PyPI - pypproxy - Versions diffs - 0.1.0__py3-none-any.whl - Mend

pypproxy 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

pypproxy/__init__.py +0 -0
pypproxy/api/__init__.py +0 -0
pypproxy/api/server.py +427 -0
pypproxy/bulk/__init__.py +0 -0
pypproxy/bulk/sender.py +97 -0
pypproxy/cert/__init__.py +0 -0
pypproxy/cert/ca.py +144 -0
pypproxy/cert/client_cert.py +65 -0
pypproxy/codec.py +176 -0
pypproxy/config/__init__.py +0 -0
pypproxy/config/config.py +106 -0
pypproxy/dns/__init__.py +0 -0
pypproxy/dns/server.py +149 -0
pypproxy/exporter/__init__.py +0 -0
pypproxy/exporter/exporter.py +122 -0
pypproxy/exporter/importer.py +169 -0
pypproxy/graphql/__init__.py +0 -0
pypproxy/graphql/detector.py +76 -0
pypproxy/graphql/introspection.py +217 -0
pypproxy/graphql/modifier.py +98 -0
pypproxy/graphql/schema_store.py +33 -0
pypproxy/intercept/__init__.py +0 -0
pypproxy/intercept/manager.py +142 -0
pypproxy/interceptor/__init__.py +0 -0
pypproxy/interceptor/interceptor.py +172 -0
pypproxy/proto/__init__.py +0 -0
pypproxy/proto/grpc.py +48 -0
pypproxy/proto/mqtt.py +119 -0
pypproxy/proto/ws.py +120 -0
pypproxy/proto/ws_intercept.py +117 -0
pypproxy/proxy/__init__.py +0 -0
pypproxy/proxy/proxy.py +407 -0
pypproxy/replay/__init__.py +0 -0
pypproxy/replay/replay.py +77 -0
pypproxy/rule/__init__.py +0 -0
pypproxy/rule/rule.py +198 -0
pypproxy/scan/__init__.py +0 -0
pypproxy/scan/scanner.py +296 -0
pypproxy/script/__init__.py +0 -0
pypproxy/script/engine.py +49 -0
pypproxy/security/__init__.py +0 -0
pypproxy/security/header_checker.py +308 -0
pypproxy/security/int_overflow.py +193 -0
pypproxy/security/jwt_checker.py +273 -0
pypproxy/security/plugin.py +152 -0
pypproxy/security/randomness.py +165 -0
pypproxy/store/__init__.py +0 -0
pypproxy/store/db.py +189 -0
pypproxy/store/filter_parser.py +181 -0
pypproxy/store/fts.py +105 -0
pypproxy/store/models.py +81 -0
pypproxy/store/scope.py +63 -0
pypproxy/store/store.py +120 -0
pypproxy/ui/__init__.py +0 -0
pypproxy/ui/app.py +386 -0
pypproxy/ui/bulk_sender_ui.py +125 -0
pypproxy/ui/cui.py +162 -0
pypproxy/ui/detail.py +179 -0
pypproxy/ui/diff_view.py +118 -0
pypproxy/ui/graphql_tab.py +265 -0
pypproxy/ui/import_tab.py +136 -0
pypproxy/ui/intercept_dialog.py +74 -0
pypproxy/ui/resender.py +140 -0
pypproxy/ui/scan_tab.py +98 -0
pypproxy/ui/security_tab.py +356 -0
pypproxy/ui/settings.py +413 -0
pypproxy/ui/theme.py +59 -0
pypproxy-0.1.0.dist-info/METADATA +19 -0
pypproxy-0.1.0.dist-info/RECORD +72 -0
pypproxy-0.1.0.dist-info/WHEEL +4 -0
pypproxy-0.1.0.dist-info/entry_points.txt +2 -0
pypproxy-0.1.0.dist-info/licenses/LICENSE +21 -0

