decathorpe / mitmproxy_wireguard Goto Github PK

It looks like the unmaintained actions-rs actions will be affected by the deprecation of old NodeJS 12 based actions:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/

The easiest solution is probably to run cargo commands directly, even if doing that means we'll lose commit and PR annotations :(

Looks like we're also using old versions of the actions/checkout action, but updating from actions/checkout@v2 actions/checkout@v3 should solve the problem there.

The same problem also seems to apply to actions/upload-artifact, actions/setup-python, and actions/download-artifact actions ... not sure if we can just bump to new versions, as for some actions, the way to pass them arguments has changed.

I'm running mitmdump inside Termux. While trying to update to the latest version, the mitmproxy-wireguard wheel failed to build locally:

~ $ pip install -U --upgrade-strategy eager mitmproxy
Requirement already satisfied: mitmproxy in /data/data/com.termux/files/usr/lib/python3.10/site-packages (8.1.1)
Collecting mitmproxy
  Using cached mitmproxy-9.0.0-py3-none-any.whl (1.6 MB)
Requirement already satisfied: wsproto<1.3,>=1.0 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (1.1.0)
Collecting wsproto<1.3,>=1.0
  Using cached wsproto-1.2.0-py3-none-any.whl (24 kB)
Requirement already satisfied: urwid<2.2,>=2.1.1 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (2.1.2)
Requirement already satisfied: pyperclip<1.9,>=1.6.0 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (1.8.2)
Collecting pyOpenSSL<22.2,>=22.1
  Using cached pyOpenSSL-22.1.0-py3-none-any.whl (57 kB)
Requirement already satisfied: msgpack<1.1.0,>=1.0.0 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (1.0.4)
Requirement already satisfied: asgiref<3.6,>=3.2.10 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (3.5.2)
Requirement already satisfied: flask<2.3,>=1.1.1 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (2.1.2)
Collecting flask<2.3,>=1.1.1
  Using cached Flask-2.2.2-py3-none-any.whl (101 kB)
Requirement already satisfied: hyperframe<7,>=6.0 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (6.0.1)
Requirement already satisfied: protobuf<5,>=3.14 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (4.21.2)
Collecting protobuf<5,>=3.14
  Using cached protobuf-4.21.9-py3-none-any.whl (291 kB)
Requirement already satisfied: pyparsing<3.1,>=2.4.2 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (3.0.9)
Requirement already satisfied: ruamel.yaml<0.18,>=0.16 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (0.17.21)
Requirement already satisfied: sortedcontainers<2.5,>=2.3 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (2.4.0)
Requirement already satisfied: passlib<1.8,>=1.6.5 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (1.7.4)
Requirement already satisfied: zstandard<0.19,>=0.11 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (0.18.0)
Collecting cryptography<38.1,>=38.0
  Using cached cryptography-38.0.1.tar.gz (599 kB)
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: h11<0.15,>=0.11 in /data/data/com.termux/files/usr/lib/python3.10/site-packages (from mitmproxy) (0.12.0)
Collecting h11<0.15,>=0.11
  Downloading h11-0.14.0-py3-none-any.whl (58 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 58.3/58.3 kB 852.4 kB/s eta 0:00:00
Collecting mitmproxy-wireguard<0.2,>=0.1.6
  Using cached mitmproxy_wireguard-0.1.14.tar.gz (25 kB)
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... error
  error: subprocess-exited-with-error
  
  × Preparing metadata (pyproject.toml) did not run successfully.
  │ exit code: 1
  ╰─> [12 lines of output]
      💥 maturin failed
        Caused by: Cargo metadata failed. Does your crate compile with `cargo build`?
        Caused by: `cargo metadata` exited with an error: error: failed to load manifest for workspace member `/data/data/com.termux/files/usr/tmp/pip-install-fyxt3ct_/mitmproxy-wireguard_05d31e8eb7024923b70ca8f0f700dfe5/test-client`
      
      Caused by:
        failed to read `/data/data/com.termux/files/usr/tmp/pip-install-fyxt3ct_/mitmproxy-wireguard_05d31e8eb7024923b70ca8f0f700dfe5/test-client/Cargo.toml`
      
      Caused by:
        No such file or directory (os error 2)
      Error running maturin: Command '['maturin', 'pep517', 'write-dist-info', '--metadata-directory', '/data/data/com.termux/files/usr/tmp/pip-modern-metadata-_vzn0zuw', '--interpreter', '/data/data/com.termux/files/usr/bin/python3']' returned non-zero exit status 1.
      Checking for Rust toolchain....
      Running `maturin pep517 write-dist-info --metadata-directory /data/data/com.termux/files/usr/tmp/pip-modern-metadata-_vzn0zuw --interpreter /data/data/com.termux/files/usr/bin/python3`
      [end of output]
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

[notice] A new release of pip available: 22.2.2 -> 22.3
[notice] To update, run: pip install --upgrade pip

My best guess would be that this happens because

Software versions:

~ $ rustc -Vv
rustc 1.64.0
binary: rustc
commit-hash: unknown
commit-date: unknown
host: aarch64-linux-android
release: 1.64.0
LLVM version: 15.0.1
~ $ python --version
Python 3.10.8
~ $ maturin --version
maturin 0.13.7

Hello!

Arch Linux currently packages python-mitmproxy-wireguard and python-mitmproxy-rs, but it seems only python-mitmproxy-rs is still needed by mitmproxy, and the other one (from this repository) has been replaced.

Is this correct? If so I would remove the -wireguard package :)

Thank you!

Would you consider patching the ring package locally for this Python package?
The upstream made no progress after a few months.

See also: briansmith/ring#1514 (comment)

The original packet destination address is required for implementing a "transparent mode" based on mitmproxy_wireguard. Its sockets are handled internally and not by the operating system, so it needs to expose this information in TcpStream instances.

Is there a way to configure mitmproxy's WireGuard Server with a custom certificate authority? I want to be able to install this custom CA certificate on my WireGuard client device and still have mitmproxy's WireGuard Server be able to read the SSL traffic

Thanks!

https://crates.io/crates/x25519-dalek has recently shipped v2.0.0-rc.2, which includes a breaking change over the previous v2.0.0-pre.1 release. This causes pip install --no-binary :all: mitmproxy-wireguard to fail (see mitmproxy/mitmproxy#6045). Things seem to work for mitmproxy_rs because the sdist there includes Cargo.lock (and that is somehow take into account I guess), but it fails for mitmproxy-wireguard. Can we ship a quick patch release including Cargo.lock? :)

Leaving the host empty defaults to binding to both 0.0.0.0 and ::1. However, rust's UDPSocket doesn't bind to both, it binds to the first successful.

Happens here: https://github.com/decathorpe/mitmproxy_wireguard/blob/main/src/server.rs#L125..L135
Documentation here: https://doc.rust-lang.org/std/net/struct.UdpSocket.html#method.bind

Best fix is probably to just support a single listen address, since multiple listen sockets opens another can of worms.

mitmproxy has its own asyncio.StreamReader/StreamWriter UDP analog wrapper implementation based on Python's asyncio module.

To integrate the UDP functionality from mitmproxy_wireguard into mitmproxy, a similar wrapper interface (UdpStream?) around the existing UDP functionality will be required.