper.py helper script for OSX.
|
||
* Don't take minor version into account when checking for serialized file
|
||
compatibility.
|
||
* Fix a bug causing resource exhaustion under some circumstances for SSL
|
||
connections.
|
||
* Revamp the way we store interception certificates. We used to store these
|
||
on disk, they're now in-memory. This fixes a race condition related to
|
||
cert handling, and improves compatibility with Windows, where the rules
|
||
governing permitted file names are weird, resulting in errors for some
|
||
valid IDNA-encoded names.
|
||
* Display transfer rates for responses in the flow list.
|
||
* Many other small bugfixes and improvements.
|
||
|
||
## 25 August 2013: pathod 0.9.2
|
||
|
||
* Adapt to interface changes in netlib
|
||
|
||
## 16 June 2013: mitmproxy 0.9.1
|
||
|
||
* Use "correct" case for Content-Type headers added by mitmproxy.
|
||
* Make UTF environment detection more robust.
|
||
* Improved MIME-type detection for viewers.
|
||
* Always read files in binary mode (Windows compatibility fix).
|
||
* Some developer documentation.
|
||
|
||
## 15 May 2013: mitmproxy 0.9
|
||
|
||
* Upstream certs mode is now the default.
|
||
* Add a WSGI container that lets you host in-proxy web applications.
|
||
* Full transparent proxy support for Linux and OSX.
|
||
* Introduce netlib, a common codebase for mitmproxy and pathod
|
||
(http://github.com/cortesi/netlib).
|
||
* Full support for SNI.
|
||
* Color palettes for mitmproxy, tailored for light and dark terminal
|
||
backgrounds.
|
||
* Stream flows to file as responses arrive with the "W" shortcut in
|
||
mitmproxy.
|
||
* Extend the filter language, including ~d domain match operator, ~a to
|
||
match asset flows (js, images, css).
|
||
* Follow mode in mitmproxy ("F" shortcut) to "tail" flows as they arrive.
|
||
* --dummy-certs option to specify and preserve the dummy certificate
|
||
directory.
|
||
* Server replay from the current captured buffer.
|
||
* Huge improvements in content views. We now have viewers for AMF, HTML,
|
||
JSON, Javascript, images, XML, URL-encoded forms, as well as hexadecimal
|
||
and raw views.
|
||
* Add Set Headers, analogous to replacement hooks. Defines headers that are set
|
||
on flows, based on a matching pattern.
|
||
* A graphical editor for path components in mitmproxy.
|
||
* A small set of standard user-agent strings, which can be used easily in
|
||
the header editor.
|
||
* Proxy authentication to limit access to mitmproxy
|
||
* pathod: Proxy mode. You can now configure clients to use pathod as an
|
||
HTTP/S proxy.
|
||
* pathoc: Proxy support, including using CONNECT to tunnel directly to
|
||
targets.
|
||
* pathoc: client certificate support.
|
||
* pathod: API improvements, bugfixes.
|
||
|
||
## 15 May 2013: pathod 0.9 (version synced with mitmproxy)
|
||
|
||
* Pathod proxy mode. You can now configure clients to use pathod as an
|
||
HTTP/S proxy.
|
||
* Pathoc proxy support, including using CONNECT to tunnel directly to
|
||
targets.
|
||
* Pathoc client certificate support.
|
||
* API improvements, bugfixes.
|
||
|
||
## 16 November 2012: pathod 0.3
|
||
|
||
A release focusing on shoring up our fuzzing capabilities, especially with
|
||
pathoc.
|
||
|
||
* pathoc -q and -r options, output full request and response text.
|
||
* pathod -q and -r options, add full request and response text to pathod's
|
||
log buffer.
|
||
* pathoc and pathod -x option, makes -q and -r options log in hex dump
|
||
format.
|
||
* pathoc -C option, specify response codes to ignore.
|
||
* pathoc -T option, instructs pathoc to ignore timeouts.
|
||
* pathoc -o option, a one-shot mode that exits after the first non-ignored
|
||
response.
|
||
* pathoc and pathod -e option, which explains the resulting message by
|
||
expanding random and generated portions, and logging a reproducible
|
||
specification.
|
||
* Streamline the specification language. HTTP response message is now
|
||
specified using the "r" mnemonic.
|
||
* Add a "u" mnemonic for specifying User-Agent strings. Add a set of
|
||
standard user-agent strings accessible through shortcuts.
|
||
* Major internal refactoring and cleanup.
|
||
* Many bugfixes.
|
||
|
||
## 22 August 2012: pathod 0.2
|
||
|
||
* Add pathoc, a pathological HTTP client.
|
||
* Add libpathod.test, a truss for using pathod in unit tests.
|
||
* Add an injection operator to the specification language.
|
||
* Allow Python escape sequences in value literals.
|
||
* Allow execution of requests and responses from file, using the new + operator.
|
||
* Add daemonization to Pathod, and make it more robust for public-facing use.
|
||
* Let pathod pick an arbitrary open port if -p 0 is specified.
|
||
* Move from Tornado to netlib, the network library written for mitmproxy.
|
||
* Move the web application to Flask.
|
||
* Massively expand the documentation.