pypproxy/intercept/manager.py ADDED Viewed

@@ -0,0 +1,142 @@
+from __future__ import annotations
+import asyncio
+import logging
+from dataclasses import dataclass, field
+logger = logging.getLogger(__name__)
+@dataclass
+class PendingRequest:
+    id: int
+    method: str
+    scheme: str
+    host: str
+    path: str
+    headers: dict[str, list[str]]
+    body: bytes
+    # modified versions (user edits)
+    edited_headers: dict[str, list[str]] = field(default_factory=dict)
+    edited_body: bytes = b""
+    _event: asyncio.Event = field(default_factory=asyncio.Event, repr=False)
+    _decision: str = "forward"  # forward | drop
+    def to_dict(self) -> dict:
+        import base64
+        return {
+            "id": self.id,
+            "method": self.method,
+            "scheme": self.scheme,
+            "host": self.host,
+            "path": self.path,
+            "headers": self.headers,
+            "body": base64.b64encode(self.body).decode() if self.body else "",
+        }
+class InterceptManager:
+    """Controls whether requests are paused for manual review."""
+    def __init__(self) -> None:
+        self._enabled = False
+        self._pending: dict[int, PendingRequest] = {}
+        self._counter = 0
+        self._lock = asyncio.Lock()
+        self._subscribers: list[asyncio.Queue] = []
+    @property
+    def enabled(self) -> bool:
+        return self._enabled
+    def set_enabled(self, value: bool) -> None:
+        self._enabled = value
+        if not value:
+            # release all pending requests
+            for req in list(self._pending.values()):
+                req._decision = "forward"
+                req._event.set()
+    async def intercept(
+        self,
+        method: str,
+        scheme: str,
+        host: str,
+        path: str,
+        headers: dict[str, list[str]],
+        body: bytes,
+    ) -> tuple[dict[str, list[str]], bytes, bool]:
+        """Pause the request for manual review.
+        Returns (headers, body, drop) where drop=True means the request should be blocked.
+        If interception is disabled, returns immediately with original values.
+        """
+        if not self._enabled:
+            return headers, body, False
+        async with self._lock:
+            self._counter += 1
+            req_id = self._counter
+        req = PendingRequest(
+            id=req_id,
+            method=method,
+            scheme=scheme,
+            host=host,
+            path=path,
+            headers=dict(headers),
+            body=body,
+            edited_headers=dict(headers),
+            edited_body=body,
+        )
+        async with self._lock:
+            self._pending[req_id] = req
+        self._notify(req)
+        logger.debug("intercept: waiting for decision on %s %s%s", method, host, path)
+        await req._event.wait()
+        async with self._lock:
+            self._pending.pop(req_id, None)
+        drop = req._decision == "drop"
+        return req.edited_headers, req.edited_body, drop
+    def forward(self, req_id: int, headers: dict | None = None, body: bytes | None = None) -> None:
+        req = self._pending.get(req_id)
+        if req:
+            if headers is not None:
+                req.edited_headers = headers
+            if body is not None:
+                req.edited_body = body
+            req._decision = "forward"
+            req._event.set()
+    def drop(self, req_id: int) -> None:
+        req = self._pending.get(req_id)
+        if req:
+            req._decision = "drop"
+            req._event.set()
+    def list_pending(self) -> list[PendingRequest]:
+        return list(self._pending.values())
+    def subscribe(self) -> asyncio.Queue:
+        q: asyncio.Queue = asyncio.Queue(maxsize=64)
+        self._subscribers.append(q)
+        return q
+    def unsubscribe(self, q: asyncio.Queue) -> None:
+        import contextlib
+        with contextlib.suppress(ValueError):
+            self._subscribers.remove(q)
+    def _notify(self, req: PendingRequest) -> None:
+        import contextlib
+        for q in self._subscribers:
+            with contextlib.suppress(asyncio.QueueFull):
+                q.put_nowait(req)

