diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-09-02 01:16:48 +0200 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-09-02 01:16:48 +0200 |
| commit | c14fbc7794eee2a60d3c90f818ec481cf9db544b (patch) | |
| tree | 529949dc40052291460b485142330932cf51819a /examples/dns_spoofing.py | |
| parent | e8de7595c2e8a98418593e90b886e45a745e234a (diff) | |
| parent | f1c8b47b1eb153d448061c0ddce21030c31af2b7 (diff) | |
| download | mitmproxy-c14fbc7794eee2a60d3c90f818ec481cf9db544b.tar.gz mitmproxy-c14fbc7794eee2a60d3c90f818ec481cf9db544b.tar.bz2 mitmproxy-c14fbc7794eee2a60d3c90f818ec481cf9db544b.zip | |
Merge pull request #741 from mitmproxy/proxy-refactor-cb
Proxy Refactor
Diffstat (limited to 'examples/dns_spoofing.py')
| -rw-r--r-- | examples/dns_spoofing.py | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/examples/dns_spoofing.py b/examples/dns_spoofing.py index dddf172c..98495d45 100644 --- a/examples/dns_spoofing.py +++ b/examples/dns_spoofing.py @@ -9,29 +9,42 @@ Using transparent mode is the better option most of the time. Usage: mitmproxy - -p 80 - -R http://example.com/ // Used as the target location if no Host header is present - mitmproxy -p 443 - -R https://example.com/ // Used as the target locaction if neither SNI nor host header are present. + -s dns_spoofing.py + # Used as the target location if neither SNI nor host header are present. + -R http://example.com/ + mitmdump + -p 80 + -R http://localhost:443/ -mitmproxy will always connect to the default location first, so it must be reachable. -As a workaround, you can spawn an arbitrary HTTP server and use that for both endpoints, e.g. -mitmproxy -p 80 -R http://localhost:8000 -mitmproxy -p 443 -R https2http://localhost:8000 + (Setting up a single proxy instance and using iptables to redirect to it + works as well) """ +import re + + +# This regex extracts splits the host header into host and port. +# Handles the edge case of IPv6 addresses containing colons. +# https://bugzilla.mozilla.org/show_bug.cgi?id=45891 +parse_host_header = re.compile(r"^(?P<host>[^:]+|\[.+\])(?::(?P<port>\d+))?$") def request(context, flow): if flow.client_conn.ssl_established: - # TLS SNI or Host header - flow.request.host = flow.client_conn.connection.get_servername( - ) or flow.request.pretty_host(hostheader=True) - - # If you use a https2http location as default destination, these - # attributes need to be corrected as well: - flow.request.port = 443 flow.request.scheme = "https" + sni = flow.client_conn.connection.get_servername() + port = 443 else: - # Host header - flow.request.host = flow.request.pretty_host(hostheader=True) + flow.request.scheme = "http" + sni = None + port = 80 + + host_header = flow.request.pretty_host(hostheader=True) + m = parse_host_header.match(host_header) + if m: + host_header = m.group("host").strip("[]") + if m.group("port"): + port = int(m.group("port")) + + flow.request.host = sni or host_header + flow.request.port = port
\ No newline at end of file |