forked from mitmproxy/mitmproxy
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
disable h2c prior knowledge connections
- Loading branch information
Showing
5 changed files
with
82 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
import mitmproxy | ||
|
||
|
||
class DisableH2C: | ||
|
||
""" | ||
We currently only support HTTP/2 over a TLS connection. | ||
Some clients try to upgrade a connection from HTTP/1.1 to h2c. We need to | ||
remove those headers to avoid protocol errors if one endpoints suddenly | ||
starts sending HTTP/2 frames. | ||
Some clients might use HTTP/2 Prior Knowledge to directly initiate a session | ||
by sending the connection preface. We just kill those flows. | ||
""" | ||
|
||
def configure(self, options, updated): | ||
pass | ||
|
||
def process_flow(self, f): | ||
if f.request.headers.get('upgrade', '') == 'h2c': | ||
mitmproxy.ctx.log.warn("HTTP/2 cleartext connections (h2c upgrade requests) are currently not supported.") | ||
del f.request.headers['upgrade'] | ||
if 'connection' in f.request.headers: | ||
del f.request.headers['connection'] | ||
if 'http2-settings' in f.request.headers: | ||
del f.request.headers['http2-settings'] | ||
|
||
is_connection_preface = ( | ||
f.request.method == 'PRI' and | ||
f.request.path == '*' and | ||
f.request.http_version == 'HTTP/2.0' | ||
) | ||
if is_connection_preface: | ||
f.kill() | ||
mitmproxy.ctx.log.warn("Initiating HTTP/2 connections with prior knowledge are currently not supported.") | ||
|
||
# Handlers | ||
|
||
def request(self, f): | ||
self.process_flow(f) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
import io | ||
from mitmproxy import http | ||
from mitmproxy.addons import disable_h2c | ||
from mitmproxy.net.http import http1 | ||
from mitmproxy.exceptions import Kill | ||
from mitmproxy.test import tflow | ||
from mitmproxy.test import taddons | ||
|
||
|
||
class TestDisableH2CleartextUpgrade: | ||
def test_upgrade(self): | ||
with taddons.context() as tctx: | ||
a = disable_h2c.DisableH2C() | ||
tctx.configure(a) | ||
|
||
f = tflow.tflow() | ||
f.request.headers['upgrade'] = 'h2c' | ||
f.request.headers['connection'] = 'foo' | ||
f.request.headers['http2-settings'] = 'bar' | ||
|
||
a.request(f) | ||
assert 'upgrade' not in f.request.headers | ||
assert 'connection' not in f.request.headers | ||
assert 'http2-settings' not in f.request.headers | ||
|
||
def test_prior_knowledge(self): | ||
with taddons.context() as tctx: | ||
a = disable_h2c.DisableH2C() | ||
tctx.configure(a) | ||
|
||
b = io.BytesIO(b"PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n") | ||
f = tflow.tflow() | ||
f.request = http.HTTPRequest.wrap(http1.read_request(b)) | ||
f.reply.handle() | ||
f.intercept() | ||
|
||
a.request(f) | ||
assert not f.killable | ||
assert f.reply.value == Kill |
This file was deleted.
Oops, something went wrong.