pypproxy/interceptor/__init__.py ADDED Viewed

File without changes

pypproxy/interceptor/interceptor.py ADDED Viewed

@@ -0,0 +1,172 @@
+from __future__ import annotations
+import time
+from pypproxy.rule.rule import Action, MatchContext, Modification, RuleManager
+from pypproxy.store.models import Entry
+from pypproxy.store.scope import ScopeManager
+from pypproxy.store.store import Store
+class Interceptor:
+    def __init__(
+        self,
+        rules: RuleManager,
+        store: Store,
+        scope: ScopeManager | None = None,
+    ) -> None:
+        self._rules = rules
+        self._store = store
+        self._scope = scope
+    def process_request(
+        self,
+        method: str,
+        scheme: str,
+        host: str,
+        path: str,
+        query: str,
+        headers: dict[str, list[str]],
+        body: bytes,
+    ) -> tuple[Entry, bool]:
+        # Scope check — skip recording if host is out of scope
+        if self._scope and not self._scope.is_in_scope(host):
+            entry = Entry(
+                method=method,
+                scheme=scheme,
+                host=host,
+                path=path,
+                query=query,
+                req_headers=dict(headers),
+                req_body=body,
+                protocol=scheme,
+            )
+            return entry, False  # pass through without recording
+        entry = Entry(
+            method=method,
+            scheme=scheme,
+            host=host,
+            path=path,
+            query=query,
+            req_headers=dict(headers),
+            req_body=body,
+            protocol=scheme,
+        )
+        # GraphQL detection
+        from pypproxy.graphql.detector import (
+            extract_operation_name,
+            extract_operation_type,
+            is_graphql,
+            parse_operation,
+        )
+        if is_graphql(entry):
+            op = parse_operation(body)
+            entry.graphql_op_type = extract_operation_type(op["query"])
+            entry.graphql_operation = extract_operation_name(op["query"]) or op.get(
+                "operationName", ""
+            )
+            entry.tags.append("graphql")
+            entry.protocol = "graphql"
+        ctx = MatchContext(
+            method=method,
+            host=host,
+            path=path,
+            headers=headers,
+            body=body,
+        )
+        rule = self._rules.match(ctx)
+        blocked = False
+        if rule:
+            if rule.action == Action.BLOCK:
+                entry.tags.append("blocked")
+                blocked = True
+            elif rule.action == Action.MODIFY:
+                headers, body = _apply_request_mods(headers, body, rule.modifications)
+                entry.req_headers = dict(headers)
+                entry.req_body = body
+                entry.modified = True
+            elif rule.action == Action.REDIRECT:
+                entry.tags.append("redirected")
+        self._store.add(entry)
+        return entry, blocked
+    def process_response(
+        self,
+        entry: Entry,
+        status_code: int,
+        headers: dict[str, list[str]],
+        body: bytes,
+        start_time: float,
+    ) -> tuple[dict[str, list[str]], bytes]:
+        entry.status_code = status_code
+        entry.resp_headers = dict(headers)
+        entry.resp_body = body
+        entry.duration_ms = int((time.monotonic() - start_time) * 1000)
+        ctx = MatchContext(
+            method=entry.method,
+            host=entry.host,
+            path=entry.path,
+            headers=headers,
+            body=body,
+        )
+        rule = self._rules.match(ctx)
+        if rule and rule.action == Action.MODIFY:
+            headers, body = _apply_response_mods(headers, body, rule.modifications)
+            entry.resp_headers = dict(headers)
+            entry.resp_body = body
+            entry.modified = True
+        self._store.update(entry)
+        return headers, body
+def _apply_request_mods(
+    headers: dict[str, list[str]],
+    body: bytes,
+    mods: list[Modification],
+) -> tuple[dict[str, list[str]], bytes]:
+    headers = dict(headers)
+    for m in mods:
+        if m.target == "req_header":
+            headers = _apply_header_mod(headers, m)
+        elif m.target == "req_body" and m.operation == "replace":
+            body = m.value.encode()
+    return headers, body
+def _apply_response_mods(
+    headers: dict[str, list[str]],
+    body: bytes,
+    mods: list[Modification],
+) -> tuple[dict[str, list[str]], bytes]:
+    headers = dict(headers)
+    for m in mods:
+        if m.target == "resp_header":
+            headers = _apply_header_mod(headers, m)
+        elif m.target == "resp_body":
+            if m.operation == "replace":
+                body = m.value.encode()
+            elif m.operation == "find_replace":
+                body = body.replace(m.find.encode(), m.replace.encode())
+    return headers, body
+def _apply_header_mod(headers: dict[str, list[str]], m: Modification) -> dict[str, list[str]]:
+    h = {k.lower(): v for k, v in headers.items()}
+    key = m.key.lower()
+    if m.operation == "set":
+        h[key] = [m.value]
+    elif m.operation == "delete":
+        h.pop(key, None)
+    elif m.operation == "append":
+        h.setdefault(key, []).append(m.value)
+    return h

