diff --git a/hippolyzer/apps/proxy.py b/hippolyzer/apps/proxy.py index 847323a..8673a87 100644 --- a/hippolyzer/apps/proxy.py +++ b/hippolyzer/apps/proxy.py @@ -16,7 +16,7 @@ from hippolyzer.lib.proxy.addons import AddonManager from hippolyzer.lib.proxy.addon_utils import BaseAddon from hippolyzer.lib.proxy.ca_utils import setup_ca from hippolyzer.lib.proxy.commands import handle_command -from hippolyzer.lib.proxy.http_proxy import create_http_proxy, create_proxy_master, HTTPFlowContext +from hippolyzer.lib.proxy.http_proxy import create_http_proxy, HTTPFlowContext from hippolyzer.lib.proxy.http_event_manager import MITMProxyEventManager from hippolyzer.lib.proxy.lludp_proxy import SLSOCKS5Server from hippolyzer.lib.base.message.message import Message @@ -85,12 +85,12 @@ class REPLAddon(BaseAddon): AddonManager.spawn_repl() -def run_http_proxy_process(proxy_host, http_proxy_port, flow_context: HTTPFlowContext): +def run_http_proxy_process(proxy_host, http_proxy_port, flow_context: HTTPFlowContext, ssl_insecure=False): mitm_loop = asyncio.new_event_loop() asyncio.set_event_loop(mitm_loop) async def mitmproxy_loop(): - mitmproxy_master = create_http_proxy(proxy_host, http_proxy_port, flow_context) + mitmproxy_master = create_http_proxy(proxy_host, http_proxy_port, flow_context, ssl_insecure=ssl_insecure) gc.freeze() await mitmproxy_master.run() @@ -98,7 +98,7 @@ def run_http_proxy_process(proxy_host, http_proxy_port, flow_context: HTTPFlowCo def start_proxy(session_manager: SessionManager, extra_addons: Optional[list] = None, - extra_addon_paths: Optional[list] = None, proxy_host=None): + extra_addon_paths: Optional[list] = None, proxy_host=None, ssl_insecure=False): extra_addons = extra_addons or [] extra_addon_paths = extra_addon_paths or [] extra_addons.append(SelectionManagerAddon()) @@ -123,17 +123,13 @@ def start_proxy(session_manager: SessionManager, extra_addons: Optional[list] = # TODO: argparse if len(sys.argv) == 3: if sys.argv[1] == "--setup-ca": - try: - mitmproxy_master = create_http_proxy(proxy_host, http_proxy_port, flow_context) - except mitmproxy.exceptions.MitmproxyException: - # Proxy already running, create the master so we don't try to bind to a port - mitmproxy_master = create_proxy_master(proxy_host, http_proxy_port, flow_context) + mitmproxy_master = create_http_proxy(proxy_host, http_proxy_port, flow_context) setup_ca(sys.argv[2], mitmproxy_master) return sys.exit(0) http_proc = multiprocessing.Process( target=run_http_proxy_process, - args=(proxy_host, http_proxy_port, flow_context), + args=(proxy_host, http_proxy_port, flow_context, ssl_insecure), daemon=True, ) http_proc.start() diff --git a/hippolyzer/apps/proxy_gui.py b/hippolyzer/apps/proxy_gui.py index 4a64c3a..67c6e63 100644 --- a/hippolyzer/apps/proxy_gui.py +++ b/hippolyzer/apps/proxy_gui.py @@ -42,7 +42,7 @@ from hippolyzer.lib.base.network.transport import Direction, SocketUDPTransport from hippolyzer.lib.proxy.addons import BaseInteractionManager, AddonManager from hippolyzer.lib.proxy.ca_utils import setup_ca_everywhere from hippolyzer.lib.proxy.caps_client import ProxyCapsClient -from hippolyzer.lib.proxy.http_proxy import create_proxy_master, HTTPFlowContext +from hippolyzer.lib.proxy.http_proxy import create_http_proxy, HTTPFlowContext from hippolyzer.lib.proxy.message_logger import LLUDPMessageLogEntry, AbstractMessageLogEntry, WrappingMessageLogger, \ import_log_entries, export_log_entries from hippolyzer.lib.proxy.region import ProxiedRegion @@ -275,9 +275,11 @@ class