@OOf>JdZddlmZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddl mZdd l mZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ddlm%Z%ddlm&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl+m-Z-dd l+m.Z.dd!l+m/Z/dd"l0m1Z1ejdd#krdd$l3m4Z4ndd$l m4Z4ejje6Z7 d+d%Z8Gd&d'e9Z:Gd(d)Z;d,d*Zzstack_match..Fs/ FH C7:fh77s#%)lenr allzip)contextr s r- stack_matchr3AsA 7>>c&k)  #GNNF ; ceZdZdZy) NeedsMoreDatazdSignal that the decision on which layer to put next needs to be deferred within the NextLayer addon.N)__name__ __module__ __qualname____doc__r4r-r6r6Lsnr4r6ceZdZUdZded<dZded<dZded<dZded<dZddZ dd Z dd Z e dd Z e dd Ze dd Ze ddZe ddZy) NextLayerr;zSequence[re.Pattern] ignore_hosts allow_hosts tcp_hosts udp_hostscd|vrOtjjDcgc]&}tj|tj (c}|_d|vrOtjj Dcgc]&}tj|tj (c}|_d|vsd|vrtjjDcgc]&}tj|tj (c}|_tjjDcgc]&}tj|tj (c}|_yycc}wcc}wcc}wcc}w)Nr@rAr?r>) roptionsr@recompile IGNORECASErAr>r?)selfupdatedxs r- configurezNextLayer.configureVs ' !69kk6K6K12 1bmm,DN ' !69kk6K6K12 1bmm,DN G #~'@69kk6N6N!12 1bmm,!D 7:kk6M6M 12 1bmm, D  (A! s+E4+E +E+Ec"|jry |j|j|j|j |_y#t $r7t jd|jjYywxYw)Nz+Deferring layer decision, not enough data: ) r _next_layerr2 data_client data_serverr6loggerinfohex)rG nextlayers r- next_layerzNextLayer.next_layergs~ ??  "..!!%%'%%'IO   KK=i>S>S>U>Y>Y>[=\]  s>A=B Bc|jsJfd}jjdk(}jjdk(}|j||r0|rtjdStj dS|t jr|j|S|t jt jfr|j|S|xr t|xs|xr t|}|rt}t|_|S|r(t#|rt%} t'| _| S|r1|j)|j*rtjS|r1|j)|j,rtj S|r5 t.j0j3|tj4S|rtj Sjj:t<v} | xr(t?|dkxs|ddjA xs|} tBjDjFr| rtjStjHtJjLS#t6j8$rYwxYw)Nct|Sr()r3)r r2s r-sz NextLayer._next_layer..szsw/ /r4tcpudpT)ignorer#)'r clienttransport_protocol_ignore_connectionrrr ReverseProxy_setup_reverse_proxy HttpProxyHttpUpstreamProxy_setup_explicit_http_proxyr r rr child_layer_starts_like_quicrr_is_destination_in_hostsr@rAr Messageunpackrstructerroralpnr r/isalpharrCrawtcprr transparent) rGr2rMrNrV tcp_based udp_basedis_tls_or_dtls server_tls server_quicvery_likely_httpprobably_no_https ` r-rLzNextLayer._next_layerusy~~~ 0NN55> NN55>   " "7K E5 __WT:  U   ,,WkB B eoou66 7 8227KH H  4&{3 55' 4  '0J%3G%K #  66wO??7+ + 66wO??7+ +  0 "";/w// ??7+ +">>..*<//  q  r?**,,   ;;  "2??7+ +)=)=>>'<<  s<J%%J;:J;ctjjstjjsyt |j j tjr|jjdk(ryg}|jjr/|jj^}}}|j|d||jjr|jj^}}}|j|d||j|||x}r.tjd|s|d|}|j||j!||x} r,| j"r |j| j"d||sytjjrt%d|D } | rytjjrt%d|D} | ryy)z Returns: True, if the connection should be ignored. False, if it should not be ignored. Raises: NeedsMoreData, if we need to wait for more input data. F)z 10.0.0.535:z:\d+$c3K|]H}tjjD])}tj||tj +Jywr()rrCr?rDsearchrFr*hostrexs r-r.z/NextLayer._ignore_connection..sH";;22" #tR]]3"3"AATc3K|]H}tjjD])}tj||tj +Jywr()rrCr>rDrxrFrys r-r.z/NextLayer._ignore_connection..sH;;33 #tR]]33r|)rrCr>r?r)rZ proxy_moder WireGuardModeserveraddresspeernameappend_get_host_headerrDrx_get_client_hellosniany) rGr2rMrN hostnamesrzport_ host_header client_hello not_allowedignoreds r-r\zNextLayer._ignore_connections{{'' 0G0G  NN % %z'?'