Maintaining a Flag Between Response and Request (<- yep)


#1

Hi there! I’m using mitmdump with a custom script to ensure that a my requests always have a valid (custom) authentication header in the request. I’m using mitmdump as an upstream proxy in conjunction with Burp’s scanner so the requests that come through are automated. Essentially, I need maintain a couple of global variables between each request/response to indicate whether or not a particular header value is still valid. If a given response indicates that the session token is invalid, I would want to update a global flag to indicate that I need a new auth token. My next request would need to inspect that flag and perform the appropriate steps to grab a new auth token if needed, save it to another global var and reset the global “is valid” flag. That globally saved auth token would need to subsequently added/updated to the outbound request.

So in essence:

global vars: 
  isValidSess, authToken

response code:
  if response body/status/whatever indicates an invalid session then set isValidSess = false


request code
  if isValidSess == false, then 
     perform side task to get a new token
     save new auth token to authToken
     set isValidSess == true

  update outbound headers so that authToken is added to the request

What would be the best method to maintain session between the separate req/resp pairs? I’m saying “global variable”, but it’s only to get the idea across of what I’m looking to do…and I’m a bit new to python. :slight_smile:


#2

Hi @bede,

Take a look at for example https://github.com/mitmproxy/mitmproxy/blob/master/mitmproxy/addons/proxyauth.py#L52 - using an Addon class and defining a mapping for flow.id in there should work fine. If you only need to persist information for a single flow, you can use the flow.metadata dict.