1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
"""Functions to download, install, setup, and use the mitmproxy playback tool"""
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import sys
import mozinfo
from mozproxy.backends.mitm.mitm import Mitmproxy
from mozproxy.utils import LOG
# to install mitmproxy certificate into Firefox and turn on/off proxy
POLICIES_CONTENT_ON = """{
"policies": {
"Certificates": {
"Install": ["%(cert)s"]
},
"Proxy": {
"Mode": "manual",
"HTTPProxy": "%(host)s:%(port)d",
"SSLProxy": "%(host)s:%(port)d",
"Passthrough": "%(host)s",
"Locked": true
}
}
}"""
POLICIES_CONTENT_OFF = """{
"policies": {
"Proxy": {
"Mode": "none",
"Locked": false
}
}
}"""
# path for mitmproxy certificate, generated auto after mitmdump is started
# on local machine it is 'HOME', however it is different on production machines
try:
DEFAULT_CERT_PATH = os.path.join(
os.getenv("HOME"), ".mitmproxy", "mitmproxy-ca-cert.cer"
)
except Exception:
DEFAULT_CERT_PATH = os.path.join(
os.getenv("HOMEDRIVE"),
os.getenv("HOMEPATH"),
".mitmproxy",
"mitmproxy-ca-cert.cer",
)
# On Windows, deal with mozilla-build having forward slashes in $HOME:
if os.name == "nt" and "/" in DEFAULT_CERT_PATH:
DEFAULT_CERT_PATH = DEFAULT_CERT_PATH.replace("/", "\\")
class MitmproxyDesktop(Mitmproxy):
def setup(self):
"""
Installs certificates.
For Firefox we need to install the generated mitmproxy CA cert. For
Chromium this is not necessary as it will be started with the
--ignore-certificate-errors cmd line arg.
"""
if not self.config["app"] == "firefox":
return
# install the generated CA certificate into Firefox desktop
self.install_mitmproxy_cert(self.browser_path)
def install_mitmproxy_cert(self, browser_path):
"""Install the CA certificate generated by mitmproxy, into Firefox
1. Create a dir called 'distribution' in the same directory as the Firefox executable
2. Create the policies.json file inside that folder; which points to the certificate
location, and turns on the the browser proxy settings
"""
LOG.info("Installing mitmproxy CA certificate into Firefox")
# browser_path is the exe, we want the folder
self.policies_dir = os.path.dirname(browser_path)
# on macosx we need to remove the last folders 'MacOS'
# and the policies json needs to go in ../Content/Resources/
if "mac" in self.config["platform"]:
self.policies_dir = os.path.join(self.policies_dir[:-6], "Resources")
# for all platforms the policies json goes in a 'distribution' dir
self.policies_dir = os.path.join(self.policies_dir, "distribution")
self.cert_path = DEFAULT_CERT_PATH
# for windows only
if mozinfo.os == "win":
self.cert_path = self.cert_path.replace("\\", "\\\\")
if not os.path.exists(self.policies_dir):
LOG.info("creating folder: %s" % self.policies_dir)
os.makedirs(self.policies_dir)
else:
LOG.info("folder already exists: %s" % self.policies_dir)
self.write_policies_json(
self.policies_dir,
policies_content=POLICIES_CONTENT_ON
% {"cert": self.cert_path, "host": self.host, "port": self.port},
)
# cannot continue if failed to add CA cert to Firefox, need to check
if not self.is_mitmproxy_cert_installed():
LOG.error(
"Aborting: failed to install mitmproxy CA cert into Firefox desktop"
)
self.stop_mitmproxy_playback()
sys.exit()
def write_policies_json(self, location, policies_content):
policies_file = os.path.join(location, "policies.json")
LOG.info("writing: %s" % policies_file)
with open(policies_file, "w") as fd:
fd.write(policies_content)
def read_policies_json(self, location):
policies_file = os.path.join(location, "policies.json")
LOG.info("reading: %s" % policies_file)
with open(policies_file, "r") as fd:
return fd.read()
def is_mitmproxy_cert_installed(self):
"""Verify mitmxproy CA cert was added to Firefox"""
try:
# read autoconfig file, confirm mitmproxy cert is in there
contents = self.read_policies_json(self.policies_dir)
LOG.info("Firefox policies file contents:")
LOG.info(contents)
if (
POLICIES_CONTENT_ON
% {"cert": self.cert_path, "host": self.host, "port": self.port}
) in contents:
LOG.info("Verified mitmproxy CA certificate is installed in Firefox")
else:
return False
except Exception as e:
LOG.info("failed to read Firefox policies file, exeption: %s" % e)
return False
return True
def stop(self):
LOG.info("MitmproxyDesktop stop!!")
super(MitmproxyDesktop, self).stop()
self.turn_off_browser_proxy()
def turn_off_browser_proxy(self):
"""Turn off the browser proxy that was used for mitmproxy playback. In Firefox
we need to change the autoconfig files to revert the proxy; for Chromium the proxy
was setup on the cmd line, so nothing is required here."""
if self.config["app"] == "firefox" and self.policies_dir is not None:
LOG.info("Turning off the browser proxy")
self.write_policies_json(
self.policies_dir, policies_content=POLICIES_CONTENT_OFF
)
|
