Grasscutters/mitmproxy
1
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-30 07:40:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: update ignore domains tutorial

Browse Source
This commit is contained in:
Maximilian Hils 2021-08-03 16:31:57 +02:00
parent 7d2525b4c7
commit aca3456fee
2 changed files with 21 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
docs/src/content/howto-ignoredomains.md
View File

@ -44,7 +44,7 @@ There are two important quirks to consider:
information before the SSL handshake. If the client uses SNI however, then we information before the SSL handshake. If the client uses SNI however, then we
treat the SNI host as an ignore target. treat the SNI host as an ignore target.
- **In regular and upstream proxy mode, explicit HTTP requests are never - **In regular and upstream proxy mode, explicit HTTP requests are never
ignored.**\[1\] The ignore pattern is applied on CONNECT requests, which ignored.**[^1] The ignore pattern is applied on CONNECT requests, which
initiate HTTPS or clear-text WebSocket connections. initiate HTTPS or clear-text WebSocket connections.
## Tutorial ## Tutorial
@ -52,21 +52,23 @@ There are two important quirks to consider:
If you just want to ignore one specific domain, there's usually a bulletproof If you just want to ignore one specific domain, there's usually a bulletproof
method to do so: method to do so:
1. Run mitmproxy or mitmdump in verbose mode (`-v`) and observe the `host:port` 1. Run mitmproxy or mitmdump and observe the `host:port`
information in the serverconnect messages. mitmproxy will filter on these. information following the `server connect` messages in the event log.
mitmproxy will filter on these.
2. Take the `host:port` string, surround it with ^ and $, escape all dots (. 2. Take the `host:port` string, surround it with ^ and $, escape all dots (.
becomes \\.) and use this as your ignore pattern: becomes \\.) and use this as your ignore pattern:
``` ```
>>> mitmdump -v >>> mitmdump
127.0.0.1:50588: clientconnect Proxy server listening at http://*:8080
127.0.0.1:50588: request 127.0.0.1:57089: client connect
-> CONNECT example.com:443 HTTP/1.1 127.0.0.1:57089: server connect example.com:443 (93.184.216.34:443)
127.0.0.1:50588: Set new server address: example.com:443 127.0.0.1:57089: GET https://example.com/ HTTP/2.0
127.0.0.1:50588: serverconnect << HTTP/2.0 200 OK 1.23k
-> example.com:443 127.0.0.1:57089: client disconnect
127.0.0.1:57089: server disconnect example.com:443 (93.184.216.34:443)
^C ^C
>>> mitmproxy --ignore-hosts ^example\.com:443$ >>> mitmproxy --ignore-hosts '^example\.com:443$'
``` ```
Here are some other examples for ignore patterns: Here are some other examples for ignore patterns:
@ -86,23 +88,11 @@ Here are some other examples for ignore patterns:
--ignore-hosts 17\.178\.\d+\.\d+:443 --ignore-hosts 17\.178\.\d+\.\d+:443
``` ```
This option can also be used to only allow some specific domains through negative lookahead expressions. However, ignore If you want to capture some specific domains only, you can use the `--allow-hosts` option, which makes mitmproxy
patterns are always matched against the IP address of the target before being matched against its domain name. Thus, the ignore all other traffic.
pattern must allow any IP addresses using an expression like `^(?![0-9\.]+:)` in order for this to work.
Here are examples of such patterns:
``` [^1]: This stems from an limitation of explicit HTTP proxying: A single connection
# Ignore everything but example.com and mitmproxy.org (not subdomains): can be re-used for multiple target domains - a `GET http://example.com/`
--ignore-hosts '^(?![0-9\.]+:)(?!example\.com:)(?!mitmproxy\.org:)' request may be followed by a `GET http://evil.com/` request on the same
connection. If we start to ignore the connection after the first request, we
# Ignore everything but example.com and its subdomains: would miss the relevant second one.
--ignore-hosts '^(?![0-9\.]+:)(?!([^\.:]+\.)*example\.com:)'
```
**Footnotes**
1. This stems from an limitation of explicit HTTP proxying: A single connection
can be re-used for multiple target domains - a `GET http://example.com/`
request may be followed by a `GET http://evil.com/` request on the same
connection. If we start to ignore the connection after the first request, we
would miss the relevant second one.

2
mitmproxy/proxy/server.py
View File

@ -173,7 +173,7 @@ class ConnectionHandler(metaclass=abc.ABCMeta):
assert command.connection.peername assert command.connection.peername
if command.connection.address[0] != command.connection.peername[0]: if command.connection.address[0] != command.connection.peername[0]:
addr = f"{command.connection.address[0]} ({human.format_address(command.connection.peername)})" addr = f"{human.format_address(command.connection.address)} ({human.format_address(command.connection.peername)})"
else: else:
addr = human.format_address(command.connection.address) addr = human.format_address(command.connection.address)
self.log(f"server connect {addr}") self.log(f"server connect {addr}")