MessageLogWindow(QtWidgets.QMainWindow): self.actionOpenMessageBuilder.triggered.connect(self._openMessageBuilder) self.actionProxyRemotelyAccessible.setChecked(self.settings.REMOTELY_ACCESSIBLE) + self.actionProxySSLInsecure.setChecked(self.settings.SSL_INSECURE) self.actionUseViewerObjectCache.setChecked(self.settings.USE_VIEWER_OBJECT_CACHE) self.actionRequestMissingObjects.setChecked(self.settings.AUTOMATICALLY_REQUEST_MISSING_OBJECTS) self.actionProxyRemotelyAccessible.triggered.connect(self._setProxyRemotelyAccessible) + self.actionProxySSLInsecure.triggered.connect(self._setProxySSLInsecure) self.actionUseViewerObjectCache.triggered.connect(self._setUseViewerObjectCache) self.actionRequestMissingObjects.triggered.connect(self._setRequestMissingObjects) self.actionOpenNewMessageLogWindow.triggered.connect(self._openNewMessageLogWindow) @@ -458,7 +460,7 @@ class MessageLogWindow(QtWidgets.QMainWindow): if clicked_btn is not yes_btn: return - master = create_proxy_master("127.0.0.1", -1, HTTPFlowContext()) + master = create_http_proxy("127.0.0.1", -1, HTTPFlowContext()) dirs = setup_ca_everywhere(master) msg = QtWidgets.QMessageBox() @@ -474,6 +476,12 @@ class MessageLogWindow(QtWidgets.QMainWindow): msg.setText("Remote accessibility setting changes will take effect on next run") msg.exec() + def _setProxySSLInsecure(self, checked: bool): + self.sessionManager.settings.SSL_INSECURE = checked + msg = QtWidgets.QMessageBox() + msg.setText("SSL security setting changes will take effect on next run") + msg.exec() + def _setUseViewerObjectCache(self, checked: bool): self.sessionManager.settings.USE_VIEWER_OBJECT_CACHE = checked @@ -937,6 +945,7 @@ def gui_main(): session_manager=window.sessionManager, extra_addon_paths=window.getAddonList(), proxy_host=http_host, + ssl_insecure=settings.SSL_INSECURE, ) diff --git a/hippolyzer/apps/proxy_mainwindow.ui b/hippolyzer/apps/proxy_mainwindow.ui index 479d217..078e1c4 100644 --- a/hippolyzer/apps/proxy_mainwindow.ui +++ b/hippolyzer/apps/proxy_mainwindow.ui @@ -245,7 +245,7 @@ 0 0 700 - 22 + 29 @@ -268,6 +268,7 @@ + @@ -342,6 +343,17 @@ Export Log Entries + + + true + + + Allow Insecure SSL Connections + + + Allow invalid SSL certificates from upstream connections + + diff --git a/hippolyzer/lib/proxy/http_proxy.py b/hippolyzer/lib/proxy/http_proxy.py index e693661..c7aa511 100644 --- a/hippolyzer/lib/proxy/http_proxy.py +++ b/hippolyzer/lib/proxy/http_proxy.py @@ -236,7 +236,7 @@ class SLMITMMaster(mitmproxy.master.Master): ) -def create_proxy_master(host, port, flow_context: HTTPFlowContext): # pragma: no cover +def create_http_proxy(host, port, flow_context: HTTPFlowContext, ssl_insecure=False): # pragma: no cover opts = mitmproxy.options.Options() master = SLMITMMaster(flow_context, opts) @@ -251,10 +251,6 @@ def create_proxy_master(host, port, flow_context: HTTPFlowContext): # pragma: n ssl_verify_upstream_trusted_ca=ca_bundle, listen_host=host, listen_port=port, + ssl_insecure=ssl_insecure, ) return master - - -def create_http_proxy(bind_host, port, flow_context: HTTPFlowContext): # pragma: no cover - master = create_proxy_master(bind_host, port, flow_context) - return master diff --git a/hippolyzer/lib/proxy/settings.py b/hippolyzer/lib/proxy/settings.py index 66293b3..25c2044 100644 --- a/hippolyzer/lib/proxy/settings.py +++ b/hippolyzer/lib/proxy/settings.py @@ -35,3 +35,4 @@ class ProxySettings(Settings): AUTOMATICALLY_REQUEST_MISSING_OBJECTS: bool = SettingDescriptor(False) ADDON_SCRIPTS: List[str] = SettingDescriptor(list) FILTERS: Dict[str, str] = SettingDescriptor(dict) + SSL_INSECURE: bool = SettingDescriptor(False)