Comments (9)
Note to future readers: the cli option enabling host-header-as-url-authority is now --showhost
It can also be activated under the option menu (press uppercase O
while in terminal mode) next to "showhost" (options are alphabetically sorted).
from mitmproxy.
If you are using python script and try to get the url, you might try request.pretty_host
instead of request.host
.
from mitmproxy.
If you are using python script and try to get the url, you might try
request.pretty_host
instead ofrequest.host
.
for keeping the whole URL request.pretty_url
is also possible
from mitmproxy.
Workaround: returning headers['Host'][0]
instead of host
in read_request
.
from mitmproxy.
Hi Leopold,
This is actually a complex issue that we have to think about carefully. The hostname we display can come from a number of sources:
- The host header
- The host specified in the CONNECT string on proxy connection
- The upstream host specified in a reverse proxy configuration
- The upstream IP address actually connected to (or deduced in transparent mode)
You can plausibly have a request in which all of these values is different. You can also have perfectly ordinary requests in which any of these are absent! What you're seeing in the current master is an interim solution while I think about the best way to resolve this.
So, I've looked at your patch, but I'm afraid it won't do. We can't assume that a host header exists, and we need something better than using just the host header even if it does exist. My current thinking is that we need an option in mitmproxy to toggle between showing the upstream IP, and the host header.
- In host header mode, we use the host header if it exists, otherwise we fall back to the IP. This is the default mode.
- In IP mode, we just use the IP.
- We expose the CONNECT strings and upstream reverse proxy configuration through the interface in other ways (probably the detailed flow view currently accessible through the X shortcut).
If you feel like tackling this as a project, let me know. Otherwise, this is definitely on my todo list, and I'll work on it before the next release.
Cheers,
Aldo
from mitmproxy.
Yeah… I realized that as well. Using the host header might have security implications as well (CVE-2009-0801), depending on the implementation details (I've only looked at the code for a few minutes). Despite the limitations of this approach, it seems to me that simply using the Host header is more useful than displaying the IP until there's a correct implementation.
I agree with you. I suggest to use the host header (or the IP if it doesn't exist) for the displayed URL because it's usually the most useful information. The values from the other sources could be displayed in the detailed view and there should definitely be a setting (for misbehaving or malicious clients, for example).
from mitmproxy.
I've just added an option that uses the Host header for display URL construction. You can access it using the --host option, or with the "o" then "h" keyboard shortcut in mitmproxy.
from mitmproxy.
Works perfectly! Thanks a lot.
from mitmproxy.
hi, how can we do this in Java?
from mitmproxy.
Related Issues (20)
- When I used mitmproxy to grab my bag, my phone got so hot that I felt like it was going to explode
- attrs = self._cert.subject.get_attributes_for_oid HOT 1
- Mitmproxy taking long time to respond on Macbook M1 Sonoma HOT 11
- some data does not go through mitm on android 4.4.4 (TLS handshake failed) ? HOT 6
- When using mitmproxy, sometimes client gets "502 BadGateway".
- Change http to https
- Record failed TLS client handshakes in UI and to mitm dump file (not only in log) HOT 1
- disable temporary filter feature HOT 4
- Save decoded GRPC/Protocol Buffer content with mitmdump HOT 1
- [Feature request] Copy as Python Requests
- Mitmproxy unusably slow with large responses in reverse mode HOT 10
- Transparent mode on Windows Server 2022 (AWS) HOT 4
- mac m1 | protobuf<3.19,>=3.14| only 3 can be used at least 20 HOT 3
- Wireguard mode with MITM with docker container doesn't work HOT 8
- Downgradin Https To Http Not Work (sslstrip.py)
- mitmdump crashes on dns requests in reverse proxy mode HOT 2
- Windows MSI installer does not clear old ARP entries on version upgrade
- allow_hosts doesnt work HOT 1
- upstream:https failed HOT 10
- DHCP failure in Local Redirect mode (Windows) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mitmproxy.