New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unify Replacement UX #3948
Comments
I'm all for making stuff more consistent and well-defined. I didn't know about the interesting I'm not saying what Burp does is perfect or even good, but it's worth taking a look at Let's ignore params for a moment, these things could be added later and it's hard to draw a line where to stop. E.g. if you start parsing bodies why not also allow a syntax to modify JSON bodies etc. These things can be done in a script and the command line should focus on simple use-cases. I like the semantics of adding/removing instead of modifying based on leaving stuff out. So I'd say we make Can you give examples for how Map Local and Map Remote would look like for the user? Map Remote is kind of what Burp calls "Request first line" combined with Edit: For naming, how about |
for Map Remote
for Map Local
|
Another problem. If the Based on @Prinzhorn ,my suggestion is that:
|
If anyone wonders if this could be ambiguous, I propose that if a part is optional, it should be left empty by the user instead of being left out completely. This makes the intention more explicit for all parties and less magical. So if you don't need a regex in the current |
Another weekend thought: shouldn't we use some sort of glob syntax instead of regex? Maybe I'm opening pandora's box, but I think globs would be useful in a lot of places in mitmproxy. I always die a little when I have to use a regex in Burp and have to escape all the dots in a hostname or file extensions 🤦 Things that globs are amazing at:
Both things that are pretty useful in the context of a proxy 😄 |
Just don't escape them, it will match the right things anyways 😉🙊 More seriously: I see your point, but globs are very much limited when it comes to replacements and not just matching. Let's keep this in mind, but we likely need regexes somewhere anyways, and then it may pay off to be consistent. |
Thank you two for the very valueable input. Maybe let's take a step back and let us first collect the "main stream" use cases which we think are important. In step two we can then think about what would be best for each feature individually, and finally think about how we can combine things. Headers
Is there a "main stream" use cases for dynamic replacements, i.e. Bodies
Local Redirection
Remote Redirection
Any other use cases you think we should cater for? |
I'm not sure it is a commonly use case: Randomly add a line to a header from a file. |
My suggestion to the syntax is:
|
what syntax parser need is cut the separator and extract |
I got some heavy work recently. Will start coding in next week. XP |
I am working on this issue and plan to tackle
Note that only Btw, did I miss something or does the current implementation indeed only support to set header replacements via a cli argument and not within the interactive GUI? What do you think of having the flow-filter expression last, i.e., @mhils, regarding
You mean to search and replace within all header values without filtering for header name first? |
Looking a this again I feel like we could go for
You can modify the setheaders option from within mitmproxy, and I believe also from within mitmweb. There is an argument to be had that a more specialized editor would be nice, but let's get the basics right first.
Right - you can pretty much emulate add/replace with a flow filter such as
Yes, excellent suggestion. 👍 |
Yes! I think these are very distinct use-cases.
mitmproxy/examples/addons/http-redirect-requests.py Lines 5 to 10 in 73163c8
The request is not transmitted to the original host in this example. For MapLocal, it's a bit different: mitmproxy/examples/addons/http-reply-from-proxy.py Lines 6 to 11 in 73163c8
By setting .response we can avoid the entire upstream side.
MapRemote: return whatever upstream sent us, MapLocal: We probably need to make up some mime-type headers? Let's tackle MapRemote first! :) |
That makes a lot of sense, thanks. After posting my comment I found that the At the moment I apply the replacement on |
@mplattner would you consider this complete? if no, please open a new issue with remaining tasks. |
Yes, complete. 😃 👍 |
Problem Description
The replacement addon currently calls
flow.replace()
, which performs replacements in URL, HTTP Headers, and request/response body. This is messy and terrible because there is no way to control in which part of the flow replacements should be done - it does many things, and none of them well. It's often luck that replacements work. For example, in many cases, replacements like/~s/response-body
"work" because URL/header replacements are not performed if they don't match syntactically:mitmproxy/mitmproxy/net/http/headers.py
Lines 172 to 177 in 3131160
I think there is some opportunity for improvement here. 😄
Proposed Changes
With the advent of a "map local" editor in #3940, I think it is time to clean up things here and implement the following changes:
HTTPFlow.replace
and its descendants.SetHeaders
is for header modifications.This also means we can unify the expression syntax for these four addons:
[/filter]/url/file-or-directory
[/filter]/url-regex/replacement
/filter/name/value
[/filter]/header-name/[@]header-value
/filter[/regex]/[@]replacement
[/filter]/body-regex/[@]replacement
@mitmproxy/devs, @Prinzhorn, @naivekun, any thoughts? 😃
The text was updated successfully, but these errors were encountered: