./net/mitmproxy, Interactive TLS-capable intercepting HTTP proxy

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 10.2.4, Package name: mitmproxy-10.2.4, Maintainer: leot

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a
console interface for HTTP/1, HTTP/2, and WebSockets.

mitmdump is the command-line version of mitmproxy. Think tcpdump for
HTTP.

mitmweb is a web-based interface for mitmproxy.


Required to run:
[security/py-OpenSSL] [devel/py-urwid] [security/py-asn1] [devel/py-blinker] [www/py-flask] [www/py-tornado] [devel/py-pyparsing] [security/py-passlib] [security/py-cryptography] [devel/py-click] [devel/py-protobuf] [x11/py-pyperclip] [security/py-certifi] [www/py-h2] [www/py-hyperframe] [devel/py-ruamel-yaml] [databases/py-ldap3] [devel/py-sortedcontainers] [archivers/py-zstandard] [devel/py-kaitaistruct] [www/py-wsproto] [lang/python37] [archivers/py-brotli] [www/py-publicsuffix2]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 1494.407 KB

Version history: (Expand)


CVS history: (Expand)


   2024-03-24 21:00:11 by Leonardo Taccari | Files touched by this commit (2)
Log message:
mitmproxy: Update to 10.2.4

Changes:
## mitmproxy 10.2.4

* Fix a bug where errors during startup would not be displayed when running \ 
mitmproxy.
* Use newer cryptography APIs to avoid CryptographyDeprecationWarnings.
  This bumps the minimum required version to cryptography 42.0.

## mitmproxy 10.2.3

* Fix a regression where `allow_hosts`/`ignore_hosts` would break with IPv6 \ 
connections.
* Fix bug where failed CONNECT request URLs are saved to HAR files incorrectly.
* Fix duplicate answers being returned in DNS queries.
* Fix bug where wireguard config is generated with incorrect endpoint when two \ 
or more NICs are active.
* Fix a regression when leaf cert creation would fail with intermediate CAs in \ 
`ca_file`.
* Add `content_view_lines_cutoff` option to mitmdump
* Allow runtime modifications of HTTP flow filters for server replays
* Fix bug view options menu in case of overflow
* Allow --allow-hosts and --ignore-hosts to work together

## mitmproxy 10.2.2

* Fix a regression where clientplayback would break due to eager task execution.
* Fix a regression where WebSocket connections would break due to eager task \ 
execution.
* Fix bug where insecure HTTP requests are saved incorrectly when exporting to \ 
HAR files.
* `allow_hosts`/`ignore_hosts` option now matches against the full `host:port` \ 
string.
   2024-01-28 09:29:03 by Thomas Klausner | Files touched by this commit (1)
Log message:
mitmproxy: add missing tool
   2024-01-07 00:39:24 by Leonardo Taccari | Files touched by this commit (4) | Package updated
Log message:
mitmproxy: Update to 10.2.1

pkgsrc changes:
- Update DESCR and COMMENT based respectively on upstream's README and
  GitHub project description
- Switch to non-versioned py-OpenSSL. mitmproxy now needs Rust-y bits also for
  mitmproxy_rs. Possibly avoiding Rust py-cryptography no longer helps.
- Adjust SUBST-fu in order to address dependencies versions in pyproject.toml,
  not setup.py (per upstream usage)

Changes:
## 06 January 2024: mitmproxy 10.2.1
* Fix a regression introduced in mitmproxy 10.2.0: WireGuard servers
  now bind to all interfaces again.
* Remove stale reference to ctx.log in addon documentation.
* Fix a bug where a traceback is shown during shutdown.

## 04 January 2024: mitmproxy 10.2.0
* Local Redirect Mode is now officially available on macOS and Windows.
  See the linked blog posts for details.
* UDP streams are now backed by a new implementation in mitmproxy_rs.
  This represents a major API change as UDP traffic is now exposed as
  streams instead of a callback for each packet.
* Fix a regression from mitmproxy 10.1.6 where ignore_hosts would
  terminate requests instead of forwarding them.
* ignore_hosts now waits for the entire HTTP headers if it suspects the
  connection to be HTTP.

## 14 December 2023: mitmproxy 10.1.6
* Fix compatibility with Windows Schannel clients, which previously got
  confused by CA and leaf certificate sharing the same Subject Key Identifier.
* Change keybinding for exporting flow from "e" to "x" to \ 
avoid conflict with "edit" keybinding.
* Fix bug where response flows from HAR files had incorrect `content-length` headers
* Improved handling for `allow_hosts`/`ignore_hosts` options in WireGuard mode.
* Fix a bug where TCP connections were not closed properly.
* DNS resolution is now exempted from `ignore_hosts` in WireGuard Mode.
* Fix case sensitivity of URL added to blocklist
* Fix a bug where logging was stopped prematurely during shutdown.
* For plaintext traffic, `ignore_hosts` now also takes HTTP/1 host headers into \ 
account.
* Fix empty cookie attributes being set to `Key=` instead of `Key`
* Scripts with relative paths are now loaded relative to the config file and not \ 
where the command is ran
* Fix `mitmweb` splitter becoming drag and drop.
* Enhance documentation and add alert log messages when stream_large_bodies and \ 
modify_body are set
* Subject Alternative Names are now represented as \ 
`cryptography.x509.GeneralNames` instead of `list[str]`
  across the codebase. This fixes a regression introduced in mitmproxy 10.1.1 \ 
related to punycode domain encoding.

## 14 November 2023: mitmproxy 10.1.5
* Remove stray `replay-extra` from CLI status bar.

## 13 November 2023: mitmproxy 10.1.4
* Fix a hang/freeze in the macOS distributions when doing TLS negotiation.
* Update savehar addon to fix creating corrupt har files caused by empty \ 
response content
* Update savehar addon to handle scenarios where "path" key in cookie
  attrs dict is missing.
* Add `server_replay_extra` option to serverplayback to define behaviour
  when replayable response is missing.

## 04 November 2023: mitmproxy 10.1.3
* Fix a bug introduced in mitmproxy 10.1.2 where mitmweb would fail to establish
  a WebSocket connection. Affected users may need to clear their browser cache
  or hard-reload mitmweb (Ctrl+Shift+R).

## 03 November 2023: mitmproxy 10.1.2
* Add a raw hex stream contentview.
* Add a contentview for DNS-over-HTTPS.
* Replaced standalone mitmproxy binaries on macOS with an app bundle
  that contains the mitmproxy/mitmweb/mitmdump CLI tools.
  This change was necessary to support macOS code signing requirements.
  Homebrew remains the recommended installation method.
* Fix certificate generation to work with strict mode OpenSSL 3.x clients
* Fix path() documentation that the return value might include the query string
* mitmproxy now officially supports Python 3.12.
* Fix root-relative URLs so that mitmweb can run in subdirectories.
* Add an optional parameter(ldap search filter key) to ProxyAuth-LDAP.
* Fix a regression when using the proxyauth addon with clients that (rightfully) \ 
reuse connections.

## 27 September 2023: mitmproxy 10.1.1
* Fix certificate generation for punycode domains.
* Fix a bug that would crash mitmweb when opening options.

## 24 September 2023: mitmproxy 10.1.0
* Add support for reading HAR files using the existing flow loading APIs, e.g. \ 
`mitmproxy -r example.har`.
* Add support for writing HAR files using the `save.har` command and the \ 
`hardump` option for mitmdump.
* Packaging changes:
  - `mitmproxy-rs` does not depend on a protobuf compiler being available anymore,
    we're now also providing a working source distribution for all platforms.
  - On macOS, `mitmproxy-rs` now depends on `mitmproxy-macos`. We only provide \ 
binary wheels for this package because
    it contains a code-signed system extension. Building from source requires a \ 
valid Apple Developer Id, see CI for
    details.
  - On Windows, `mitmproxy-rs` now depends on `mitmproxy-windows`. We only \ 
provide binary wheels for this package to
    simplify our deployment process, see CI for how to build from source.
* Increase maximum dump file size accepted by mitmweb

