Comments on: Trapping HTTP Requests and Responses with Python http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: pdp http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/comment-page-1/#comment-126135 pdp Wed, 25 Feb 2009 10:07:51 +0000 https://www.gnucitizen.org/?p=2603#comment-126135 while it is true that twisted can provide a lot more solid base for this proxy server, the truth is that proxies are not that complicated. they are relatively simple actually. right now my code relies on pyOpenSSL but once the python team introduce SSL server support, it will be easy to switch and as such make the module run without any dependencies, which is my ultimate goal. while it is true that twisted can provide a lot more solid base for this proxy server, the truth is that proxies are not that complicated. they are relatively simple actually.

right now my code relies on pyOpenSSL but once the python team introduce SSL server support, it will be easy to switch and as such make the module run without any dependencies, which is my ultimate goal.

]]> By: Anon http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/comment-page-1/#comment-126096 Anon Tue, 24 Feb 2009 05:26:06 +0000 https://www.gnucitizen.org/?p=2603#comment-126096 Whoops, let me elaborate on my previous point - someone mentioned unit testing as a potential concern for this library. Twisted, although it does have its flaws, has constructs that allow you to simulate packet and connections and such with relative ease. Otherwise you're going to have to hack together something on your own for fully exercising the functionality of the library. This is a good working script, but what's probably going to happen is that you're slowly going to tack more and more features onto until it becomes a nightmare to deal with until you decide to reimplement half of some existing networking lib from scratch in V2. http://twistedmatrix.com/trac/wiki/TwistedTrial Anyway, good work as has been said, i'll be keeping tabs on this. -Signed, Jaded Software Engineer Whoops, let me elaborate on my previous point – someone mentioned unit testing as a potential concern for this library. Twisted, although it does have its flaws, has constructs that allow you to simulate packet and connections and such with relative ease. Otherwise you’re going to have to hack together something on your own for fully exercising the functionality of the library.

This is a good working script, but what’s probably going to happen is that you’re slowly going to tack more and more features onto until it becomes a nightmare to deal with until you decide to reimplement half of some existing networking lib from scratch in V2.

http://twistedmatrix.com/trac/wiki/TwistedTrial

Anyway, good work as has been said, i’ll be keeping tabs on this.

-Signed,
Jaded Software Engineer

]]> By: Anon http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/comment-page-1/#comment-126095 Anon Tue, 24 Feb 2009 05:06:11 +0000 https://www.gnucitizen.org/?p=2603#comment-126095 Out of curiosity, why not use Twisted for this? It seems like you reimplemented a lot of functionality. Out of curiosity, why not use Twisted for this? It seems like you reimplemented a lot of functionality.

]]> By: pdp http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/comment-page-1/#comment-126012 pdp Wed, 18 Feb 2009 21:23:55 +0000 https://www.gnucitizen.org/?p=2603#comment-126012 Hi Jay, You don't want to mess with WSGI for just parsing simple requests and responses. <code>MessageClass</code> is actually <code>mimetools.Message</code> which is enough to parse headers and leave the rest to you as pure data. Also, I like that the functions work in raw as often we just want to perform simple regex operations without reconstructing the data. Thanks for the suggestions. Hi Jay,

You don’t want to mess with WSGI for just parsing simple requests and responses. MessageClass is actually mimetools.Message which is enough to parse headers and leave the rest to you as pure data. Also, I like that the functions work in raw as often we just want to perform simple regex operations without reconstructing the data.

Thanks for the suggestions.

]]> By: Jay http://www.gnucitizen.org/blog/trapping-http-requests-and-responses-with-python/comment-page-1/#comment-126009 Jay Wed, 18 Feb 2009 16:47:49 +0000 https://www.gnucitizen.org/?p=2603#comment-126009 Looks nice. You may want to consider the numerous WSGI objects / middleware for parsing request / response. It's good that you can also get the data raw, but rather then writing "yet another helper function" I could see how being able to insert these standard components into your MITM stream would make it even more powerful. Looks nice. You may want to consider the numerous WSGI objects / middleware for parsing request / response.

It’s good that you can also get the data raw, but rather then writing “yet another helper function” I could see how being able to insert these standard components into your MITM stream would make it even more powerful.

]]>