From cf0be8b27a0204d88ba965d5a6ef4b490ce70f32 Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Sat, 29 Aug 2020 18:36:07 -0400
Subject: [PATCH] passthru non-blocked connections when security level is basic

---
 .../packer/roles/mitmproxy/files/bubble_conn_check.py       | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py
index ffa1e08b..09bccb51 100644
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py
@@ -265,6 +265,12 @@ def next_layer(next_layer):
             else:
                 next_layer.__class__ = TlsBlock
 
+        elif security_level['level'] == SEC_BASIC:
+            bubble_log('next_layer: check='+repr(check)+' but security_level='+repr(security_level)+', enabling passthru for server=' + server_addr+', fqdns='+str(fqdns))
+            bubble_activity_log(client_addr, server_addr, 'tls_passthru', fqdns)
+            next_layer_replacement = RawTCPLayer(next_layer.ctx, ignore=True)
+            next_layer.reply.send(next_layer_replacement)
+
         else:
             bubble_log('next_layer: disabling passthru (with TlsFeedback) for client_addr='+client_addr+', server_addr='+server_addr+', fqdns='+str(fqdns))
             bubble_activity_log(client_addr, server_addr, 'tls_intercept', fqdns)