WireGuard interface for mitmproxy
Project description
mitmproxy_wireguard
Transparently proxy any device that can be configured as a WireGuard client!
Work-In-Progress.
Architecture
DONE
- multi-threaded / asynchronous WireGuard server using tokio:
- one worker thread for the user-space WireGuard server
- one worker thread for the user-space network stack
- one worker thread for communicating with the Python runtime
- basic TCP/IPv4 functionality, IPv6 only partially supported
- basic UDP functionality
- Python interface similar to the one provided by
asyncio.start_server
- basic support for reading WireGuard configuration files
TODO
- better and more complete IPv6 support
- better and more helpful logging
- unit tests
- mitmproxy Integration
- various other
TODO
andFIXME
items (documented in the code)
Hacking
Setting up the development environment is relatively straightforward, as only a Rust toolchain and Python 3 are required:
# set up a new venv
python3 -m venv venv
# enter venv (use the activation script for your shell)
source ./venv/bin/activate
# install maturin and pdoc
pip install maturin pdoc
Compiling the native Rust module then becomes easy:
# compile native Rust module and install it in venv
maturin develop
# compile native Rust module with optimizations
maturin develop --release
Once that's done (phew! Rust sure does take a while to compile!), the test echo server should work correctly. It will print instructions for connecting to it over a WireGuard VPN:
python3 ./echo_test_server.py
Docs
Documentation for the Python module can be built with pdoc
.
The documentation is built from the mitmproxy_wireguard.pyi
type stubs and the
rustdoc documentation strings themselves. So to generate the documentation, the
native module needs to be rebuilt, as well:
maturin develop
pdoc mitmproxy_wireguard
By default, this will build the documentation in HTML format and serve it on http://localhost:8080.
Note: This requires version >=11.2.0
of pdoc. It is the first version that
supports generating documentation for "native-only" Python modules (like our
mitmproxy_wireguard
PyO3 module).
Introspecting the tokio runtime
The asynchronous runtime can be introspected using tokio-console
when using
a debug build of the native module:
tokio-console http://localhost:6669
There should be no task that is busy when the program is idle, i.e. there should be no busy waiting.
Note: This requires maturin>=0.12.15
, as earlier versions accidentally
clobbered the RUSTFLAGS
that were passed to the Rust compiler, breaking use
of the console_subscriber
for tokio-console
, which requires using the
--cfg tokio_unstable
flag.
Code style
The format for Rust code is enforced by rustfmt.toml
. Some used configuration
options are only available on nightly Rust. To apply the formatting rules, use:
cargo +nightly fmt
The format for Python code (i.e. the test echo server and the type stubs in
mitmproxy_wireguard.pyi
) is enforced with black
and can be applied with:
black echo_test_server.py mitmproxy_wireguard.pyi benches/*.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for mitmproxy_wireguard-0.1.0a6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ae5001be5bce4159c222aad7e7f507cb658509648982a7528e6db39a6af17df |
|
MD5 | 73355aab38db63f1944b277d20c6228e |
|
BLAKE2b-256 | 4446e661ee30a0d2d27eb8317c72f35300b421d8291de1d90591887163478c5f |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5efbc50ea3cb2d4b5d61b508ca85ec129b63f68387053ed5b32771484d4f7a75 |
|
MD5 | 9fd23eca7a21676a3549719e059b544a |
|
BLAKE2b-256 | 9a5b67f10e7b8474dd46265084f0791daa5add3bd72dc514281d5e268f311f0a |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b49c007375e0a384330d43725e241bdf1e309eb10968ffc6f037d64799d79423 |
|
MD5 | 0672a6386d17266b88528a86e7a17657 |
|
BLAKE2b-256 | ade604924b6e31f1bcdf4f8d8ad2f1b4523d42f1570ddb7b0622729a2e424f17 |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | da92921a7091dde613a241bac3c16073d369f46c20453fd97ab6688de5ae293e |
|
MD5 | eba658f11212def79d6eaf7d168ac87d |
|
BLAKE2b-256 | dd2e795b1d7b4bc3cf8f3fc4b3f1e12a61fa50722bf02e71235eabe24a854f10 |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-manylinux_2_12_i686.manylinux2010_i686.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 00d3d1336d02b0748bcf05936b9ef8887a6069872d47b87de6252b9867e0d483 |
|
MD5 | 31b2f36f3fb4890ca3d44263d4e3a3a7 |
|
BLAKE2b-256 | acbc7f3f17cf489f80f74df855555a88d6cc1eacd7d4b30bd7d749fa07c7740e |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 963fd25925b692ff770925bea0d236c16298b816138a9ccf66c0d79b8e40a65a |
|
MD5 | cba03de51e8542bc6e336d6f2fb0ea2e |
|
BLAKE2b-256 | cd086c5c58622ab211592adde6d668667873c5a0e3f45f55dadd448399e6a8b4 |
Hashes for mitmproxy_wireguard-0.1.0a6-cp37-abi3-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4930298af86347aa32722e38e7aad88ff25e019e6e6105fbd54d36b32304ded8 |
|
MD5 | f2727df013c6350d8071d9f69d296d88 |
|
BLAKE2b-256 | a275e7613fb209a0ae5aab20d951a2913830e0190796fa895524477867899d3d |