-
Hello, I do some filtering in the server_connect method for which I use the FQDN coming in on the address field: https://docs.mitmproxy.org/stable/api/mitmproxy/connection.html#Server.address - The documentation states: "The server's (host, port) address tuple. The host can either be a domain or a plain IP address." (emphasis mine) I am wondering under what conditions it will be a domain or IP address? For the following setup: When running with defaults: ./mitmdump --mode 'regular@6077' and issuing The address host in def server_connect is a fully qualified domain name. When running the same requests using wireguard: the Server address host is an ip address. I am wondering if this a known condition perhaps inherent in using wireguard? Is there another way I could obtain the FQDN in the server_connect step (before the connection is made through mitmproxy http layer)? When I review the default logging when running in wireguard mode I see the dns query value. Is there any way to propagate the dns query domain to server_connect? Or is there another day to obtain the FQDN or even the domain in server_connect? [20:47:01.592][10.0.0.121:59293] client connect Thanks for this amazing tool. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Does #6352 answer that question? Let me know if it can be made more clear.
Try setting https://docs.mitmproxy.org/stable/concepts-options/#connection_strategy to lazy. For TLS connections, this should give you the SNI. For HTTP, you can also return a response in the request hook before anything hits the server. You may also want to check if the
From mitmproxy's point of view those two (DNS and TCP) are independent connections. You could do this manually with an addon that stores IP address -> domain mappings, but if possible I'd go for setting |
Beta Was this translation helpful? Give feedback.
-
I wanted to follow up after having done some additional testing. My use case was to obtain the hostname and use it in the event lifecycle before Http Events in wireguard mode. In regular mode the hostname is available in Connection Events but in wireguard mode the hostname is an ip address. As mitmproxy can do things like ignore_hosts based on domain name even in wireguard mode I was looking for where it obtains that information at the earlier lifecycle events. Initially I was looking at the documentation and put the following code in the Connection Events such as:
But the sni was always None at this stage of the lifecycle. In next_layer.py the sni is obtained here:
|
Beta Was this translation helpful? Give feedback.
Does #6352 answer that question? Let me know if it can be made more clear.
Try setting https://docs.mitmproxy.org/stable/concepts-options/#connection_strategy to lazy. For TLS connections, this should give you the SNI. For HTTP, you can also return a response in the request hook before anything hits the server.
You may also want to check if the
allow_hosts
/ignore_hosts
options already do what you want to achieve.