Mitmproxy: Problem when filtering by host

Created on 26 Nov 2013  路  4Comments  路  Source: mitmproxy/mitmproxy

Hey guys,

I'm having a problem when I try to intercept connections filtering by host:

| Command | Intercepts? |
| --- | --- |
| google.com | NO |
| ~h "Host: google.com" | YES |
| ~h "Host: .*\.google\.com" | YES |
| ~d google.com | NO |
| ~d "google.com" | NO |

The NO cases, nothing happens. No request/response is intercepted. When I try filtering the header host I succeed.

I checked the code and I see that the ~d pattern tries to find the regex within the host, but it's not working for some reason:

class FDomain(_Rex):
    code = "d"
    help = "Domain"
    def __call__(self, f):
        return bool(re.search(self.expr, f.request.host, re.IGNORECASE))

Can you guys help me? Am I doing something wrong? It's really annoying have to filter by host everytime.

Thanks in advance

Most helpful comment

Hi there,

The issue here is that, due to the way transparent mode works, we don't have the destination host name. A connection comes in to mitmproxy, we use the native forwarding mechanism to resolve it to a remote IP, and then we forward the request. This is entirely unlike explicit proxy mode, where the client provides us with the expected remote hostname. When you turn on showhosts, we try to show you a good hostname indicator: most commonly the Host header in the HTTP request. This works mostly, but it might be equally valid to use various other heuristics, like the resolved domain.

What this means in practice is that the host match in transparent mode matches only against the IP address. If you want to match against the request host header (probably what you want), you have to do this explicitly. Have a look at the ~hq operator in the filter language.

Cheers,

Aldo

All 4 comments

@fjcaetano, here ~d google.com is working as intended with mitmproxy 0.9.2

Hi Fl谩vio,

to have a closer look on your problem, we need more details on your setup.
Are you running in regular, reverse or transparent mode?
Which OS are you on?
Which mitmproxy version are you using?

Thanks!
Max

Hey guys,

I'm trying to run mitmproxy 0.9.2 in transparent mode on a OSX Mavericks.

If there's any logs you may need, please ask.

BTW, I forgot to mention that if I disable showhosts and attempt to filter by the IP it works...

Hi there,

The issue here is that, due to the way transparent mode works, we don't have the destination host name. A connection comes in to mitmproxy, we use the native forwarding mechanism to resolve it to a remote IP, and then we forward the request. This is entirely unlike explicit proxy mode, where the client provides us with the expected remote hostname. When you turn on showhosts, we try to show you a good hostname indicator: most commonly the Host header in the HTTP request. This works mostly, but it might be equally valid to use various other heuristics, like the resolved domain.

What this means in practice is that the host match in transparent mode matches only against the IP address. If you want to match against the request host header (probably what you want), you have to do this explicitly. Have a look at the ~hq operator in the filter language.

Cheers,

Aldo

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mancubus77 picture mancubus77  路  3Comments

Dauth picture Dauth  路  3Comments

Ch1ngg picture Ch1ngg  路  3Comments

mhils picture mhils  路  4Comments

adforcetestuser1 picture adforcetestuser1  路  5Comments