Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add e2e tests for filtering rules

Browse Source 
End-to-end tests now require testproxy v0.0.4, which supports the new
Reconnect command for the Pass filtering rule.

Split mode with the -n option also supports filtering rules, so the
Divert rule can enable the divert mode even with the -n option. This is
because the purpose of the -n option is to convert sslproxy into an
sslsplit, and we want to support filtering rules in sslsplit-like
sslproxy too.
pull/48/head
Soner Tari 3 years ago
parent 39e1d87783
commit dc34bc1ccf
16 changed files with 1105 additions and 8 deletions
Show Stats Download Patch File Download Diff File

8
tests/testproxy/GNUmakefile
Unescape Escape View File

@ -2,8 +2,8 @@ PROJECT_ROOT= ../..
TESTPROXY:= ~/.cargo/bin/testproxy
TESTPROXY_VERSION=$(shell $(TESTPROXY) -V)
ifneq ($(TESTPROXY_VERSION),testproxy 0.0.3)
$(error Use Testproxy v0.0.3 with this version of SSLproxy, found $(TESTPROXY_VERSION))
ifneq ($(TESTPROXY_VERSION),testproxy 0.0.4)
$(error Use Testproxy v0.0.4 with this version of SSLproxy, found $(TESTPROXY_VERSION))
endif
ifeq ($(findstring -DWITHOUT_USERAUTH,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "Features: ")),-DWITHOUT_USERAUTH)
@ -42,10 +42,12 @@ test_split: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf
test_split: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -n -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody
test_split: TESTHARNESS=$(if $(TLS13),testharness_split.json,testharness_split_no_tls13.json)
test_split: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_split_no_tls11.json)
test_split: buildsslproxy
test_split: buildsslproxy buildlp
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)
$(TESTPROXY) -f $(TESTHARNESS) -l 4
sudo pkill sslproxy
sudo pkill lp
travis: test

171
tests/testproxy/filter_block_testset_1.json
Unescape Escape View File

@ -0,0 +1,171 @@
{
"comment": "Tests for Block filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"configs": {
"1": {
"proto": {
"proto": "tcp"
},
"client": {
"ip": "127.0.0.1",
"port": "8197"
},
"server": {
"ip": "127.0.0.1",
"port": "9197"
}
},
"2": {
"proto": {
"proto": "ssl",
"verify_peer": "no"
},
"client": {
"ip": "127.0.0.1",
"port": "8198"
},
"server": {
"ip": "127.0.0.1",
"port": "9198",
"crt": "server.crt",
"key": "server.key"
}
}
},
"tests": {
"1": {
"comment": "Block filtering rule blocks connection with an extra SSLproxy line",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"2": {
"comment": "Block filtering rule blocks connection with extra SSLproxy lines",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"3": {
"comment": "Block filtering rule blocks connection with Connection header",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"4": {
"comment": "Block filtering rule blocks connection upgrading to SSL/TLS, WebSockets or HTTP/2",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"5": {
"comment": "Block filtering rule blocks connection with Keep-Alive",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"6": {
"comment": "Block filtering rule blocks connection with Accept-Encoding",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"7": {
"comment": "Block filtering rule blocks connection with Via",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"8": {
"comment": "Block filtering rule blocks connection with X-Forwarded-For",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
},
"9": {
"comment": "Block filtering rule blocks connection with Referer",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": ""
}
}
}
}
}

170
tests/testproxy/filter_divert_testset_1.json
Unescape Escape View File

@ -0,0 +1,170 @@
{
"comment": "Tests for Divert filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"configs": {
"1": {
"proto": {
"proto": "tcp"
},
"client": {
"ip": "127.0.0.1",
"port": "8191"
},
"server": {
"ip": "127.0.0.1",
"port": "9191"
}
},
"2": {
"proto": {
"proto": "ssl",
"crt": "server.crt",
"key": "server.key"
},
"client": {
"ip": "127.0.0.1",
"port": "8192"
},
"server": {
"ip": "127.0.0.1",
"port": "9192"
}
}
},
"tests": {
"1": {
"comment": "Divert filtering rule removes any extra SSLproxy line, and appends Connection: close",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"2": {
"comment": "Divert filtering rule removes all extra SSLproxy lines",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"3": {
"comment": "Divert filtering rule changes Connection header to close",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"4": {
"comment": "Divert filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"5": {
"comment": "Divert filtering rule removes Keep-Alive",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"6": {
"comment": "Divert filtering rule does not remove Accept-Encoding by default (it's a config option)",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n"
}
}
},
"7": {
"comment": "Divert filtering rule removes Via",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"8": {
"comment": "Divert filtering rule removes X-Forwarded-For",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"9": {
"comment": "Divert filtering rule removes Referer",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
}
}
}

