Skip to content

Commit

Permalink
rename TLS/SSL-related attributes
Browse files Browse the repository at this point in the history 
SSL is an outdated protocol superseeded by TLS. Although the commonly
used library is called OpenSSL, it is no reason to still use outdated
language for attributes.
  • Loading branch information
@Kriechi
Kriechi committed Jan 6, 2018
1 parent 1c769b0 commit 9aae321
Show file tree
Hide file tree
Showing 17 changed files with 79 additions and 69 deletions.
2 changes: 1 addition & 1 deletion examples/complex/dns_spoofing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@

class Rerouter:
def request(self, flow):
if flow.client_conn.ssl_established:
if flow.client_conn.tls_established:
flow.request.scheme = "https"
sni = flow.client_conn.connection.get_servername()
port = 443
Expand Down
4 changes: 2 additions & 2 deletions examples/complex/har_dump.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ def response(flow):
connect_time = (flow.server_conn.timestamp_tcp_setup -
flow.server_conn.timestamp_start)

if flow.server_conn.timestamp_ssl_setup is not None:
ssl_time = (flow.server_conn.timestamp_ssl_setup -
if flow.server_conn.timestamp_tls_setup is not None:
ssl_time = (flow.server_conn.timestamp_tls_setup -
flow.server_conn.timestamp_tcp_setup)

SERVERS_SEEN.add(flow.server_conn)
Expand Down
56 changes: 20 additions & 36 deletions mitmproxy/connections.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
Attributes:
address: Remote address
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
clientcert: The TLS client certificate
mitmcert: The MITM'ed TLS server certificate presented to the client
timestamp_start: Connection start timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
sni: Server Name Indication sent by client during the TLS handshake
cipher_name: The current used cipher
Expand All @@ -40,13 +40,13 @@ def __init__(self, client_connection, address, server):
self.rfile = None
self.address = None
self.clientcert = None
self.ssl_established = None
self.tls_established = None

self.id = str(uuid.uuid4())
self.mitmcert = None
self.timestamp_start = time.time()
self.timestamp_end = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None
self.sni = None
self.cipher_name = None
self.alpn_proto_negotiated = None
Expand All @@ -56,7 +56,7 @@ def connected(self):
return bool(self.connection) and not self.finished

def __repr__(self):
if self.ssl_established:
if self.tls_established:
tls = "[{}] ".format(self.tls_version)
else:
tls = ""
Expand All @@ -83,22 +83,14 @@ def __eq__(self, other):
def __hash__(self):
return hash(self.id)

@property
def tls_established(self):
return self.ssl_established

@tls_established.setter
def tls_established(self, value):
self.ssl_established = value

_stateobject_attributes = dict(
id=str,
address=tuple,
ssl_established=bool,
tls_established=bool,
clientcert=certs.SSLCert,
mitmcert=certs.SSLCert,
timestamp_start=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
sni=str,
cipher_name=str,
Expand All @@ -125,10 +117,10 @@ def make_dummy(cls, address):
address=address,
clientcert=None,
mitmcert=None,
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_end=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
sni=None,
cipher_name=None,
alpn_proto_negotiated=None,
Expand All @@ -137,7 +129,7 @@ def make_dummy(cls, address):

def convert_to_ssl(self, cert, *args, **kwargs):
super().convert_to_ssl(cert, *args, **kwargs)
self.timestamp_ssl_setup = time.time()
self.timestamp_tls_setup = time.time()
self.mitmcert = cert
sni = self.connection.get_servername()
if sni:
Expand All @@ -162,15 +154,15 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
address: Remote address. Can be both a domain or an IP address.
ip_address: Resolved remote IP address.
source_address: Local IP address or client's source IP address.
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
cert: The certificate presented by the remote during the TLS handshake
sni: Server Name Indication sent by the proxy during the TLS handshake
alpn_proto_negotiated: The negotiated application protocol
tls_version: TLS version
via: The underlying server connection (e.g. the connection to the upstream proxy in upstream proxy mode)
timestamp_start: Connection start timestamp
timestamp_tcp_setup: TCP ACK received timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
"""

Expand All @@ -184,15 +176,15 @@ def __init__(self, address, source_address=None, spoof_source_address=None):
self.timestamp_start = None
self.timestamp_end = None
self.timestamp_tcp_setup = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None

def connected(self):
return bool(self.connection) and not self.finished

def __repr__(self):
if self.ssl_established and self.sni:
if self.tls_established and self.sni:
tls = "[{}: {}] ".format(self.tls_version or "TLS", self.sni)
elif self.ssl_established:
elif self.tls_established:
tls = "[{}] ".format(self.tls_version or "TLS")
else:
tls = ""
Expand All @@ -217,27 +209,19 @@ def __eq__(self, other):
def __hash__(self):
return hash(self.id)

@property
def tls_established(self):
return self.ssl_established

@tls_established.setter
def tls_established(self, value):
self.ssl_established = value

_stateobject_attributes = dict(
id=str,
address=tuple,
ip_address=tuple,
source_address=tuple,
ssl_established=bool,
tls_established=bool,
cert=certs.SSLCert,
sni=str,
alpn_proto_negotiated=bytes,
tls_version=str,
timestamp_start=float,
timestamp_tcp_setup=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
)

Expand All @@ -258,10 +242,10 @@ def make_dummy(cls, address):
alpn_proto_negotiated=None,
tls_version=None,
source_address=('', 0),
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_tcp_setup=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
timestamp_end=None,
via=None
))
Expand Down Expand Up @@ -295,7 +279,7 @@ def establish_ssl(self, clientcerts, sni, **kwargs):
self.sni = sni
self.alpn_proto_negotiated = self.get_alpn_proto_negotiated()
self.tls_version = self.connection.get_protocol_version_name()
self.timestamp_ssl_setup = time.time()
self.timestamp_tls_setup = time.time()

def finish(self):
tcp.TCPClient.finish(self)
Expand Down
26 changes: 26 additions & 0 deletions mitmproxy/io/compat.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
"""
This module handles the import of mitmproxy flows generated by old versions.
The flow file version is decoupled from the mitmproxy release cycle (since
v3.0.0dev) and versioning. Every change or migration gets a new flow file
version number, this prevents issues with developer builds and snapshots.
"""
import uuid
from typing import Any, Dict, Mapping, Union # noqa
Expand Down Expand Up @@ -119,6 +123,7 @@ def convert_200_300(data):

def convert_300_4(data):
data["version"] = 4
# Ths is an empty migration to transition to the new versioning scheme.
return data


Expand Down Expand Up @@ -149,6 +154,25 @@ def convert_4_5(data):
return data


def convert_5_6(data):
data["version"] = 6
data["client_conn"]["tls_established"] = data["client_conn"].pop("ssl_established")
data["client_conn"]["timestamp_tls_setup"] = data["client_conn"].pop("timestamp_ssl_setup")
data["server_conn"]["tls_established"] = data["server_conn"].pop("ssl_established")
data["server_conn"]["timestamp_tls_setup"] = data["server_conn"].pop("timestamp_ssl_setup")
if data["server_conn"]["via"]:
data["server_conn"]["via"]["tls_established"] = data["server_conn"]["via"].pop("ssl_established", None)
data["server_conn"]["via"]["timestamp_tls_setup"] = data["server_conn"]["via"].pop("timestamp_ssl_setup", None)
return data


# def convert_6_7(data):
# data["version"] = 7
# # Your changes here!
# # Make sure to also increment FLOW_FORMAT_VERSION.
# return data


def _convert_dict_keys(o: Any) -> Any:
if isinstance(o, dict):
return {strutils.always_str(k): _convert_dict_keys(v) for k, v in o.items()}
Expand Down Expand Up @@ -201,6 +225,8 @@ def convert_unicode(data: dict) -> dict:
(2, 0): convert_200_300,
(3, 0): convert_300_4,
4: convert_4_5,
5: convert_5_6,
# 6: convert_6_7,
}


Expand Down
12 changes: 6 additions & 6 deletions mitmproxy/net/tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,11 +301,11 @@ def __init__(self, connection):
self.rfile = None
self.wfile = None

self.ssl_established = False
self.tls_established = False
self.finished = False

def get_current_cipher(self):
if not self.ssl_established:
if not self.tls_established:
return None

name = self.connection.get_cipher_name()
Expand Down Expand Up @@ -406,7 +406,7 @@ def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
for i in self.connection.get_peer_cert_chain():
self.server_certs.append(certs.SSLCert(i))

self.ssl_established = True
self.tls_established = True
self.rfile.set_descriptor(self.connection)
self.wfile.set_descriptor(self.connection)

Expand Down Expand Up @@ -473,7 +473,7 @@ def gettimeout(self):
return self.connection.gettimeout()

def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""
Expand Down Expand Up @@ -507,7 +507,7 @@ def convert_to_ssl(self, cert, key, **sslctx_kwargs):
self.connection.do_handshake()
except SSL.Error as v:
raise exceptions.TlsException("SSL handshake error: %s" % repr(v))
self.ssl_established = True
self.tls_established = True
cert = self.connection.get_peer_certificate()
if cert:
self.clientcert = certs.SSLCert(cert)
Expand All @@ -521,7 +521,7 @@ def settimeout(self, n):
self.connection.settimeout(n)

def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""
Expand Down
2 changes: 1 addition & 1 deletion mitmproxy/proxy/protocol/tls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -524,7 +524,7 @@ def _establish_tls_with_server(self):
if alpn and b"h2" in alpn and not self.config.options.http2:
alpn.remove(b"h2")

if self.client_conn.ssl_established and self.client_conn.get_alpn_proto_negotiated():
if self.client_conn.tls_established and self.client_conn.get_alpn_proto_negotiated():
# If the client has already negotiated an ALP, then force the
# server to use the same. This can only happen if the host gets
# changed after the initial connection was established. E.g.:
Expand Down
8 changes: 4 additions & 4 deletions mitmproxy/test/tflow.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,9 +157,9 @@ def tclient_conn():
address=("127.0.0.1", 22),
clientcert=None,
mitmcert=None,
ssl_established=False,
tls_established=False,
timestamp_start=946681200,
timestamp_ssl_setup=946681201,
timestamp_tls_setup=946681201,
timestamp_end=946681206,
sni="address",
cipher_name="cipher",
Expand All @@ -184,9 +184,9 @@ def tserver_conn():
cert=None,
timestamp_start=946681202,
timestamp_tcp_setup=946681203,
timestamp_ssl_setup=946681204,
timestamp_tls_setup=946681204,
timestamp_end=946681205,
ssl_established=False,
tls_established=False,
sni="address",
alpn_proto_negotiated=None,
tls_version="TLSv1.2",
Expand Down
8 changes: 4 additions & 4 deletions mitmproxy/tools/console/flowdetailview.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,11 +119,11 @@ def flowdetails(state, flow: http.HTTPFlow):
maybe_timestamp(cc, "timestamp_start")
)
)
if cc.ssl_established:
if cc.tls_established:
parts.append(
(
"Client conn. TLS handshake",
maybe_timestamp(cc, "timestamp_ssl_setup")
maybe_timestamp(cc, "timestamp_tls_setup")
)
)

Expand All @@ -140,11 +140,11 @@ def flowdetails(state, flow: http.HTTPFlow):
maybe_timestamp(sc, "timestamp_tcp_setup")
)
)
if sc.ssl_established:
if sc.tls_established:
parts.append(
(
"Server conn. TLS handshake",
maybe_timestamp(sc, "timestamp_ssl_setup")
maybe_timestamp(sc, "timestamp_tls_setup")
)
)

Expand Down
4 changes: 2 additions & 2 deletions mitmproxy/types.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,14 +267,14 @@ class _CutSpecType(_BaseType):
"client_conn.address.host",
"client_conn.tls_version",
"client_conn.sni",
"client_conn.ssl_established",
"client_conn.tls_established",

"server_conn.address.port",
"server_conn.address.host",
"server_conn.ip_address.host",
"server_conn.tls_version",
"server_conn.sni",
"server_conn.ssl_established",
"server_conn.tls_established",
]

def completion(self, manager: _CommandBase, t: type, s: str) -> typing.Sequence[str]:
Expand Down
2 changes: 1 addition & 1 deletion mitmproxy/version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

# Serialization format version. This is displayed nowhere, it just needs to be incremented by one
# for each change in the file format.
FLOW_FORMAT_VERSION = 5
FLOW_FORMAT_VERSION = 6


def get_version(dev: bool = False, build: bool = False, refresh: bool = False) -> str:
Expand Down
2 changes: 1 addition & 1 deletion pathod/pathod.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ def handle_http_request(self, logger):
),
cipher=None,
)
if self.ssl_established:
if self.tls_established:
retlog["cipher"] = self.get_current_cipher()

m = utils.MemBool()
Expand Down
Loading

0 comments on commit 9aae321

Please sign in to comment.