From 88fc97ad1d5c14dcf9a02240f5899d9628ffc1df Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sun, 28 Mar 2021 03:05:37 +0200 Subject: [PATCH 1/1] Add test scenario client-body-tagger-https Sponsored by: Robert Klemme --- .../client-body-tagger.action | 11 +++ .../client-body-tagger.filter | 5 ++ tests/cts/client-body-tagger-https/data/test1 | 63 ++++++++++++++++ .../cts/client-body-tagger-https/data/test10 | 61 +++++++++++++++ .../cts/client-body-tagger-https/data/test11 | 61 +++++++++++++++ .../cts/client-body-tagger-https/data/test12 | 61 +++++++++++++++ .../cts/client-body-tagger-https/data/test13 | 69 +++++++++++++++++ .../cts/client-body-tagger-https/data/test14 | 69 +++++++++++++++++ .../cts/client-body-tagger-https/data/test15 | 69 +++++++++++++++++ .../cts/client-body-tagger-https/data/test16 | 72 ++++++++++++++++++ tests/cts/client-body-tagger-https/data/test2 | 63 ++++++++++++++++ tests/cts/client-body-tagger-https/data/test3 | 63 ++++++++++++++++ tests/cts/client-body-tagger-https/data/test4 | 63 ++++++++++++++++ tests/cts/client-body-tagger-https/data/test5 | 71 ++++++++++++++++++ tests/cts/client-body-tagger-https/data/test6 | 71 ++++++++++++++++++ tests/cts/client-body-tagger-https/data/test7 | 71 ++++++++++++++++++ tests/cts/client-body-tagger-https/data/test8 | 74 +++++++++++++++++++ tests/cts/client-body-tagger-https/data/test9 | 61 +++++++++++++++ .../cts/client-body-tagger-https/privoxy.conf | 38 ++++++++++ 19 files changed, 1116 insertions(+) create mode 100644 tests/cts/client-body-tagger-https/client-body-tagger.action create mode 100644 tests/cts/client-body-tagger-https/client-body-tagger.filter create mode 100644 tests/cts/client-body-tagger-https/data/test1 create mode 100644 tests/cts/client-body-tagger-https/data/test10 create mode 100644 tests/cts/client-body-tagger-https/data/test11 create mode 100644 tests/cts/client-body-tagger-https/data/test12 create mode 100644 tests/cts/client-body-tagger-https/data/test13 create mode 100644 tests/cts/client-body-tagger-https/data/test14 create mode 100644 tests/cts/client-body-tagger-https/data/test15 create mode 100644 tests/cts/client-body-tagger-https/data/test16 create mode 100644 tests/cts/client-body-tagger-https/data/test2 create mode 100644 tests/cts/client-body-tagger-https/data/test3 create mode 100644 tests/cts/client-body-tagger-https/data/test4 create mode 100644 tests/cts/client-body-tagger-https/data/test5 create mode 100644 tests/cts/client-body-tagger-https/data/test6 create mode 100644 tests/cts/client-body-tagger-https/data/test7 create mode 100644 tests/cts/client-body-tagger-https/data/test8 create mode 100644 tests/cts/client-body-tagger-https/data/test9 create mode 100644 tests/cts/client-body-tagger-https/privoxy.conf diff --git a/tests/cts/client-body-tagger-https/client-body-tagger.action b/tests/cts/client-body-tagger-https/client-body-tagger.action new file mode 100644 index 00000000..2bc5848c --- /dev/null +++ b/tests/cts/client-body-tagger-https/client-body-tagger.action @@ -0,0 +1,11 @@ +{+client-body-tagger{blafasel}} +/ + +{+block{Request body contains blafasel}} +TAG:^content contains blafasel$ + +{+client-body-tagger{bumfidel}} +/tag-bumfidel-requests/ + +{+client-body-filter{bumfidel-to-tralala}} +TAG:^content contains bumfidel$ diff --git a/tests/cts/client-body-tagger-https/client-body-tagger.filter b/tests/cts/client-body-tagger-https/client-body-tagger.filter new file mode 100644 index 00000000..dc3ebae3 --- /dev/null +++ b/tests/cts/client-body-tagger-https/client-body-tagger.filter @@ -0,0 +1,5 @@ +CLIENT-BODY-TAGGER: blafasel Tags requests with "content contains blafasel" if the client body contains the word "blafasel" +s@.*blafasel.*@content contains blafasel@s + +CLIENT-BODY-TAGGER: bumfidel Tags requests with "content contains bumfidel" if the client body contains the word "bumfidel" +s@.*bumfidel.*@content contains bumfidel@s diff --git a/tests/cts/client-body-tagger-https/data/test1 b/tests/cts/client-body-tagger-https/data/test1 new file mode 100644 index 00000000..6d43cc75 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test1 @@ -0,0 +1,63 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is blocked based on a tag applied with client-body-tagger{blafasel}. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test10 b/tests/cts/client-body-tagger-https/data/test10 new file mode 100644 index 00000000..cbba8d23 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test10 @@ -0,0 +1,61 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}. (based on test 2) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test11 b/tests/cts/client-body-tagger-https/data/test11 new file mode 100644 index 00000000..29521bc4 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test11 @@ -0,0 +1,61 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag. Offending phrase at end of content. (based on test 3) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test12 b/tests/cts/client-body-tagger-https/data/test12 new file mode 100644 index 00000000..896b0a2c --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test12 @@ -0,0 +1,61 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag. Offending phrase in the middle of the content. (based on test 4) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test13 b/tests/cts/client-body-tagger-https/data/test13 new file mode 100644 index 00000000..b0d227ee --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test13 @@ -0,0 +1,69 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is a POST request but it's not expected to be blocked due to a tag. (based on test 5) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35008 +Content-Type: application/x-www-form-urlencoded + +%repeat[5000 x padding]%bumfidel + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test14 b/tests/cts/client-body-tagger-https/data/test14 new file mode 100644 index 00000000..5f22e50b --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test14 @@ -0,0 +1,69 