217
tests/testproxy/filter_pass_testset_1.json
Unescape Escape View File

@ -0,0 +1,217 @@
{
"comment": "Tests for Pass filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"configs": {
"1": {
"proto": {
"proto": "tcp"
},
"client": {
"ip": "127.0.0.1",
"port": "8195"
},
"server": {
"ip": "127.0.0.1",
"port": "9195"
}
},
"2": {
"proto": {
"proto": "ssl",
"verify_peer": "no"
},
"client": {
"ip": "127.0.0.1",
"port": "8196"
},
"server": {
"ip": "127.0.0.1",
"port": "9196",
"crt": "server.crt",
"key": "server.key"
}
}
},
"tests": {
"1": {
"comment": "Pass filtering rule does not remove any extra SSLproxy line, and does not append Connection: close",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": "",
"comment": "Pass rules cause sslproxy to disconnect/reconnect to the server, so the reconnect cmd instructs the server to allow it"
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
}
}
},
"2": {
"comment": "Pass filtering rule does not remove any extra SSLproxy lines",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
}
}
},
"3": {
"comment": "Pass filtering rule does not change Connection header to close",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
}
}
},
"4": {
"comment": "Pass filtering rule does not suppress upgrading to SSL/TLS, WebSockets or HTTP/2",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
}
}
},
"5": {
"comment": "Pass filtering rule does not remove Keep-Alive",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
}
}
},
"6": {
"comment": "Pass filtering rule does not remove Accept-Encoding",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
}
}
},
"7": {
"comment": "Pass filtering rule does not remove Via",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
}
}
},
"8": {
"comment": "Pass filtering rule does not remove X-Forwarded-For",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
}
}
},
"9": {
"comment": "Pass filtering rule does not remove Referer",
"states": {
"1": {
"testend": "server",
"cmd": "reconnect",
"payload": ""
},
"2": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
},
"3": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
}
}
}
}
}

170
tests/testproxy/filter_split_testset_1.json
Unescape Escape View File

@ -0,0 +1,170 @@
{
"comment": "Tests for Split filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"configs": {
"1": {
"proto": {
"proto": "tcp"
},
"client": {
"ip": "127.0.0.1",
"port": "8193"
},
"server": {
"ip": "127.0.0.1",
"port": "9193"
}
},
"2": {
"proto": {
"proto": "ssl",
"crt": "server.crt",
"key": "server.key"
},
"client": {
"ip": "127.0.0.1",
"port": "8194"
},
"server": {
"ip": "127.0.0.1",
"port": "9194"
}
}
},
"tests": {
"1": {
"comment": "Split filtering rule removes any extra SSLproxy line, and appends Connection: close",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"2": {
"comment": "Split filtering rule removes all extra SSLproxy lines",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"3": {
"comment": "Split filtering rule changes Connection header to close",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"4": {
"comment": "Split filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"5": {
"comment": "Split filtering rule removes Keep-Alive",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
},
"6": {
"comment": "Split filtering rule does not remove Accept-Encoding by default (it's a config option)",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n"
}
}
},
"7": {
"comment": "Split filtering rule does not remove Via (it is removed by child conns)",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\nConnection: close\r\n\r\n"
}
}
},
"8": {
"comment": "Split filtering rule does not remove X-Forwarded-For (it is removed by child conns)",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\nConnection: close\r\n\r\n"
}
}
},
"9": {
"comment": "Split filtering rule removes Referer",
"states": {
"1": {
"testend": "client",
"cmd": "send",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
},
"2": {
"testend": "server",
"cmd": "recv",
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
}
}
}
}
}