|
||
|
||
## 5 April 2012: mitmproxy 0.8
|
||
|
||
* Detailed tutorial for Android interception. Some features that land in
|
||
this release have finally made reliable Android interception possible.
|
||
* Upstream-cert mode, which uses information from the upstream server to
|
||
generate interception certificates.
|
||
* Replacement patterns that let you easily do global replacements in flows
|
||
matching filter patterns. Can be specified on the command-line, or edited
|
||
interactively.
|
||
* Much more sophisticated and usable pretty printing of request bodies.
|
||
Support for auto-indentation of Javascript, inspection of image EXIF
|
||
data, and more.
|
||
* Details view for flows, showing connection and SSL cert information (X
|
||
keyboard shortcut).
|
||
* Server certificates are now stored and serialized in saved traffic for
|
||
later analysis. This means that the 0.8 serialization format is NOT
|
||
compatible with 0.7.
|
||
* Many other improvements, including bugfixes, and expanded scripting API,
|
||
and more sophisticated certificate handling.
|
||
|
||
## 20 February 2012: mitmproxy 0.7
|
||
|
||
* New built-in key/value editor. This lets you interactively edit URL query
|
||
strings, headers and URL-encoded form data.
|
||
* Extend script API to allow duplication and replay of flows.
|
||
* API for easy manipulation of URL-encoded forms and query strings.
|
||
* Add "D" shortcut in mitmproxy to duplicate a flow.
|
||
* Reverse proxy mode. In this mode mitmproxy acts as an HTTP server,
|
||
forwarding all traffic to a specified upstream server.
|
||
* UI improvements - use unicode characters to make GUI more compact,
|
||
improve spacing and layout throughout.
|
||
* Add support for filtering by HTTP method.
|
||
* Add the ability to specify an HTTP body size limit.
|
||
* Move to typed netstrings for serialization format - this makes 0.7
|
||
backwards-incompatible with serialized data from 0.6!
|
||
|
||
* Significant improvements in speed and responsiveness of UI.
|
||
* Many minor bugfixes and improvements.
|
||
|
||
## 7 August 2011: mitmproxy 0.6
|
||
|
||
* New scripting API that allows much more flexible and fine-grained
|
||
rewriting of traffic. See the docs for more info.
|
||
* Support for gzip and deflate content encodings. A new "z"
|
||
keybinding in mitmproxy to let us quickly encode and decode content, plus
|
||
automatic decoding for the "pretty" view mode.
|
||
* An event log, viewable with the "v" shortcut in mitmproxy, and the
|
||
"-e" command-line flag in mitmdump.
|
||
* Huge performance improvements: mitmproxy interface, loading
|
||
large numbers of flows from file.
|
||
* A new "replace" convenience method for all flow objects, that does a
|
||
universal regex-based string replacement.
|
||
* Header management has been rewritten to maintain both case and order.
|
||
* Improved stability for SSL interception.
|
||
* Default expiry time on generated SSL certs has been dropped to avoid an
|
||
OpenSSL overflow bug that caused certificates to expire in the distant
|
||
past on some systems.
|
||
* A "pretty" view mode for JSON and form submission data.
|
||
* Expanded documentation and examples.
|
||
* Countless other small improvements and bugfixes.
|
||
|
||
## 27 June 2011: mitmproxy 0.5
|
||
|
||
* An -n option to start the tools without binding to a proxy port.
|
||
* Allow scripts, hooks, sticky cookies etc. to run on flows loaded from
|
||
save files.
|
||
* Regularize command-line options for mitmproxy and mitmdump.
|
||
* Add an "SSL exception" to mitmproxy's license to remove possible
|
||
distribution issues.
|
||
* Add a --cert-wait-time option to make mitmproxy pause after a new SSL
|
||
certificate is generated. This can pave over small discrepancies in
|
||
system time between the client and server.
|
||
* Handle viewing big request and response bodies more elegantly. Only
|
||
render the first 100k of large documents, and try to avoid running the
|
||
XML indenter on non-XML data.
|
||
* BUGFIX: Make the "revert" keyboard shortcut in mitmproxy work after a
|
||
flow has been replayed.
|
||
* BUGFIX: Repair a problem that sometimes caused SSL connections to consume
|
||
100% of CPU.
|
||
|
||
## 30 March 2011: mitmproxy 0.4
|
||
|
||
* Full serialization of HTTP conversations
|
||
* Client and server replay
|
||
* On-the-fly generation of dummy SSL certificates
|
||
* mitmdump has "grown up" into a powerful tcpdump-like tool for HTTP/S
|
||
* Dozens of improvements to the mitmproxy console interface
|
||
* Python scripting hooks for programmatic modification of traffic
|
||
|
||
## 01 March 2010: mitmproxy 0.2
|
||
|
||
* Big speed and responsiveness improvements, thanks to Thomas Roth
|
||
* Support urwid 0.9.9
|
||
* Terminal beeping based on filter expressions
|
||
* Filter expressions for terminal beeps, limits, interceptions and sticky
|
||
cookies can now be passed on the command line.
|
||
* Save requests and responses to file
|
||
* Split off non-interactive dump functionality into a new tool called
|
||
mitmdump
|
||
* "A" will now accept all intercepted connections
|
||
* Lots of bugfixes
|