Wolemba mitmproxy, chida chowunikira kuchuluka kwa magalimoto a HTTP/HTTPS, adawonetsa mawonekedwe a foloko ya polojekiti yake mu PyPI (Python Package Index) chikwatu cha Python phukusi. Folokoyo idagawidwa pansi pa dzina lofananalo mitmproxy2 ndi mtundu womwe kulibe 8.0.1 (kutulutsidwa kwapano mitmproxy 7.0.4) ndikuyembekeza kuti ogwiritsa ntchito osazindikira awona phukusi ngati kope latsopano la polojekiti yayikulu (typesquatting) ndipo angafune kuyesa mtundu watsopano.
M'mapangidwe ake, mitmproxy2 inali yofanana ndi mitmproxy, kupatulapo zosintha ndikukhazikitsa magwiridwe antchito oyipa. Kusinthaku kunali kuyimitsa kuyika mutu wa HTTP "X-Frame-Options: DENY", yomwe imaletsa kukonza zomwe zili mkati mwa iframe, kulepheretsa chitetezo ku XSRF ndikuyika mitu "Access-Control-Allow-Origin: *", "Access-Control- Allow-Heads: *" ndi "Access-Control-Lola-Njira: POST, GET, DELETE, OPTIONS".
Zosinthazi zidachotsa zoletsa zofikira ku HTTP API yomwe imagwiritsidwa ntchito kuyang'anira mitmproxy kudzera pa intaneti, zomwe zidalola wowukira aliyense yemwe ali pa netiweki yam'deralo kuti akonzekere kachitidwe ka code yawo pamakina a wogwiritsa ntchito potumiza pempho la HTTP.
Oyang'anira zikwatu adavomereza kuti zosinthazo zitha kutanthauziridwa ngati zoyipa, ndipo phukusi lokhalo ngati kuyesa kulimbikitsa chinthu china motengera polojekiti yayikulu (mafotokozedwe a phukusili akuti iyi inali mtundu watsopano wa mitmproxy, osati a mphanda). Pambuyo pochotsa phukusili m'kabukhuli, tsiku lotsatira phukusi latsopano, mitmproxy-iframe, linatumizidwa ku PyPI, kufotokozera komwe kumagwirizananso ndi phukusi lovomerezeka. Phukusi la mitmproxy-iframe lachotsedwanso m'ndandanda wa PyPI.
Source: opennet.ru