6
tests/testproxy/http_testset_split_1.json
Unescape Escape View File

@ -1,5 +1,5 @@
{
"comment": "SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"comment": "Split mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
"configs": {
"1": {
"proto": {
@ -122,7 +122,7 @@
}
},
"7": {
"comment": "SSLsplit mode does not remove Via (it is removed by child conns)",
"comment": "Split mode does not remove Via (it is removed by child conns)",
"states": {
"1": {
"testend": "client",
@ -137,7 +137,7 @@
}
},
"8": {
"comment": "SSLsplit mode does not removes X-Forwarded-For (it is removed by child conns)",
"comment": "Split mode does not remove X-Forwarded-For (it is removed by child conns)",
"states": {
"1": {
"testend": "client",

4
tests/testproxy/proto_validate_testset_split_4.json
Unescape Escape View File

@ -1,5 +1,5 @@
{
"comment": "Tests for SMTP",
"comment": "Split mode tests for SMTP",
"configs": {
"1": {
"proto": {
@ -238,4 +238,4 @@
}
}
}
}
}

105
tests/testproxy/sslproxy.conf
Unescape Escape View File

@ -325,3 +325,108 @@ ProxySpec {
# SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8190 127.0.0.1 9190
ProxySpec https 127.0.0.1 8463 127.0.0.1 9463
# Tests for Divert filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8191
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9191
Divert no
# Match rules should not change filter action
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8192
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9192
Divert no
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Split filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8193
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9193
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8194
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9194
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Pass filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8195
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9195
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8196
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9196
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Block filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8197
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9197
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8198
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9198
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}

104
tests/testproxy/sslproxy_no_tls11.conf
Unescape Escape View File

@ -274,3 +274,107 @@ ProxySpec {
# SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8190 127.0.0.1 9190
ProxySpec https 127.0.0.1 8463 127.0.0.1 9463
# Tests for Divert filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8191
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9191
Divert no
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8192
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9192
Divert no
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Split filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8193
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9193
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8194
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9194
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Pass filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8195
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9195
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8196
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9196
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Block filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8197
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9197
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8198
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9198
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}

104
tests/testproxy/sslproxy_no_tls13.conf
Unescape Escape View File

@ -314,3 +314,107 @@ ProxySpec {
# SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8190 127.0.0.1 9190
ProxySpec https 127.0.0.1 8463 127.0.0.1 9463
# Tests for Divert filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8191
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9191
Divert no
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8192
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9192
Divert no
Match from ip 127.0.0.1 to ip 127.0.0.1
Divert from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Split filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8193
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9193
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8194
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9194
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Split from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Pass filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8195
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9195
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8196
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9196
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
Match from ip 127.0.0.1 to ip 127.0.0.1
}
# Tests for Block filtering rules
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8197
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9197
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8198
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9198
Divert yes
Match from ip 127.0.0.1 to ip 127.0.0.1
Block from ip 127.0.0.1 to ip 127.0.0.1
Match from ip 127.0.0.1 to ip 127.0.0.1
}

9
tests/testproxy/testharness.json
Unescape Escape View File

@ -42,6 +42,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

9
tests/testproxy/testharness_no_tls11.json
Unescape Escape View File

@ -37,6 +37,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

9
tests/testproxy/testharness_no_tls13.json
Unescape Escape View File

@ -41,6 +41,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

9
tests/testproxy/testharness_split.json
Unescape Escape View File

@ -42,6 +42,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

9
tests/testproxy/testharness_split_no_tls11.json
Unescape Escape View File

@ -37,6 +37,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

9
tests/testproxy/testharness_split_no_tls13.json
Unescape Escape View File

@ -41,6 +41,15 @@
"6": "userauth_testset_1.json",
"7": "userauth_testset_2.json"
}
},
"5": {
"comment": "Filtering rules tests",
"testsets": {
"1": "filter_divert_testset_1.json",
"2": "filter_split_testset_1.json",
"3": "filter_pass_testset_1.json",
"4": "filter_block_testset_1.json"
}
}
}
}

Write Preview
Loading…
Cancel
Save