WireGuard interface for mitmproxy
Project description
mitmproxy_wireguard
Transparently proxy any device that can be configured as a WireGuard client!
Work-In-Progress.
Architecture
DONE
- multi-threaded / asynchronous WireGuard server using tokio:
- one worker thread for the user-space WireGuard server
- one worker thread for the user-space network stack
- one worker thread for communicating with the Python runtime
- basic TCP/IPv4 functionality, IPv6 only partially supported
- basic UDP functionality
- Python interface similar to the one provided by
asyncio.start_server
- basic support for reading WireGuard configuration files
TODO
- better and more complete IPv6 support
- better and more helpful logging
- unit tests
- mitmproxy Integration
- various other
TODO
andFIXME
items (documented in the code)
Hacking
Setting up the development environment is relatively straightforward, as only a Rust toolchain and Python 3 are required:
# set up a new venv
python3 -m venv venv
# enter venv (use the activation script for your shell)
source ./venv/bin/activate
# install maturin and pdoc
pip install maturin pdoc
Compiling the native Rust module then becomes easy:
# compile native Rust module and install it in venv
maturin develop
# compile native Rust module with optimizations
maturin develop --release
Once that's done (phew! Rust sure does take a while to compile!), the test echo server should work correctly. It will print instructions for connecting to it over a WireGuard VPN:
python3 ./echo_test_server.py
Docs
Documentation for the Python module can be built with pdoc
.
The documentation is built from the mitmproxy_wireguard.pyi
type stubs and the
rustdoc documentation strings themselves. So to generate the documentation, the
native module needs to be rebuilt, as well:
maturin develop
pdoc mitmproxy_wireguard
By default, this will build the documentation in HTML format and serve it on http://localhost:8080.
Note: This requires version >=11.2.0
of pdoc. It is the first version that
supports generating documentation for "native-only" Python modules (like our
mitmproxy_wireguard
PyO3 module).
Introspecting the tokio runtime
The asynchronous runtime can be introspected using tokio-console
when using
a debug build of the native module:
tokio-console http://localhost:6669
There should be no task that is busy when the program is idle, i.e. there should be no busy waiting.
Note: This requires maturin>=0.12.15
, as earlier versions accidentally
clobbered the RUSTFLAGS
that were passed to the Rust compiler, breaking use
of the console_subscriber
for tokio-console
, which requires using the
--cfg tokio_unstable
flag.
Code style
The format for Rust code is enforced by rustfmt.toml
. Some used configuration
options are only available on nightly Rust. To apply the formatting rules, use:
cargo +nightly fmt
The format for Python code (i.e. the test echo server and the type stubs in
mitmproxy_wireguard.pyi
) is enforced with black
and can be applied with:
black echo_test_server.py mitmproxy_wireguard.pyi benches/*.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for mitmproxy_wireguard-0.1.0a5.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 19aa1d5c5be4837868fbc2b52f510dfea5b35aecb932ff7b8ddc88526e6af074 |
|
MD5 | 2a56678814986854c8188d2da7c1296d |
|
BLAKE2b-256 | f1e1748734c448049aa03797a5ca453fdff8ddc28b9ddf7e83d0652b2f27ca2e |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e98fc7a983b337ecf7ea9938c882986a371734b97f85eb8f138710c630dd71ee |
|
MD5 | 338aff6afa8ece24a2cbb0c137f69a93 |
|
BLAKE2b-256 | 1d8dbd3cd1f6bc779e6689887ad43c858fc3a41c087204e4b02072206866a68b |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6fa5bae4da923405b2c7205740372fc84595cf26369d49f2f68e4583cbc2b685 |
|
MD5 | de524c4532f1f61d53e0778635e83a87 |
|
BLAKE2b-256 | 236b69fdb2ec1d71a52f766c5b53d8ac4fb6f0a832bb38087aabc8576106617e |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | cde820329214e304837b898319af62a71ccbb894fdcc13958b81bf92d49ee9dd |
|
MD5 | 128408ceab82414e79eb3f474339493f |
|
BLAKE2b-256 | 21c19416e7b9a05722c62ea3062c94f44445380e0d89e275b81a3296cf17f57a |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-manylinux_2_12_i686.manylinux2010_i686.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8609fa69dd1117d7cb6d2cb1097db50787687da1d05a56f274a24ba4c0924020 |
|
MD5 | 3aff0017943f15a21319945f36c91fd0 |
|
BLAKE2b-256 | 4baae6055ae824452635ceb1b12ff7119445e260826fb8aac3a6b2d91d32ed5c |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 604e3efeb0d4732fa716172faa9045b844d0f1beb7520655e7f648666de5907c |
|
MD5 | d86ab1d10a54e6bde6e49fb222093956 |
|
BLAKE2b-256 | ea0eb4495b2a732a59ec33ad0441b7b6a40bcca93a40cc1a3529782ac185107c |
Hashes for mitmproxy_wireguard-0.1.0a5-cp37-abi3-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e1846c93d211613f92b556b9f22237ea5e458ee2c51547be94a2bb2c30692231 |
|
MD5 | 9b5a4334aecd9ffd6e697f2d5120009c |
|
BLAKE2b-256 | 1091692528ad7267a4a8c0ba4c02815f41db679d422b608b17690523a4d56d3b |