Qoraaga mitmproxy, oo ah aalad lagu falanqeeyo taraafikada HTTP/HTTPS, ayaa soo jiitay muuqaalka fargeeto mashruuciisa ku jira buugga PyPI (Python Package Index) ee xirmooyinka Python. Fargeetada waxaa lagu qaybiyey magaca la midka ah ee mitmproxy2 iyo nooca aan jirin ee 8.0.1 (hadda siidaynta mitmproxy 7.0.4) iyada oo la filayo in isticmaalayaasha aan fiiro lahayn ay u arki doonaan xirmada daabacaad cusub oo ah mashruuca ugu weyn (nooca) oo ay rabaan si aad u tijaabiso nooca cusub
Marka la isku daro, mitmproxy2 waxay la mid tahay mitmproxy, marka laga reebo isbeddelada hirgelinta shaqeynta xaasidnimo. Isbeddeladu waxay ka koobnaayeen joojinta dejinta madaxa HTTP "X-Frame-Options: DENY", kaas oo mamnuucaya ka-hortagga waxyaabaha ku jira iframe, curyaaminta ilaalinta weerarrada XSRF iyo dejinta madaxyada "Gelitaanka-Control-Ogolaanshaha-Asal: *", "Galitaanka-Koontaroolka- Oggolow-Madax-weyne: *"iyo"Hababka Galitaanka-Koontaroolka-Ogolaanshaha-Habab: POST, hel, Tirtir, OPTIONS".
Isbeddelladani waxay meesha ka saareen xannibaadihii gelitaanka HTTP API ee loo isticmaalay in lagu maareeyo mitmproxy iyada oo loo sii marayo Interface-ka Shabakadda, taas oo u oggolaatay weeraryahan kasta oo ku yaal isla shabakadda maxalliga ah inuu abaabulo fulinta koodka nidaamka isticmaalaha isagoo diraya codsi HTTP ah.
Maamulka hagaha ayaa isku raacay in isbeddelada la sameeyay loo fasiri karo xaasidnimo, iyo xirmada lafteeda sidii isku day lagu horumarin lahaa badeecad kale oo hoos timaada mashruuca ugu weyn (sharaxaadda xirmada ayaa sheegtay in tani ay tahay nooc cusub oo mitmproxy ah, ma aha fargeeto). Ka dib markii laga saaray xirmada buug-yaraha, maalintii xigtay xirmo cusub, mitmproxy-iframe, ayaa lagu dhejiyay PyPI, sharraxaadda kaas oo sidoo kale si buuxda u dhigma xirmada rasmiga ah. Xirmada mitmproxy-iframe ayaa sidoo kale hadda laga saaray tusaha PyPI.
Source: opennet.ru