(reader, writer)
| 529 | ) |
| 530 | |
| 531 | async def handle(reader, writer): |
| 532 | layer_stack = [ |
| 533 | # lambda ctx: layers.ServerTLSLayer(ctx), |
| 534 | # lambda ctx: layers.HttpLayer(ctx, HTTPMode.regular), |
| 535 | # lambda ctx: setattr(ctx.server, "tls", True) or layers.ServerTLSLayer(ctx), |
| 536 | # lambda ctx: layers.ClientTLSLayer(ctx), |
| 537 | lambda ctx: layers.modes.ReverseProxy(ctx), |
| 538 | lambda ctx: layers.HttpLayer(ctx, HTTPMode.transparent), |
| 539 | ] |
| 540 | |
| 541 | def next_layer(nl: layer.NextLayer): |
| 542 | layr = layer_stack.pop(0)(nl.context) |
| 543 | layr.debug = " " * len(nl.context.layers) |
| 544 | nl.layer = layr |
| 545 | |
| 546 | def request(flow: http.HTTPFlow): |
| 547 | if "cached" in flow.request.path: |
| 548 | flow.response = http.Response.make(418, f"(cached) {flow.request.text}") |
| 549 | if "toggle-tls" in flow.request.path: |
| 550 | if flow.request.url.startswith("https://"): |
| 551 | flow.request.url = flow.request.url.replace("https://", "http://") |
| 552 | else: |
| 553 | flow.request.url = flow.request.url.replace("http://", "https://") |
| 554 | if "redirect" in flow.request.path: |
| 555 | flow.request.host = "httpbin.org" |
| 556 | |
| 557 | def tls_start_client(tls_start: tls.TlsData): |
| 558 | # INSECURE |
| 559 | ssl_context = SSL.Context(SSL.SSLv23_METHOD) |
| 560 | ssl_context.use_privatekey_file( |
| 561 | pkg_data.path( |
| 562 | "../test/mitmproxy/data/verificationcerts/trusted-leaf.key" |
| 563 | ) |
| 564 | ) |
| 565 | ssl_context.use_certificate_chain_file( |
| 566 | pkg_data.path( |
| 567 | "../test/mitmproxy/data/verificationcerts/trusted-leaf.crt" |
| 568 | ) |
| 569 | ) |
| 570 | tls_start.ssl_conn = SSL.Connection(ssl_context) |
| 571 | tls_start.ssl_conn.set_accept_state() |
| 572 | |
| 573 | def tls_start_server(tls_start: tls.TlsData): |
| 574 | # INSECURE |
| 575 | ssl_context = SSL.Context(SSL.SSLv23_METHOD) |
| 576 | tls_start.ssl_conn = SSL.Connection(ssl_context) |
| 577 | tls_start.ssl_conn.set_connect_state() |
| 578 | if tls_start.context.client.sni is not None: |
| 579 | tls_start.ssl_conn.set_tlsext_host_name( |
| 580 | tls_start.context.client.sni.encode() |
| 581 | ) |
| 582 | |
| 583 | await SimpleConnectionHandler( |
| 584 | reader, |
| 585 | writer, |
| 586 | opts, |
| 587 | mode_specs.ProxyMode.parse("reverse:http://127.0.0.1:3000/"), |
| 588 | { |
searching dependent graphs…