mirror of https://github.com/mitmproxy/mitmproxy.git synced 2024-11-23 21:30:04 +00:00

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

debugging http http2 man-in-the-middle mitmproxy proxy python security ssl tls websocket

Go to file

Maksym Medvied 5969f25db4 pass signals to mitmproxy in docker-entrypoint.sh (#5920 ) Current docker-entrypoint.sh [0][1] runs gosu mitmproxy "$@" for mitmproxy, mitmdump and mitmweb. There is a problem with this approach: bash becomes a parent process for mitmproxy [2][3], but when signals are sent by docker-compose to mitmproxy container they are sent to bash, but they are not delivered to mitmproxy [4]. This leads to a slow shutdown of the container, because by default docker sends SIGTERM, waits for 10 seconds and then sends SIGKILL if the container is still alive [5]. This patch solves the issue by replacing bash process with mitmproxy entirely using "exec" - this way the signals are delivered to mitmproxy directly. To test the patch a Dockerfile [6] that applies the patch to the release image from the dockerhub could be used along with slighly modified compose.yml [7]. With the patch bash is no longer running inside the container [8] and the `docker compose down` time on my machine drops from 10.3s to 0.5s [9]. 0. https://github.com/mitmproxy/mitmproxy/blob/main/release/docker/docker-entrypoint.sh 1. To confirm that this is what's actually in the image: ``` > docker run mitmproxy/mitmproxy grep gosu /usr/local/bin/docker-entrypoint.sh gosu mitmproxy "$@" ``` 2. compose.yaml ``` services: mitmproxy-test: image: mitmproxy/mitmproxy command: ["mitmweb"] # https://github.com/mitmproxy/mitmproxy/issues/5727 stdin_open: true tty: true ``` 3. We can see that the parent PID for mitmweb is the pid of bash. ``` > docker compose up -d [+] Running 2/2 ⠿ Network mitmproxy_default Created 0.1s ⠿ Container mitmproxy-mitmproxy-test-1 Started 0.5s > docker compose top mitmproxy-mitmproxy-test-1 UID PID PPID C STIME TTY TIME CMD root 31227 31202 0 16:12 pts/0 00:00:00 /bin/bash /usr/local/bin/docker-entrypoint.sh mitmweb root 31314 31227 1 16:12 pts/0 00:00:01 /usr/local/bin/python /usr/local/bin/mitmweb ``` 4. https://unix.stackexchange.com/a/196053 5. https://docs.docker.com/compose/faq/#why-do-my-services-take-10-seconds-to-recreate-or-stop 6. Dockerfile: ``` FROM mitmproxy/mitmproxy RUN sed -i 's/^ gosu mitmproxy/ exec gosu mitmproxy/' /usr/local/bin/docker-entrypoint.sh ``` 7. compose.yaml to build an image from Dockerfile and use it: ``` services: mitmproxy-test: build: dockerfile: Dockerfile context: . command: ["mitmweb"] # https://github.com/mitmproxy/mitmproxy/issues/5727 stdin_open: true tty: true ``` 8. With the patch: ``` > docker compose top mitmproxy-mitmproxy-test-1 UID PID PPID C STIME TTY TIME CMD root 4994 4970 50 17:00 pts/0 00:00:02 /usr/local/bin/python /usr/local/bin/mitmweb ``` 9. Without the patch: ``` > docker compose down [+] Running 2/2 ⠿ Container mitmproxy-mitmproxy-test-1 Removed 10.2s ⠿ Network mitmproxy_default Removed 0.1s ``` With the patch: ``` > docker compose down [+] Running 2/2 ⠿ Container mitmproxy-mitmproxy-test-1 Removed 0.4s ⠿ Network mitmproxy_default Removed 0.1s ```		2023-02-09 11:43:47 +01:00
.github	Bump install-pinned/black from 9101a4d68e870eaaaae21c412d1d879b93c9afcb to 13c8a20eb904ba800c87f0b34ccfd932ac2ff81d (#5899 )	2023-02-01 23:08:09 +00:00
docs	add fedora certificate installation instructions (#5885 )	2023-01-19 10:43:39 +01:00
examples	Fix server addr issue in tls_passthrough example. (#5904 )	2023-02-07 09:57:24 +01:00
mitmproxy	Reformatted list (#5919 )	2023-02-09 11:38:27 +01:00
release	pass signals to mitmproxy in docker-entrypoint.sh (#5920 )	2023-02-09 11:43:47 +01:00
test	Reformatted list (#5919 )	2023-02-09 11:38:27 +01:00
web	add delete shortcut to delete flows in mitmweb (#5896 )	2023-01-30 13:59:21 +01:00
.gitattributes	test dumpfiles: .bin -> .mitm	2021-02-03 19:27:15 +01:00
.gitignore	update kaitai definitions	2022-07-29 16:13:15 +02:00
CHANGELOG.md	treat multipart as bytes, not str. fixes #5148 (#5917 )	2023-02-07 10:29:08 +00:00
codecov.yml	remove `release/` from coverage	2022-07-25 01:39:04 +02:00
CONTRIBUTING.md	drop support for Python 3.8	2022-04-26 13:53:04 +02:00
LICENSE	GPLv3 -> MIT	2013-03-18 08:37:42 +13:00
MANIFEST.in	remove pathod and pathoc	2020-12-13 20:21:11 +01:00
README.md	readme: fix nits	2022-12-15 17:50:43 +01:00
SECURITY.md	Create SECURITY.md	2021-09-13 16:34:33 +02:00
setup.cfg	Merge remote-tracking branch 'upstream/main' into quic	2022-11-18 21:44:18 +01:00
setup.py	mitmproxy-wireguard -> mitmproxy_rs (#5909 )	2023-02-04 22:28:15 +01:00
tox.ini	update to mypy 1.0 (#5918 )	2023-02-07 10:35:11 +00:00

README.md

mitmproxy

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

mitmweb is a web-based interface for mitmproxy.

Installation

The installation instructions are here. If you want to install from source, see CONTRIBUTING.md.

Documentation & Help

General information, tutorials, and precompiled binaries can be found on the mitmproxy website.

The documentation for mitmproxy is available on our website:

If you have questions on how to use mitmproxy, please use GitHub Discussions!

Contributing

As an open source project, mitmproxy welcomes contributions of all forms.

Also, please feel free to join our developer Slack! However, please note that the primary purpose of our Slack is direct communication between maintainers and contributors. If you have questions where the answer might be valuable to others, please use GitHub Discussions and not Slack.