From 7e1b35bfc7109ed91e9086e30fdd069a53d59df3 Mon Sep 17 00:00:00 2001 From: Marcelo Glezer Date: Thu, 18 Dec 2014 17:56:27 -0300 Subject: --replay_ignore_payload_params added, to filter params in form posts --- libmproxy/cmdline.py | 16 ++++++++++++++-- libmproxy/dump.py | 5 ++++- libmproxy/flow.py | 39 +++++++++++++++++++++++++++------------ 3 files changed, 45 insertions(+), 15 deletions(-) (limited to 'libmproxy') diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py index bf5add33..ec03d63e 100644 --- a/libmproxy/cmdline.py +++ b/libmproxy/cmdline.py @@ -183,7 +183,8 @@ def get_common_options(options): verbosity=options.verbose, nopop=options.nopop, replay_ignore_content = options.replay_ignore_content, - replay_ignore_params = options.replay_ignore_params + replay_ignore_params = options.replay_ignore_params, + replay_ignore_payload_params = options.replay_ignore_payload_params ) @@ -438,13 +439,24 @@ def common_options(parser): help="Disable response pop from response flow. " "This makes it possible to replay same response multiple times." ) - group.add_argument( + payload = group.add_mutually_exclusive_group() + payload.add_argument( "--replay-ignore-content", action="store_true", dest="replay_ignore_content", default=False, help=""" Ignore request's content while searching for a saved flow to replay """ ) + payload.add_argument( + "--replay-ignore-payload-param", + action="append", dest="replay_ignore_payload_params", type=str, + help=""" + Request's payload parameters (application/x-www-form-urlencoded) to + be ignored while searching for a saved flow to replay. + Can be passed multiple times. + """ + ) + group.add_argument( "--replay-ignore-param", action="append", dest="replay_ignore_params", type=str, diff --git a/libmproxy/dump.py b/libmproxy/dump.py index 8f260745..731592dc 100644 --- a/libmproxy/dump.py +++ b/libmproxy/dump.py @@ -39,6 +39,7 @@ class Options(object): "outfile", "replay_ignore_content", "replay_ignore_params", + "replay_ignore_payload_params", ] def __init__(self, **kwargs): @@ -78,6 +79,7 @@ class DumpMaster(flow.FlowMaster): self.replay_ignore_params = options.replay_ignore_params self.replay_ignore_content = options.replay_ignore_content self.refresh_server_playback = options.refresh_server_playback + self.replay_ignore_payload_params = options.replay_ignore_payload_params self.set_stream_large_bodies(options.stream_large_bodies) @@ -115,7 +117,8 @@ class DumpMaster(flow.FlowMaster): not options.keepserving, options.nopop, options.replay_ignore_params, - options.replay_ignore_content + options.replay_ignore_content, + options.replay_ignore_payload_params, ) if options.client_replay: diff --git a/libmproxy/flow.py b/libmproxy/flow.py index d3ae383e..904a64b1 100644 --- a/libmproxy/flow.py +++ b/libmproxy/flow.py @@ -201,12 +201,12 @@ class ClientPlaybackState: class ServerPlaybackState: - def __init__(self, headers, flows, exit, nopop, ignore_params, ignore_content): + def __init__(self, headers, flows, exit, nopop, ignore_params, ignore_content, ignore_payload_params): """ headers: Case-insensitive list of request headers that should be included in request-response matching. """ - self.headers, self.exit, self.nopop, self.ignore_params, self.ignore_content = headers, exit, nopop, ignore_params, ignore_content + self.headers, self.exit, self.nopop, self.ignore_params, self.ignore_content, self.ignore_payload_params = headers, exit, nopop, ignore_params, ignore_content, ignore_payload_params self.fmap = {} for i in flows: if i.response: @@ -225,22 +225,37 @@ class ServerPlaybackState: _, _, path, _, query, _ = urlparse.urlparse(r.url) queriesArray = urlparse.parse_qsl(query) - filtered = [] - ignore_params = self.ignore_params or [] - for p in queriesArray: - if p[0] not in ignore_params: - filtered.append(p) - key = [ str(r.host), str(r.port), str(r.scheme), str(r.method), str(path), - ] + ] + if not self.ignore_content: - key.append(str(r.content)) + ignore_payload_params = self.ignore_payload_params or [] + ct = r.headers["Content-Type"] + if len(ct) > 0: + ct = ct[0] + if len(ignore_payload_params) > 0 and ct == "application/x-www-form-urlencoded": + parsedContent = urlparse.parse_qsl(r.content) + filtered = [] + for p in parsedContent: + if p[0] not in ignore_payload_params: + filtered.append(p) + + for p in filtered: + key.append(p[0]) + key.append(p[1]) + else: + key.append(str(r.content)) + filtered = [] + ignore_params = self.ignore_params or [] + for p in queriesArray: + if p[0] not in ignore_params: + filtered.append(p) for p in filtered: key.append(p[0]) key.append(p[1]) @@ -697,14 +712,14 @@ class FlowMaster(controller.Master): def stop_client_playback(self): self.client_playback = None - def start_server_playback(self, flows, kill, headers, exit, nopop, ignore_params, ignore_content): + def start_server_playback(self, flows, kill, headers, exit, nopop, ignore_params, ignore_content, ignore_payload_params): """ flows: List of flows. kill: Boolean, should we kill requests not part of the replay? ignore_params: list of parameters to ignore in server replay ignore_content: true if request content should be ignored in server replay """ - self.server_playback = ServerPlaybackState(headers, flows, exit, nopop, ignore_params, ignore_content) + self.server_playback = ServerPlaybackState(headers, flows, exit, nopop, ignore_params, ignore_content, ignore_payload_params) self.kill_nonreplay = kill def stop_server_playback(self): -- cgit v1.2.3