## 04 August 2023: mitmproxy 10.0.0
* Add experimental support for HTTP/3 and QUIC.
* ASGI/WSGI apps can now listen on all ports for a specific hostname.
  This makes it simpler to accept both HTTP and HTTPS.
* Add `replay.server.add` command for adding flows to server replay buffer
* Remove string escaping in raw view.
* Updating `Request.port` now also updates the Host header if present.
  This aligns with `Request.host`, which already does this.
* Fix editing of multipart HTTP requests from the CLI.
* Add documentation on using Magisk module for intercepting traffic in Android \ 
production builds.
* Fix a bug where the direction indicator in the message stream view would be in \ 
the wrong direction.
* Fix a bug where peername would be None in tls_passthrough script, which would \ 
make it not working.
* the `esc` key can now be used to exit the current view
* focus-follow shortcut will now work in flow view context too.
* Fix a bug where a server connection timeout would cause requests to be issued \ 
with a wrong SNI in reverse proxy mode.
* The `server_replay_nopop` option has been renamed to `server_replay_reuse` to \ 
avoid confusing double-negation.
* Add zstd to valid gRPC encoding schemes.
* For reverse proxy directly accessed via IP address, the IP address is now included
  as a subject in the generated certificate.
* Enable legacy SSL connect when connecting to server if the `ssl_insecure` flag \ 
is set.
* Change wording in the http-reply-from-proxy.py example
* Added option to specify an elliptic curve for key exchange between mitmproxy \ 
<-> server
* Add "Prettier" code linting tool to mitmweb.
* When logging exceptions, provide the entire exception object to log handlers
* mitmproxy now requires Python 3.10 or above.

### Breaking Changes
* The `onboarding_port` option has been removed. The onboarding app now responds
  to all requests for the hostname specified in `onboarding_host`.
* `connection.Client` and `connection.Server` now accept keyword arguments only.
  This is a breaking change for custom addons that use these classes directly.

## 02 November 2022: mitmproxy 9.0.1
* The precompiled binaries now ship with OpenSSL 3.0.7, which resolves \ 
CVE-2022-3602 and CVE-2022-3786.
* Performance and stability improvements for WireGuard mode.
* Fix a bug where the standalone Linux binaries would require libffi to be installed.
* Hard exit when mitmproxy cannot write logs, fixes endless loop when parent \ 
process exits.
* Fix a permission error affecting the Docker images.

## 28 October 2022: mitmproxy 9.0.0
### Major Features
* Add Raw UDP support.
* Add WireGuard mode to enable transparent proxying via WireGuard.
* Add DTLS support.
* Add a quick help bar to mitmproxy.

### Deprecations
* Deprecate `add_log` event hook. Users should use the builtin `logging` module \ 
instead.
* Deprecate `mitmproxy.ctx.log` in favor of Python's builtin `logging` module.

### Breaking Changes
 * The `mode` option is now a list of server specs instead of a single spec.
   The CLI interface is unaffected, but users may need to update their `config.yaml`.

### Full Changelog
* Mitmproxy binaries now ship with Python 3.11.
* One mitmproxy instance can now spawn multiple proxy servers.
* Add syntax highlighting to JSON and msgpack content view.
* Add MQTT content view.
* Setting `connection_strategy` to `lazy` now also disables early
  upstream connections to fetch TLS certificate details.
* Fix order of event hooks on startup.
* Include server information in bind/listen errors.
* Include information about lazy connection_strategy in related errors.
* Fix `tls_version_server_min` and `tls_version_server_max` options.
* Added Magisk module generation for Android onboarding.
* Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc version \ 
to 2.31.
* Add "Save filtered" button in mitmweb.
* Render application/prpc content as gRPC/Protocol Buffers
* Mitmweb now supports `content_view_lines_cutoff`.
* Fix a mitmweb crash when scrolling down the flow list.
* Add HTTP/3 binary frame content view.
* Fix mitmweb not properly opening a browser and being stuck on some Linux.
* Fix race condition when updating mitmweb WebSocket connections that are closing.
* Fix mitmweb crash when using filters.
* Fix missing default port when starting a browser.
* Add docs for transparent mode on Windows.
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-08-02 01:20:57 by Thomas Klausner | Files touched by this commit (158)
Log message:
*: remove more references to Python 3.7
   2022-10-19 16:25:20 by Nia Alarie | Files touched by this commit (21)
Log message:
fighting a losing battle against the py-cryptography rustification, part 5

Convert py-OpenSSL users to versioned_dependencies.mk
   2022-07-08 14:57:26 by Leonardo Taccari | Files touched by this commit (3)
Log message:
mitmproxy: Update to 8.1.1

pkgsrc changes:
 - Follow upstream requirements for py-cryptography (previously a workaround was
   added in order to avoid possible too new py-cryptography that was not yet
   present in pkgsrc)

Changes:
8.1.1
-----
* Support specifying the local address for outgoing connections
* Fix a bug where an excess empty chunk has been sent for chunked HEAD request.
* Drop pkg_resources dependency.
* Fix huge (>65kb) http2 responses corrupted.
* Remove overambitious assertions in the HTTP state machine,
  fix some error handling.
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix