传输层透明拦截代理。
transmitm的Python项目详细描述
传输
transmitm
是一个基于Twisted的Python模块,在传输级别提供透明的拦截代理。在
最新版本支持的传输:
- TCP协议
- UDP协议
安装
transmitm
需要3.5
最低版本的Python
pip install transmitm
操作
透明代理需要使用第三方实用程序(如iptables
或nftables
)将流量重定向到应用程序。在
iptables
将目标服务器端口80的TCP流量重定向到代理端口8080的示例
transmitm
使用抽头的概念。Tap
是一个类,其实例从转换包接收传输sdu(服务数据单元),并对其执行某种操作;多个抽头被链接起来。在
Taps连接到Proxy
对象(TCPProxy
,UDPProxy
),这些对象处理来自客户端和服务器的两个手臂上的包。在
Dispatcher
类包含一个代理实例列表;它不能被实例化。在
+---------------------------------------------+
| proxy |
| +--------+ +--------+ +-------+ |
| | | | | | | |
SDU | | | | | | |
client ------>-----+ tap 1 +---> tap 2 |...| tap n +---------> server
| | | | | | | |
| | | | | | | |
| +--------+ +--------+ +-------+ |
+---------------------------------------------+
gateway
用法/API
下面的脚本演示了模块的API
#!/usr/bin/env python3fromtransmitmimportTap,Dispatcher,TCPProxy,UDPProxy# Define Tap classes that handle data (SDUs)# At minimum, they must implement the 'handle' method# The returned value gets passed to the next tap in chainclassPktLogger(Tap):"""Prints packet size to stdout """defhandle(self,data,ip_tuple):"""Not altering data parameter causes returning the same object reference"""peer,proxy=ip_tupleprint(f"Got {len(data)} bytes from {peer} on {proxy}")returndataclassMangler(Tap):"""Do a search and replace in packet bytes """def__init__(self,search,replace):self.search=searchself.replace=replacedefhandle(self,data,ip_tuple):returndata.replace(self.search,self.replace)# Create proxy instances# A Proxy object requires at least a destination server's IP and port number# Listen on TCP 8081 and forward to 127.0.0.1:8080tcp_proxy_8080=TCPProxy("127.0.0.1",8080,bind_port=8081)# Bind port may be omitted for getting a random one# You can also specify a bind interface; by default all proxies are bind to localhostudp_proxy_53=UDPProxy("1.1.1.1",53,bind_port=53)# The proxy can be used as a connector between IPv4 and IPv6 endpointsudp_proxy_rnd=UDPProxy("1.1.1.1",53,interface='::0')# Create tap instances that will process packetslogger=PktLogger()path_mangler=Mangler(search=b'/api',replace=b'/forbidden')# Attach taps instances to the proxies# The order in which the taps are added defines the tap chainingtcp_proxy_8080.add_tap(path_mangler)tcp_proxy_8080.add_tap(logger)# Just logging for DNS packetsudp_proxy_53.add_tap(logger)# When registering multiple proxies make sure you add those with a specified# bind_port first, to avoid collision with randomly assigned onesDispatcher.add_proxies([tcp_proxy_8080,udp_proxy_53,udp_proxy_rnd])# If not provided, bind port is randomly assigned and can be retrieved# after adding the proxy to the Dispatcherprint("Registered proxies:")forproxyinDispatcher.proxies:print(proxy.__class__.__name__,proxy.interface,proxy.bind_port,'->',proxy.server_ip,proxy.server_port)# Blocking method, should be called lastDispatcher.run()
托多
- 添加UNIX域套接字支持
- 添加数据包路由功能
错误报告
- 打开新问题
- 解释预期行为与实际行为
- 添加重现该问题的代码段
贡献
此项目在开发期间使用poetry进行包管理。开发依赖项需要一个>=3.7
版本的Python。要获得工作环境,请使用以下命令
# Install poetry pip install poetry # or...# curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python# Install module's development dependencies poetry install --no-root # Check the setup by running the test pytest
- 分拆回购
- 检查功能或错误分支
- 添加您的更改
- 添加测试用例
- 需要时更新自述文件
- 确保测试通过
- 向上游回购提交拉单请求
- 添加更改说明
- 确保分支可合并
MIT许可证,2020@tim17d
- 项目
标签: