New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HEAD method not allowed to access mitm.it #2324

Closed
tomlabaude opened this Issue May 9, 2017 · 5 comments

Comments

Projects
None yet
2 participants
@tomlabaude

tomlabaude commented May 9, 2017

Steps to reproduce the problem:
  1. Using mitmdump in transparent mode, with on-boarding port on 6969 (did not test on 80)
    /mitmdump -T --host --insecure --onboarding-port 6969

  2. On iPad + Chrome + Transparent mode, access to http://mitm.it:6969

  3. An HEAD /cert/pem is sent, receive an "405 Method Not Allowed"

Any idea of any workaround?

Any other comments? What have you tried so far?

Exact packet:
Hypertext Transfer Protocol
HEAD /cert/pem HTTP/1.1\r\n
Host: mitm.it:6969\r\n
Connection: keep-alive\r\n
User-Agent: Mozilla/5.0 (iPad; CPU OS 9_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/55.0.2883.79 Mobile/13C75 Safari/601.1.46\r\n
Accept-Encoding: gzip, deflate, sdch\r\n
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4\r\n
\r\n

Answer:
Hypertext Transfer Protocol
HTTP/1.1 405 Method Not Allowed\r\n
Server: TornadoServer/4.4.2\r\n
Content-Length: 87\r\n
Date: Tue, 09 May 2017 13:35:38 GMT\r\n
Content-Type: text/html; charset=UTF-8\r\n
\r\n

System information

mitmdump --version
Mitmproxy version: 2.0.1 (release version) Precompiled Binary
Python version: 3.5.2
Platform: Darwin-16.5.0-x86_64-i386-64bit
SSL version: OpenSSL 1.0.2j 26 Sep 2016
Mac version: 10.12.4 ('', '', '') x86_64

@Kriechi

This comment has been minimized.

Member

Kriechi commented May 9, 2017

AFAIK the mitm.it just implements enough to serve the page.
Any specific reason why you want to use a HEAD request?
Or is this an intrinsic behaviour of Chrome for iOS? Why are they doing it?

@tomlabaude

This comment has been minimized.

tomlabaude commented May 9, 2017

Actually it makes both requests in a row:
GET, I receive a 400
HEAD, I receive 405

screenshot

It works well on Safari on iPad

@Kriechi

This comment has been minimized.

Member

Kriechi commented May 9, 2017

Ok - thanks for the wireshark trace.
Looks like the regular GET still works ok.

Not sure now why you are seeing a HEAD request as well.
But I guess there is no harm in implementing it here

class PEM(tornado.web.RequestHandler):
@property
def filename(self):
return config.CONF_BASENAME + "-ca-cert.pem"
def get(self):
p = os.path.join(self.request.master.options.cadir, self.filename)
p = os.path.expanduser(p)
self.set_header("Content-Type", "application/x-x509-ca-cert")
self.set_header(
"Content-Disposition",
"inline; filename={}".format(
self.filename))
with open(p, "rb") as f:
self.write(f.read())

and here
class P12(tornado.web.RequestHandler):
@property
def filename(self):
return config.CONF_BASENAME + "-ca-cert.p12"
def get(self):
p = os.path.join(self.request.master.options.cadir, self.filename)
p = os.path.expanduser(p)
self.set_header("Content-Type", "application/x-pkcs12")
self.set_header(
"Content-Disposition",
"inline; filename={}".format(
self.filename))
with open(p, "rb") as f:
self.write(f.read())

PRs are welcome!

@tomlabaude

This comment has been minimized.

tomlabaude commented May 9, 2017

You mean something like def head(self): ... with exact same definition as def get(self)?

Or it's not simple as that?

@Kriechi

This comment has been minimized.

Member

Kriechi commented May 9, 2017

More or less.
The important bit is probably self.set_header("Content-Length", "7")

ujjwal96 added a commit to ujjwal96/mitmproxy that referenced this issue May 9, 2017

@Kriechi Kriechi closed this in #2325 May 9, 2017

Kriechi added a commit that referenced this issue May 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment