Reverse Mode: change request host, according to the SNI (HTTPS)


#1

Hi All,

I am trying to accept connections in Reverse mode, and set dynamic destination, according to the reverse URL being used.

The error message i am getting back from the proxy is: "Changing the Host server for HTTP/2 connections not allowed: mitmproxy.org:443"

I did see people doing similar things, while in transparent/proxy mode, and HTTP.

Can it be done with Reverse and HTTPS?

Thanks!!

Sampe code for reference
def request(flow: http.HTTPFlow) -> None:

    if flow.client_conn.ssl_established:
        sni = flow.client_conn.connection.get_servername().decode(encoding='UTF-8')

    if 'first.domain.tld' in sni:
        flow.request.host = 'www.first.com'

    elif 'second.domain.tld' in sni:
        flow.request.host = 'www.second.com'

Some versions information:
Mitmproxy version: 2.0.2 (release version)
Python version: 3.5.2
Platform: Linux-4.4.0-66-generic-x86_64-with-Ubuntu-16.04-xenial
SSL version: OpenSSL 1.0.2g 1 Mar 2016
Linux distro: Ubuntu 16.04 xenial


#2

Ok, actually spent couple of hours digging around this yesterday, with no luck
Just manged to get around it by adding " --no-http2" to mitmproxy on the command line

Will leave the post here for future reference, in case others will hit the same issue :slight_smile:

Thanks!


#3

Thanks for the detailed write-up! Changing hosts with HTTP/2 is on our TODO list (#8 on https://github.com/mitmproxy/mitmproxy/issues/1775), but this is going to be pretty tricky to implement and please don’t expect it anytime soon :slight_smile: . As you already mentioned, the workaround is to add --no-http2.

Cheers,
Max