WireGuard interface for mitmproxy
Project description
mitmproxy_wireguard
Transparently proxy any device that can be configured as a WireGuard client!
Work-In-Progress.
Architecture
DONE
- multi-threaded / asynchronous WireGuard server using tokio:
- one worker thread for the user-space WireGuard server
- one worker thread for the user-space network stack
- one worker thread for communicating with the Python runtime
- basic TCP/IPv4 functionality, IPv6 only partially supported
- basic UDP functionality
- Python interface similar to the one provided by
asyncio.start_server
- basic support for reading WireGuard configuration files
TODO
- better and more complete IPv6 support
- better and more helpful logging
- unit tests
- mitmproxy Integration
- various other
TODO
andFIXME
items (documented in the code)
Hacking
Setting up the development environment is relatively straightforward, as only a Rust toolchain and Python 3 are required:
# set up a new venv
python3 -m venv venv
# enter venv (use the activation script for your shell)
source ./venv/bin/activate
# install maturin and pdoc
pip install maturin pdoc
Compiling the native Rust module then becomes easy:
# compile native Rust module and install it in venv
maturin develop
# compile native Rust module with optimizations
maturin develop --release
Once that's done (phew! Rust sure does take a while to compile!), the test echo server should work correctly. It will print instructions for connecting to it over a WireGuard VPN:
python3 ./echo_test_server.py
Docs
Documentation for the Python module can be built with pdoc
.
The documentation is built from the mitmproxy_wireguard.pyi
type stubs and the
rustdoc documentation strings themselves. So to generate the documentation, the
native module needs to be rebuilt, as well:
maturin develop
pdoc mitmproxy_wireguard
By default, this will build the documentation in HTML format and serve it on http://localhost:8080.
Note: This requires version >=11.2.0
of pdoc. It is the first version that
supports generating documentation for "native-only" Python modules (like our
mitmproxy_wireguard
PyO3 module).
Introspecting the tokio runtime
The asynchronous runtime can be introspected using tokio-console
when using
a debug build of the native module:
tokio-console http://localhost:6669
There should be no task that is busy when the program is idle, i.e. there should be no busy waiting.
Note: This requires maturin>=0.12.15
, as earlier versions accidentally
clobbered the RUSTFLAGS
that were passed to the Rust compiler, breaking use
of the console_subscriber
for tokio-console
, which requires using the
--cfg tokio_unstable
flag.
Code style
The format for Rust code is enforced by rustfmt.toml
. Some used configuration
options are only available on nightly Rust. To apply the formatting rules, use:
cargo +nightly fmt
The format for Python code (i.e. the test echo server and the type stubs in
mitmproxy_wireguard.pyi
) is enforced with black
and can be applied with:
black echo_test_server.py mitmproxy_wireguard.pyi benches/*.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for mitmproxy_wireguard-0.1.0a8.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6e1f39c1f14f08d3215074a88c5881c85132430ddc43f2959d60fd04ec98aeca |
|
MD5 | 18e17e28990343a3802c0f55e998047c |
|
BLAKE2b-256 | 19cd9f689848dead4cb6ce200a1970c49413b576d96134bf83c916725fb3a3b4 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4a56c9a77961dca999de444cb04215f695342313b61bea8ae5bbe1d98bb666ea |
|
MD5 | 7bf5662d3e1b3c3cb798486a279b2242 |
|
BLAKE2b-256 | 59c5fa7c0afa074ac5c2346b4758f9747b557261e6505fe4798c114697bd3889 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-win32.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6d3c2202ab36c760671112aa8244c59d1a6e606ccdd2df1be40535ff180fef01 |
|
MD5 | 13636407f150e9d159253544dcd857dd |
|
BLAKE2b-256 | 724bb42d58cb930bad6eb1d02302c514bf0a8fdc4a3c1f5d4e704c8d2cbd7c82 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 80c75cf1ce635038df7114508df93924ce432e08ed9d80c325a115991a532b05 |
|
MD5 | f61f7988c6db2da0864d3922998c402c |
|
BLAKE2b-256 | 299dfffc6dff34af6ff173736313dc07b0f4f76b68d29690a93ce77bd74fda98 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-manylinux_2_12_i686.manylinux2010_i686.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2f298471f909d2277beaee23ec9cbf2402dc48973d65e6edd78c18f7e63dcb17 |
|
MD5 | fa9da79c2152775949922a81d6fbaa6a |
|
BLAKE2b-256 | d94f39a2ace90b18d471c464139d0d9cbb968e9fcb53eed16348158b0380e4c6 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 37207bb26677f612674cffc42881dc914674d4962144ea1a4eb0164bd0f19ac2 |
|
MD5 | d7132536681afa006159272936619fae |
|
BLAKE2b-256 | a77a13de92f4acae34ad187584bf71493a2375a836c1ec2fc17b352b025c78e9 |
Hashes for mitmproxy_wireguard-0.1.0a8-cp37-abi3-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9152ec301ed7611a0e963e332976ff55232d547c6ee2d1a9f66b5fd5559ad765 |
|
MD5 | edffb29615a1f0db6a7eb88df81c799a |
|
BLAKE2b-256 | b60937e21dfd043c16b6b91011dbd87b0be9f55f7171474ac8c8fb3f46aeff71 |