pypproxy/proto/__init__.py ADDED Viewed

File without changes

pypproxy/proto/grpc.py ADDED Viewed

@@ -0,0 +1,48 @@
+from __future__ import annotations
+import logging
+import struct
+from typing import NamedTuple
+logger = logging.getLogger(__name__)
+class GrpcFrame(NamedTuple):
+    compressed: bool
+    data: bytes
+def is_grpc(headers: dict) -> bool:
+    ct = headers.get("content-type", [""])[0]
+    return ct.startswith("application/grpc")
+def decode_frames(data: bytes) -> list[GrpcFrame]:
+    frames: list[GrpcFrame] = []
+    offset = 0
+    while offset + 5 <= len(data):
+        compressed = bool(data[offset])
+        length = struct.unpack_from(">I", data, offset + 1)[0]
+        offset += 5
+        if offset + length > len(data):
+            break
+        frames.append(GrpcFrame(compressed=compressed, data=data[offset : offset + length]))
+        offset += length
+    return frames
+def encode_frame(frame: GrpcFrame) -> bytes:
+    header = struct.pack(">BI", int(frame.compressed), len(frame.data))
+    return header + frame.data
+def log_frames(entry_id: int, direction: str, data: bytes) -> None:
+    for i, frame in enumerate(decode_frames(data)):
+        logger.debug(
+            "grpc frame entry=%d dir=%s index=%d compressed=%s len=%d",
+            entry_id,
+            direction,
+            i,
+            frame.compressed,
+            len(frame.data),
+        )

pypproxy/proto/mqtt.py ADDED Viewed

@@ -0,0 +1,119 @@
+from __future__ import annotations
+import logging
+import struct
+from typing import NamedTuple
+logger = logging.getLogger(__name__)
+PACKET_TYPES = {
+    1: "CONNECT",
+    2: "CONNACK",
+    3: "PUBLISH",
+    4: "PUBACK",
+    5: "PUBREC",
+    6: "PUBREL",
+    7: "PUBCOMP",
+    8: "SUBSCRIBE",
+    9: "SUBACK",
+    10: "UNSUBSCRIBE",
+    11: "UNSUBACK",
+    12: "PINGREQ",
+    13: "PINGRESP",
+    14: "DISCONNECT",
+}
+class MQTTFrame(NamedTuple):
+    packet_type: int
+    packet_name: str
+    flags: int
+    payload: bytes
+    topic: str
+    qos: int
+def is_mqtt(data: bytes) -> bool:
+    """Heuristic: check if data looks like an MQTT CONNECT packet."""
+    if len(data) < 10:
+        return False
+    packet_type = (data[0] >> 4) & 0x0F
+    if packet_type != 1:
+        return False
+    try:
+        proto_len = struct.unpack_from(">H", data, 2)[0]
+        proto_name = data[4 : 4 + proto_len]
+        return proto_name in (b"MQTT", b"MQIsdp")
+    except Exception:
+        return False
+def decode_frames(data: bytes) -> list[MQTTFrame]:
+    frames: list[MQTTFrame] = []
+    offset = 0
+    while offset < len(data):
+        result = _read_frame(data, offset)
+        if result is None:
+            break
+        f, consumed = result
+        frames.append(f)
+        offset += consumed
+    return frames
+def _read_frame(data: bytes, offset: int) -> tuple[MQTTFrame, int] | None:
+    if offset >= len(data):
+        return None
+    byte0 = data[offset]
+    packet_type = (byte0 >> 4) & 0x0F
+    flags = byte0 & 0x0F
+    offset += 1
+    remaining_length = 0
+    multiplier = 1
+    len_bytes = 0
+    for _ in range(4):
+        if offset >= len(data):
+            return None
+        b = data[offset]
+        offset += 1
+        len_bytes += 1
+        remaining_length += (b & 0x7F) * multiplier
+        multiplier *= 128
+        if not (b & 0x80):
+            break
+    if offset + remaining_length > len(data):
+        return None
+    payload = data[offset : offset + remaining_length]
+    consumed = 1 + len_bytes + remaining_length
+    topic = ""
+    qos = (flags >> 1) & 0x03
+    if packet_type == 3 and len(payload) >= 2:
+        topic_len = struct.unpack_from(">H", payload, 0)[0]
+        if 2 + topic_len <= len(payload):
+            topic = payload[2 : 2 + topic_len].decode(errors="replace")
+    return MQTTFrame(
+        packet_type=packet_type,
+        packet_name=PACKET_TYPES.get(packet_type, f"UNKNOWN({packet_type})"),
+        flags=flags,
+        payload=payload,
+        topic=topic,
+        qos=qos,
+    ), consumed
+def log_frames(entry_id: int, direction: str, data: bytes) -> None:
+    for frame in decode_frames(data):
+        logger.debug(
+            "mqtt frame entry=%d dir=%s type=%s topic=%r qos=%d len=%d",
+            entry_id,
+            direction,
+            frame.packet_name,
+            frame.topic,
+            frame.qos,
+            len(frame.payload),
+        )