? nn$$(99! >> " "$^^44ND$   vQtf- . >> ! !$^^33ND$   vQtf- . #33G[+VV{Vyy;7%0M4&"9K  - $ 6 6w LL L""  L$4$4#5Qtf!=> ;; " "!"%"K  ;; # #%G r4cl|jjdk7s|ry|jjtvxs%t j d|tj }|rSt jd|tj x}r&|jdx}r|jddSyty)z Try to read a host header from data_client. Returns: The host header value, or None, if no host header was found. Raises: NeedsMoreData, if the HTTP request is incomplete. rWNs[A-Z]{3,}.+HTTP/s\r\n(?:Host:\s+(.+?)\s*)?\r\nzutf-8surrogateescape) rZr[rirrDmatchrFrxgroupdecoder6)r2rMrNhost_header_expectedmrzs r-rzNextLayer._get_host_headers >> , , 5&~~22kA RXX +r}}F  II1; q771:%4%;;w0ABB##r4cd|jjxdk(r#t|r t|}|t|Sydk(r t |S t|jjy#t $rYywxYw#t $rYnwxYw t|}|t|S#t $rYywxYw)z Try to read a TLS/DTLS/QUIC ClientHello from data_client. Returns: A complete ClientHello, or None, if no ClientHello was found. Raises: NeedsMoreData, if the ClientHello is incomplete. rWNrX) rZr[r r!r6 ValueErrorrrr%)r2rMchs r-rzNextLayer._get_client_hello%snn//)+6"/ <:"//! 2;??W^^>>?/&  "0=Bz++I "  s5 A/ A>/ A;:A;> B  B  B## B/.B/cttj|jj}t j }|jxdk(r<t|r|t|z}|t|tjz}|d Sxdk(rJ|t|z}t|r|t|z}|t|tjz}|d Sxdk(r-t|r|t|z}|t|z}|d Sxdk(r;|t|z}t|r|t|z}|t|z}|d Sxdk(r-t|r|t|z}|t!|z}|d Sxdk(r;|t|z}t|r|t|z}|t!|z}|d Sxdk(r|t#|z}|d Sxdk(r?|t%|z}|t'|z}|t|tjz}|d Sd k(r/|t%|z}|t'|z}|t)|z}|d S t+|j|d S) NhttphttpsrWtlsrXdtlsr http3quicr)rr ReverseModerZr~r LayerStackschemer rrrrlrrr rrrrrr%)r2rMspecstacks r-r^zNextLayer._setup_reverse_proxyNswJ**GNN,E,EF!!#kk)+6^G44E7H,@,@AAdQxc00)+6^G44E7H,@,@AAZQxW)+6^G44E'**PQxO00)+6^G44E'**FQxC*;7^G44E'**<Qx;00*;7^G44E'**2Qx/'**Qx11117H,@,@AAQx1111g.. QxT[[)Qxr4ctj}|jjdk(r|t j |z}n#t |r|t j|z}t|jdtjr,|t j|tjz}|dS|t j|tjz}|dS)NrXr)rrrZr[r rr rr)rr`rrupstreamregular)r2rMrs r-raz$NextLayer._setup_explicit_http_proxys!!# >> , , 5 V++G4 4E #K 0 V**73 3E gnnQ')@)@ A V%%gx/@/@A AEQx V%%gx/?/?@ @EQxr4c,tfd|DS)Nc3K|]}jjxr(|jjjdxs=jjxr%|jjjyw)rN)rrrxrZr)r*r{r2s r-r.z5NextLayer._is_destination_in_hosts..ss ^^ # # M 7>>3I3I!3L(M G""Eszz'..2D2D'E G sB B )r)r2hostss` r-rdz"NextLayer._is_destination_in_hostss    r4N)rRzlayer.NextLayer)r2rrMbytesrNrreturnz Layer | None)r2rrMrrNrrz bool | None)r2rrMrrNrrz str | None)r2rrMrrzClientHello | None)r2rrMrrr)r2rrzIterable[re.Pattern]rbool)r7r8r9r>__annotations__r?r@rArJrSrLr\ staticmethodrrr^rardr;r4r-r=r=Ps)+L&+(*K%*&(I#(&(I#(" L?L?-2L?AFL? L?\>>> >  >@  B&@&@P::x    r4r=c: t|y#t$rYywxYw)NTF)rr)rMs r-rcrcs( , s  )r2rr z/Sequence[type[Layer] | tuple[type[Layer], ...]]rr)rMrrr)=r: __future__rloggingrDrgsyscollections.abcrrtypingrr mitmproxyrr mitmproxy.net.tlsr r mitmproxy.proxyr r rrmitmproxy.proxy.contextrmitmproxy.proxy.layerrmitmproxy.proxy.layersrrrrrrrrrrmitmproxy.proxy.layers.httprmitmproxy.proxy.layers.quicrmitmproxy.proxy.layers.tlsrrr r! mitmproxy.tlsr" version_infotyping_extensionsr% getLoggerr7rOr3 Exceptionr6r=rcr;r4r-rs"# $$54!"&"+'21+,(/21++0?>219%g.#   8 $ M oIoQ Q h r4