Skip to content

Commit

Permalink
Merge pull request mitmproxy#2764 from Kriechi/ssl-tls
Browse files Browse the repository at this point in the history 
rename attributes, function and class names: s/ssl/tls/
  • Loading branch information
@mhils
mhils authored Jan 7, 2018
2 parents c1dad83 + 4fb894c commit 94a173a
Show file tree
Hide file tree
Showing 31 changed files with 173 additions and 163 deletions.
2 changes: 1 addition & 1 deletion examples/complex/dns_spoofing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@

class Rerouter:
def request(self, flow):
if flow.client_conn.ssl_established:
if flow.client_conn.tls_established:
flow.request.scheme = "https"
sni = flow.client_conn.connection.get_servername()
port = 443
Expand Down
4 changes: 2 additions & 2 deletions examples/complex/har_dump.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ def response(flow):
connect_time = (flow.server_conn.timestamp_tcp_setup -
flow.server_conn.timestamp_start)

if flow.server_conn.timestamp_ssl_setup is not None:
ssl_time = (flow.server_conn.timestamp_ssl_setup -
if flow.server_conn.timestamp_tls_setup is not None:
ssl_time = (flow.server_conn.timestamp_tls_setup -
flow.server_conn.timestamp_tcp_setup)

SERVERS_SEEN.add(flow.server_conn)
Expand Down
2 changes: 1 addition & 1 deletion mitmproxy/addons/cut.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def extract(cut: str, f: flow.Flow) -> typing.Union[str, bytes]:
return part
elif isinstance(part, bool):
return "true" if part else "false"
elif isinstance(part, certs.SSLCert):
elif isinstance(part, certs.Cert):
return part.to_pem().decode("ascii")
current = part
return str(current or "")
Expand Down
8 changes: 4 additions & 4 deletions mitmproxy/certs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
[OpenSSL.crypto.X509Extension(b"subjectAltName", False, ss)])
cert.set_pubkey(cacert.get_pubkey())
cert.sign(privkey, "sha256")
return SSLCert(cert)
return Cert(cert)


class CertStoreEntry:
Expand Down Expand Up @@ -249,7 +249,7 @@ def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP):
def add_cert_file(self, spec: str, path: str) -> None:
with open(path, "rb") as f:
raw = f.read()
cert = SSLCert(
cert = Cert(
OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM,
raw))
Expand Down Expand Up @@ -345,7 +345,7 @@ class _GeneralNames(univ.SequenceOf):
constraint.ValueSizeConstraint(1, 1024)


class SSLCert(serializable.Serializable):
class Cert(serializable.Serializable):

def __init__(self, cert):
"""
Expand Down Expand Up @@ -436,7 +436,7 @@ def altnames(self):
Returns:
All DNS altnames.
"""
# tcp.TCPClient.convert_to_ssl assumes that this property only contains DNS altnames for hostname verification.
# tcp.TCPClient.convert_to_tls assumes that this property only contains DNS altnames for hostname verification.
altnames = []
for i in range(self.x509.get_extension_count()):
ext = self.x509.get_extension(i)
Expand Down
70 changes: 27 additions & 43 deletions mitmproxy/connections.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
Attributes:
address: Remote address
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
clientcert: The TLS client certificate
mitmcert: The MITM'ed TLS server certificate presented to the client
timestamp_start: Connection start timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
sni: Server Name Indication sent by client during the TLS handshake
cipher_name: The current used cipher
Expand All @@ -40,13 +40,13 @@ def __init__(self, client_connection, address, server):
self.rfile = None
self.address = None
self.clientcert = None
self.ssl_established = None
self.tls_established = None

self.id = str(uuid.uuid4())
self.mitmcert = None
self.timestamp_start = time.time()
self.timestamp_end = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None
self.sni = None
self.cipher_name = None
self.alpn_proto_negotiated = None
Expand All @@ -56,7 +56,7 @@ def connected(self):
return bool(self.connection) and not self.finished

def __repr__(self):
if self.ssl_established:
if self.tls_established:
tls = "[{}] ".format(self.tls_version)
else:
tls = ""
Expand All @@ -83,22 +83,14 @@ def __eq__(self, other):
def __hash__(self):
return hash(self.id)

@property
def tls_established(self):
return self.ssl_established

@tls_established.setter
def tls_established(self, value):
self.ssl_established = value

