add copyright headers to python files

automation/roles/algo/files/algo_refresh_users.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LOG=/tmp/bubble.algo_refresh_users.log
 
 function die {

automation/roles/algo/files/algo_refresh_users_monitor.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LOG=/tmp/bubble.algo_refresh_users_monitor.log
 
 function die {

automation/roles/algo/files/wg_monitor_connections.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LOG=/tmp/bubble.wg_monitor_connections.log
 
 function die {

automation/roles/bubble/files/bubble_restore_monitor.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 BUBBLE_HOME="/home/bubble"
 RESTORE_MARKER="${BUBBLE_HOME}/.restore"
 RESTORE_RUN_MARKER="${BUBBLE_HOME}/.restore_run"

automation/roles/bubble/files/init_bubble_db.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 echo "$@" > /tmp/init.args
 
 LOG=/dev/null

automation/roles/bubble/files/init_roles.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 SCRIPT="${0}"
 SCRIPT_DIR=$(cd $(dirname ${SCRIPT}) && pwd)
 

automation/roles/bubble/files/random_password.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 file=${1:?no file provided}
 owner=${2:?no owner provided}
 group=${3:?no group provided}

automation/roles/bubble/files/refresh_bubble_ssh_keys_monitor.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LOG=/tmp/bubble.ssh_keys_monitor.log
 
 function die {

automation/roles/bubble/tasks/restore.yml

@@ -1,7 +1,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 - name: Install restore helper scripts
   copy:
     src: '{{ item }}'

automation/roles/bubble_finalizer/files/copy_certs_to_bubble.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 function die {
   echo 1>&2 "${1}"
   exit 1

automation/roles/firewall/files/bubble_peer_manager.py

@@ -1,5 +1,7 @@
 #!/usr/bin/python3
-
+#
+# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
+#
 import json
 import logging
 import os

automation/roles/mitmproxy/files/bubble_api.py

@@ -1,3 +1,6 @@
+#
+# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
+#
 import requests
 import traceback
 import sys
@@ -9,6 +12,7 @@ HEADER_REFERER = 'Referer'
 
 CTX_BUBBLE_MATCHERS='X-Bubble-Matchers'
 CTX_BUBBLE_ABORT='X-Bubble-Abort'
+CTX_BUBBLE_PASSTHRU='X-Bubble-Passthru'
 CTX_BUBBLE_REQUEST_ID='X-Bubble-RequestId'
 CTX_CONTENT_LENGTH='X-Bubble-Content-Length'
 CTX_CONTENT_LENGTH_SENT='X-Bubble-Content-Length-Sent'

automation/roles/mitmproxy/files/bubble_modify.py

@@ -1,3 +1,6 @@
+#
+# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
+#
 import re
 import requests
 import urllib

automation/roles/mitmproxy/files/bubble_passthru.py

@@ -1,3 +1,12 @@
+#
+# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
+#
+from mitmproxy.proxy.protocol import TlsLayer, RawTCPLayer
+from bubble_api import bubble_log
+
+def should_passthru(next_layer, addr):
+    # todo
+    return False
 
 def next_layer(next_layer):
     """
@@ -6,14 +15,9 @@ def next_layer(next_layer):
     """
     if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
         server_address = next_layer.server_conn.address
-
-        if tls_strategy.should_intercept(server_address):
-            # We try to intercept.
-            # Monkey-Patch the layer to get feedback from the TLSLayer if interception worked.
-            next_layer.__class__ = TlsFeedback
-        else:
+        bubble_log("next_layer: examining server_address="+server_address+" with respect to next_layer="+repr(next_layer))
+        if should_passthru(next_layer, server_address):
             # We don't intercept - reply with a pass-through layer and add a "skipped" entry.
-            mitmproxy.ctx.log("TLS passthrough for %s" % repr(next_layer.server_conn.address), "info")
+            bubble_log("next_layer: TLS passthru for " + repr(next_layer.server_conn.address))
             next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
             next_layer.reply.send(next_layer_replacement)
-            tls_strategy.record_skipped(server_address)

automation/roles/mitmproxy/files/dns_spoofing.py

@@ -1,7 +1,10 @@
+#
+# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
+#
 import re
 import time
 import uuid
-from bubble_api import bubble_matchers, bubble_log, CTX_BUBBLE_MATCHERS, BUBBLE_URI_PREFIX, CTX_BUBBLE_ABORT, CTX_BUBBLE_REQUEST_ID, add_flow_ctx
+from bubble_api import bubble_matchers, bubble_log, CTX_BUBBLE_MATCHERS, BUBBLE_URI_PREFIX, CTX_BUBBLE_ABORT, CTX_BUBBLE_PASSTHRU, CTX_BUBBLE_REQUEST_ID, add_flow_ctx
 from bubble_config import bubble_host, bubble_host_alias
 
 # This regex extracts splits the host header into host and port.
@@ -89,7 +92,12 @@ class Rerouter:
         if sni or host_header:
             matcher_response = self.get_matchers(flow, sni or host_header)
             if matcher_response:
-                if 'decision' in matcher_response and matcher_response['decision'] is not None and matcher_response['decision'].startswith('abort_'):
+                if 'decision' in matcher_response and matcher_response['decision'] is not None and matcher_response['decision'].equals('passthru'):
+                    bubble_log('dns_spoofing.request: passthru response returned, passing thru and NOT performing TLS interception...')
+                    add_flow_ctx(flow, CTX_BUBBLE_PASSTHRU, True)
+                    return
+
+                elif 'decision' in matcher_response and matcher_response['decision'] is not None and matcher_response['decision'].startswith('abort_'):
                     bubble_log('dns_spoofing.request: found abort code: ' + str(matcher_response['decision']) + ', aborting')
                     if matcher_response['decision'] == 'abort_ok':
                         abort_code = 200

automation/roles/mitmproxy/files/install_cert.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 CERT="${1:?no cert provided}"
 TIMEOUT=${2:-0}
 

automation/roles/mitmproxy/files/mitmdump_monitor.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LOG=/tmp/bubble.mitmdump_monitor.log
 
 function die {

automation/roles/mitmproxy/files/reuse_bubble_mitm_certs.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 function die {
   echo 1>&2 "${1}"
   exit 1

automation/roles/mitmproxy/files/run_mitmdump.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 MITM_PORT=${1:?no port provided}
 cd /home/mitmproxy/mitmproxy && \
 ./dev.sh && . ./venv/bin/activate && \
@@ -18,5 +17,6 @@ mitmdump \
   --set stream_large_bodies=5m \
   --set keep_host_header \
   -s ./dns_spoofing.py \
+  -s ./bubble_passthru.py \
   -s ./bubble_modify.py \
   --mode transparent

automation/roles/mitmproxy/files/set_cert_name.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 MITM_DIR=${1:?no mitm dir specified}
 CERT_NAME=${2:?no cert name specified}
 

automation/roles/mitmproxy/tasks/main.yml

@@ -46,6 +46,7 @@
   with_items:
     - bubble_api.py
     - dns_spoofing.py
+    - bubble_passthru.py
     - bubble_modify.py
     - run_mitmdump.sh
 

automation/roles/nginx/files/certbot_renew.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 if [[ -d /home/mitmproxy ]] ; then
   service mitmproxy stop
 fi

automation/roles/nginx/files/init_certbot.sh

@@ -2,7 +2,6 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://bubblev.com/bubble-license/
 #
-
 LE_EMAIL="${1}"
 SERVER_NAME="${2}"
 SERVER_ALIAS="${3}"