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is a POST request and a client-body-filter is enabled based on a tag. (based on test 6) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER + + + + + +GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35007 +Content-Type: application/x-www-form-urlencoded + +%repeat[5000 x padding]%tralala + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test15 b/tests/cts/client-body-tagger-https/data/test15 new file mode 100644 index 00000000..f16f5a38 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test15 @@ -0,0 +1,69 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer) (based on test 7) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 140008 +Content-Type: application/x-www-form-urlencoded + +blafasel%repeat[20000 x padding]% + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test16 b/tests/cts/client-body-tagger-https/data/test16 new file mode 100644 index 00000000..94311c4a --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test16 @@ -0,0 +1,72 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass. (based on test 8) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Transfer-Encoding: chunked +Content-Type: application/x-www-form-urlencoded + +8 +blafasel +0 + + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test2 b/tests/cts/client-body-tagger-https/data/test2 new file mode 100644 index 00000000..028d05fa --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test2 @@ -0,0 +1,63 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test3 b/tests/cts/client-body-tagger-https/data/test3 new file mode 100644 index 00000000..9a1fbec6 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test3 @@ -0,0 +1,63 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase at end of content. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test4 b/tests/cts/client-body-tagger-https/data/test4 new file mode 100644 index 00000000..96bcf20b --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test4 @@ -0,0 +1,63 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase in the middle of the content. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test5 b/tests/cts/client-body-tagger-https/data/test5 new file mode 100644 index 00000000..b7afdfa8 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test5 @@ -0,0 +1,71 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is a POST request but it's not expected to be blocked due to a tag. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35008 +Content-Type: application/x-www-form-urlencoded + +%repeat[5000 x padding]%bumfidel + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test6 b/tests/cts/client-body-tagger-https/data/test6 new file mode 100644 index 00000000..76dd32d1 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test6 @@ -0,0 +1,71 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is a POST request and a client-body-filter is enabled based on a tag. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER + + + + + +GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35007 +Content-Type: application/x-www-form-urlencoded + +%repeat[5000 x padding]%tralala + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test7 b/tests/cts/client-body-tagger-https/data/test7 new file mode 100644 index 00000000..dd72ae85 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test7 @@ -0,0 +1,71 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 140008 +Content-Type: application/x-www-form-urlencoded + +blafasel%repeat[20000 x padding]% + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test8 b/tests/cts/client-body-tagger-https/data/test8 new file mode 100644 index 00000000..38091408 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test8 @@ -0,0 +1,74 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +https + + +Two requests to the same URL. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* +Transfer-Encoding: chunked +Content-Type: application/x-www-form-urlencoded + +8 +blafasel +0 + + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger-https/data/test9 b/tests/cts/client-body-tagger-https/data/test9 new file mode 100644 index 00000000..f8292884 --- /dev/null +++ b/tests/cts/client-body-tagger-https/data/test9 @@ -0,0 +1,61 @@ + + + +HTTPS +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Content-Length: 21 +Content-Type: text/html + +Received your input. + + + + + +https + + +Two requests to the same URL on a reused connection. The second one is blocked based on a tag applied with client-body-tagger{blafasel}. (based on test 1) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger-https/privoxy.conf b/tests/cts/client-body-tagger-https/privoxy.conf new file mode 100644 index 00000000..09b4f68e --- /dev/null +++ b/tests/cts/client-body-tagger-https/privoxy.conf @@ -0,0 +1,38 @@ +listen-address 127.0.0.1:9119 + +ca-directory ../ca-directory +ca-cert-file privoxy-test-cacert.crt +ca-key-file privoxy-test-cakey.pem +ca-password blafasel +# We don't check certificate anyway +trusted-cas-file privoxy-test-cacert.crt + +certificate-directory ../certs + +debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +debug 2 # show each connection status +debug 4 # show tagging-related messages +debug 8 # show header parsing +debug 32 # debug force feature +debug 64 # debug regular expression filters +debug 128 # debug redirects +debug 256 # debug GIF de-animation +debug 512 # Common Log Format +debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. +debug 4096 # Startup banner and warnings. +debug 8192 # Non-fatal errors + +actionsfile ../blocked-https-requests/https-inspection.action +actionsfile ../client-body-tagger/client-body-tagger.action +filterfile ../client-body-tagger/client-body-tagger.filter +filterfile ../client-body-filter/client-body-filter.filter + +socket-timeout 3 + +templdir ../../../templates/ + +# Reduce buffer limit so tests can reach it sooner. +buffer-limit 100 + +keep-alive-timeout 10 +default-server-timeout 10 -- 2.39.2