pypproxy/proto/ws.py ADDED Viewed

@@ -0,0 +1,120 @@
+from __future__ import annotations
+import asyncio
+import logging
+import struct
+from pypproxy.store.models import Entry
+from pypproxy.store.store import Store
+logger = logging.getLogger(__name__)
+OPCODE_TEXT = 0x1
+OPCODE_BINARY = 0x2
+OPCODE_CLOSE = 0x8
+OPCODE_PING = 0x9
+OPCODE_PONG = 0xA
+def is_upgrade(headers: dict) -> bool:
+    upgrade = headers.get("upgrade", [""])[0].lower()
+    return upgrade == "websocket"
+async def relay_frames(
+    client_reader: asyncio.StreamReader,
+    client_writer: asyncio.StreamWriter,
+    server_reader: asyncio.StreamReader,
+    server_writer: asyncio.StreamWriter,
+    entry: Entry,
+    store: Store,
+) -> None:
+    async def _relay(
+        src_r: asyncio.StreamReader,
+        dst_w: asyncio.StreamWriter,
+        direction: str,
+    ) -> None:
+        try:
+            while True:
+                frame = await read_frame(src_r)
+                if frame is None:
+                    break
+                fin, opcode, payload = frame
+                log_frame(entry.id, direction, opcode, payload)
+                await write_frame(dst_w, fin, opcode, payload, mask=False)
+                if opcode == OPCODE_CLOSE:
+                    break
+        except (asyncio.IncompleteReadError, ConnectionResetError):
+            pass
+    await asyncio.gather(
+        _relay(client_reader, server_writer, "client"),
+        _relay(server_reader, client_writer, "server"),
+    )
+async def read_frame(
+    reader: asyncio.StreamReader,
+) -> tuple[bool, int, bytes] | None:
+    try:
+        header = await reader.readexactly(2)
+    except asyncio.IncompleteReadError:
+        return None
+    fin = bool(header[0] & 0x80)
+    opcode = header[0] & 0x0F
+    masked = bool(header[1] & 0x80)
+    payload_len = header[1] & 0x7F
+    if payload_len == 126:
+        ext = await reader.readexactly(2)
+        payload_len = struct.unpack(">H", ext)[0]
+    elif payload_len == 127:
+        ext = await reader.readexactly(8)
+        payload_len = struct.unpack(">Q", ext)[0]
+    mask_key = b""
+    if masked:
+        mask_key = await reader.readexactly(4)
+    payload = await reader.readexactly(payload_len)
+    if masked:
+        payload = bytes(b ^ mask_key[i % 4] for i, b in enumerate(payload))
+    return fin, opcode, payload
+async def write_frame(
+    writer: asyncio.StreamWriter,
+    fin: bool,
+    opcode: int,
+    payload: bytes,
+    mask: bool = False,
+) -> None:
+    b0 = (0x80 if fin else 0x00) | opcode
+    length = len(payload)
+    if length < 126:
+        b1 = length
+        header = bytes([b0, b1])
+    elif length < 65536:
+        b1 = 126
+        header = bytes([b0, b1]) + struct.pack(">H", length)
+    else:
+        b1 = 127
+        header = bytes([b0, b1]) + struct.pack(">Q", length)
+    writer.write(header + payload)
+    await writer.drain()
+def log_frame(entry_id: int, direction: str, opcode: int, payload: bytes) -> None:
+    if opcode == OPCODE_TEXT:
+        logger.debug(
+            "ws frame entry=%d dir=%s text=%s",
+            entry_id,
+            direction,
+            payload.decode(errors="replace")[:200],
+        )
+    elif opcode == OPCODE_BINARY:
+        logger.debug("ws frame entry=%d dir=%s binary len=%d", entry_id, direction, len(payload))