_stateobject_attributes = dict(
id=str,
address=tuple,
ssl_established=bool,
clientcert=certs.SSLCert,
mitmcert=certs.SSLCert,
tls_established=bool,
clientcert=certs.Cert,
mitmcert=certs.Cert,
timestamp_start=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
sni=str,
cipher_name=str,
Expand All @@ -125,19 +117,19 @@ def make_dummy(cls, address):
address=address,
clientcert=None,
mitmcert=None,
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_end=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
sni=None,
cipher_name=None,
alpn_proto_negotiated=None,
tls_version=None,
))

def convert_to_ssl(self, cert, *args, **kwargs):
super().convert_to_ssl(cert, *args, **kwargs)
self.timestamp_ssl_setup = time.time()
def convert_to_tls(self, cert, *args, **kwargs):
super().convert_to_tls(cert, *args, **kwargs)
self.timestamp_tls_setup = time.time()
self.mitmcert = cert
sni = self.connection.get_servername()
if sni:
Expand All @@ -162,15 +154,15 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
address: Remote address. Can be both a domain or an IP address.
ip_address: Resolved remote IP address.
source_address: Local IP address or client's source IP address.
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
cert: The certificate presented by the remote during the TLS handshake
sni: Server Name Indication sent by the proxy during the TLS handshake
alpn_proto_negotiated: The negotiated application protocol
tls_version: TLS version
via: The underlying server connection (e.g. the connection to the upstream proxy in upstream proxy mode)
timestamp_start: Connection start timestamp
timestamp_tcp_setup: TCP ACK received timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
"""

Expand All @@ -184,15 +176,15 @@ def __init__(self, address, source_address=None, spoof_source_address=None):
self.timestamp_start = None
self.timestamp_end = None
self.timestamp_tcp_setup = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None

def connected(self):
return bool(self.connection) and not self.finished

def __repr__(self):
if self.ssl_established and self.sni:
if self.tls_established and self.sni:
tls = "[{}: {}] ".format(self.tls_version or "TLS", self.sni)
elif self.ssl_established:
elif self.tls_established:
tls = "[{}] ".format(self.tls_version or "TLS")
else:
tls = ""
Expand All @@ -217,27 +209,19 @@ def __eq__(self, other):
def __hash__(self):
return hash(self.id)

@property
def tls_established(self):
return self.ssl_established

@tls_established.setter
def tls_established(self, value):
self.ssl_established = value

_stateobject_attributes = dict(
id=str,
address=tuple,
ip_address=tuple,
source_address=tuple,
ssl_established=bool,
cert=certs.SSLCert,
tls_established=bool,
cert=certs.Cert,
sni=str,
alpn_proto_negotiated=bytes,
tls_version=str,
timestamp_start=float,
timestamp_tcp_setup=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
)

Expand All @@ -258,10 +242,10 @@ def make_dummy(cls, address):
alpn_proto_negotiated=None,
tls_version=None,
source_address=('', 0),
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_tcp_setup=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
timestamp_end=None,
via=None
))
Expand All @@ -277,7 +261,7 @@ def send(self, message):
self.wfile.write(message)
self.wfile.flush()

def establish_ssl(self, clientcerts, sni, **kwargs):
def establish_tls(self, clientcerts, sni, **kwargs):
if sni and not isinstance(sni, str):
raise ValueError("sni must be str, not " + type(sni).__name__)
clientcert = None
Expand All @@ -291,11 +275,11 @@ def establish_ssl(self, clientcerts, sni, **kwargs):
if os.path.exists(path):
clientcert = path

self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
self.convert_to_tls(cert=clientcert, sni=sni, **kwargs)
self.sni = sni
self.alpn_proto_negotiated = self.get_alpn_proto_negotiated()
self.tls_version = self.connection.get_protocol_version_name()
self.timestamp_ssl_setup = time.time()
self.timestamp_tls_setup = time.time()

def finish(self):
tcp.TCPClient.finish(self)
Expand Down
26 changes: 26 additions & 0 deletions mitmproxy/io/compat.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
"""
This module handles the import of mitmproxy flows generated by old versions.
The flow file version is decoupled from the mitmproxy release cycle (since
v3.0.0dev) and versioning. Every change or migration gets a new flow file
version number, this prevents issues with developer builds and snapshots.
"""
import uuid
from typing import Any, Dict, Mapping, Union # noqa
Expand Down Expand Up @@ -119,6 +123,7 @@ def convert_200_300(data):

def convert_300_4(data):
data["version"] = 4
# Ths is an empty migration to transition to the new versioning scheme.
return data


Expand Down Expand Up @@ -149,6 +154,25 @@ def convert_4_5(data):
return data


def convert_5_6(data):
data["version"] = 6
data["client_conn"]["tls_established"] = data["client_conn"].pop("ssl_established")
data["client_conn"]["timestamp_tls_setup"] = data["client_conn"].pop("timestamp_ssl_setup")
data["server_conn"]["tls_established"] = data["server_conn"].pop("ssl_established")
data["server_conn"]["timestamp_tls_setup"] = data["server_conn"].pop("timestamp_ssl_setup")
if data["server_conn"]["via"]:
data["server_conn"]["via"]["tls_established"] = data["server_conn"]["via"].pop("ssl_established")
data["server_conn"]["via"]["timestamp_tls_setup"] = data["server_conn"]["via"].pop("timestamp_ssl_setup")
return data


# def convert_6_7(data):
# data["version"] = 7
# # Your changes here!
# # Make sure to also increment FLOW_FORMAT_VERSION.
# return data


def _convert_dict_keys(o: Any) -> Any:
if isinstance(o, dict):
return {strutils.always_str(k): _convert_dict_keys(v) for k, v in o.items()}
Expand Down Expand Up @@ -201,6 +225,8 @@ def convert_unicode(data: dict) -> dict:
(2, 0): convert_200_300,
(3, 0): convert_300_4,
4: convert_4_5,
5: convert_5_6,
# 6: convert_6_7,
}


Expand Down
22 changes: 11 additions & 11 deletions mitmproxy/net/tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,11 +301,11 @@ def __init__(self, connection):
self.rfile = None
self.wfile = None

self.ssl_established = False
self.tls_established = False
self.finished = False

def get_current_cipher(self):
if not self.ssl_established:
if not self.tls_established:
return None

name = self.connection.get_cipher_name()
Expand Down Expand Up @@ -381,7 +381,7 @@ def close(self):
else:
close_socket(self.connection)

def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
def convert_to_tls(self, sni=None, alpn_protos=None, **sslctx_kwargs):
context = tls.create_client_context(
alpn_protos=alpn_protos,
sni=sni,
Expand All @@ -400,13 +400,13 @@ def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
else:
raise exceptions.TlsException("SSL handshake error: %s" % repr(v))

self.cert = certs.SSLCert(self.connection.get_peer_certificate())
self.cert = certs.Cert(self.connection.get_peer_certificate())

# Keep all server certificates in a list
for i in self.connection.get_peer_cert_chain():
self.server_certs.append(certs.SSLCert(i))
self.server_certs.append(certs.Cert(i))

self.ssl_established = True
self.tls_established = True
self.rfile.set_descriptor(self.connection)
self.wfile.set_descriptor(self.connection)

Expand Down Expand Up @@ -473,7 +473,7 @@ def gettimeout(self):
return self.connection.gettimeout()

def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""
Expand All @@ -491,7 +491,7 @@ def __init__(self, connection, address, server):
self.server = server
self.clientcert = None

def convert_to_ssl(self, cert, key, **sslctx_kwargs):
def convert_to_tls(self, cert, key, **sslctx_kwargs):
"""
Convert connection to SSL.
For a list of parameters, see tls.create_server_context(...)
Expand All @@ -507,10 +507,10 @@ def convert_to_ssl(self, cert, key, **sslctx_kwargs):
self.connection.do_handshake()
except SSL.Error as v:
raise exceptions.TlsException("SSL handshake error: %s" % repr(v))
self.ssl_established = True
self.tls_established = True
cert = self.connection.get_peer_certificate()
if cert:
self.clientcert = certs.SSLCert(cert)
self.clientcert = certs.Cert(cert)
self.rfile.set_descriptor(self.connection)
self.wfile.set_descriptor(self.connection)

Expand All @@ -521,7 +521,7 @@ def settimeout(self, n):
self.connection.settimeout(n)

def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""
Expand Down
Loading

0 comments on commit 94a173a

Please sign in to comment.