Reverse proxy mode for mitmproxy #29
Conversation
proxy accept a 'GET / HTTP/1.0' request and fill up the destination host and port from the ones given with -R (for example, "-R localhost:80").
Reverse proxy mode for mitmproxy
|
Thanks for this Heikki. I've got some ideas for extending this to support HTTPS and authentication - reverse proxying is a useful feature that's been on my todo list. |
|
What exactly would be the lifting needed to get this to work with https? I would be willing to hack it out if you point me in the right direction. |
|
I'd say the following needs to be done:
Hit me up by email or drop by on the IRC channel if you do want to work on this, and need more pointers. |
|
I actually hacked together a version in erlang/otp that does reverse proxying of both ssl and normal tcp sockets. Did the job nicely but certainly not feature rich enough to replace the work you have done here. I will circle back when I get some more free time though and see if I can hack out your suggestions above. It would be a nice contribution and I do like this software. |
unify SSL version/method handling
I've added a little bit of code which enables a reverse proxy mode for mitmproxy. This pull request contains two commits to bring that to the master.
When run with the option "-R localhost:80", mitmproxy will accept a non-proxy-mode HTTP request ("GET / HTTP/1.0"), set scheme to http and host/port to localhost:80, and the proxy connection will then be made to the correct server.
The code still assumes that the client will transmit the correct Host: header that the upstream/origin server will accept as it's own (name-based virtual hosts), and will not tamper with that header, but that can probably be "fixed" elsewhere if needed.
I have not even tried to figure out how this copes with https, sorry for my ignorance. But it should still be useful for many - it's a very handy tool for debugging client requests when you have access to the server (or a box in between) but it'd be hard to add proxy configuration to the client.