bubblev
/
bubble
9
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 130 Wiki Activity
Browse Source

cache tls failures per-client

tags/v0.9.13
Jonathan Cobb 4 years ago
parent
ebe5463bab
commit
b5edd263bf
1 changed files with 14 additions and 9 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -9
      automation/roles/mitmproxy/files/bubble_passthru.py

+ 14
- 9
automation/roles/mitmproxy/files/bubble_passthru.py View File

@@ -37,19 +37,24 @@ REDIS = redis.Redis(host='127.0.0.1', port=6379, db=0)
TLS_FAILURE_HISTORY = {} TLS_FAILURE_HISTORY = {}




def passthru_cache_prefix(client_addr, server_addr):
return REDIS_PASSTHRU_PREFIX + client_addr + '_' + server_addr

class TlsFeedback(TlsLayer): class TlsFeedback(TlsLayer):
""" """
Monkey-patch _establish_tls_with_client to get feedback if TLS could be established Monkey-patch _establish_tls_with_client to get feedback if TLS could be established
successfully on the client connection (which may fail due to cert pinning). successfully on the client connection (which may fail due to cert pinning).
""" """
def _establish_tls_with_client(self): def _establish_tls_with_client(self):
server_address = self.server_conn.address
client_address = self.client_conn.address[0]
server_address = self.server_conn.address[0]
try: try:
super(TlsFeedback, self)._establish_tls_with_client() super(TlsFeedback, self)._establish_tls_with_client()
except TlsProtocolException as e: except TlsProtocolException as e:
bubble_log('_establish_tls_with_client: TLS error for '+repr(server_address[0])+', enabling passthru')
REDIS.delete(REDIS_PASSTHRU_PREFIX+server_address[0])
TLS_FAILURE_HISTORY[server_address[0]] = True
bubble_log('_establish_tls_with_client: TLS error for '+repr(server_address)+', enabling passthru')
cache_key = passthru_cache_prefix(client_address, server_address)
REDIS.delete(cache_key)
TLS_FAILURE_HISTORY[cache_key] = True
raise e raise e




@@ -68,12 +73,12 @@ def check_bubble_passthru(remote_addr, addr):


def should_passthru(remote_addr, addr): def should_passthru(remote_addr, addr):
bubble_log('should_passthru: examining addr='+repr(addr)) bubble_log('should_passthru: examining addr='+repr(addr))
if addr in TLS_FAILURE_HISTORY and TLS_FAILURE_HISTORY[addr]:
cache_key = passthru_cache_prefix(remote_addr, addr)
if cache_key in TLS_FAILURE_HISTORY and TLS_FAILURE_HISTORY[cache_key]:
bubble_log('should_passthru: previous failure, returning True') bubble_log('should_passthru: previous failure, returning True')
return True return True
else: else:
bubble_log('should_passthru: no failure (failures='+repr(TLS_FAILURE_HISTORY)+'), returning True') bubble_log('should_passthru: no failure (failures='+repr(TLS_FAILURE_HISTORY)+'), returning True')
cache_key = REDIS_PASSTHRU_PREFIX + addr
passthru_string = REDIS.get(cache_key) passthru_string = REDIS.get(cache_key)
if passthru_string is None or len(passthru_string) == 0: if passthru_string is None or len(passthru_string) == 0:
passthru = check_bubble_passthru(remote_addr, addr) passthru = check_bubble_passthru(remote_addr, addr)
@@ -88,9 +93,9 @@ def should_passthru(remote_addr, addr):


def next_layer(next_layer): def next_layer(next_layer):
if isinstance(next_layer, TlsLayer) and next_layer._client_tls: if isinstance(next_layer, TlsLayer) and next_layer._client_tls:
client_address = next_layer.client_conn.address
server_address = next_layer.server_conn.address
if should_passthru(client_address[0], server_address[0]):
client_address = next_layer.client_conn.address[0]
server_address = next_layer.server_conn.address[0]
if should_passthru(client_address, server_address):
bubble_log('next_layer: TLS passthru for ' + repr(next_layer.server_conn.address)) bubble_log('next_layer: TLS passthru for ' + repr(next_layer.server_conn.address))
next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True) next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
next_layer.reply.send(next_layer_replacement) next_layer.reply.send(next_layer_replacement)


Write Preview
Loading…
Cancel
Save