Make ConsoleAddon.edit_focus() extensible by addons #7195
Description
Problem Description
I implemented a custom pretty printer and edit mode for SAMLRequest and SAMLResponse parameters. This generally went well, I implemented a contentviews.View (extending ViewXmlHtml). I also implemented an editor for editing SAML XML that will re-encode the data after editing:
https://github.com/bburky/mitmproxy-addons/blob/main/saml.py
Ideally I could have integrated my editor into the existing flow editor list in mitmproxy, but ConsoleAddon.edit_focus() isn't extensible:
https://github.com/mitmproxy/mitmproxy/blob/v10.4.2/mitmproxy/tools/console/consoleaddons.py#L414
Instead I registered a command, which works well enough, but I had to do hacky things:
- I wanted to auto register a keyboard shortcut for the addon, I did this with
ConsoleMaster.keymap.add(), but that feels like a hack.- Do you want to support addons providing built in shortcuts, or should they tell the user to edit
keys.yaml?
- Do you want to support addons providing built in shortcuts, or should they tell the user to edit
- To launch the user's editor I had to call
ConsoleMaster.spawn_editor(). This isn't really part of the documented API of mitmproxy. Themasterobject is accessible vialoader.masterinload(), but this still seems very hacky.- Is there a better way to do this?
- If I know in
render_priority()that I can't handle a request, is there a way to indicate that?
Proposal
Make ConsoleAddon.edit_focus() extensible by addons
Provide a documented API for ConsoleMaster.spawn_editor() (and possibly support it in mitmweb too).
Maybe provide a way for addons to register keyboard shortcuts? (Relatedly, would also be nice to register commands in mitmweb that become GUI buttons. Possibly could share an API.)
Maybe suppress the View entirely if render_priority() returns a negative number?
Additional context
This is just some feedback and questions while I wrote this addon. It generally actually worked quite well, and as long as I was ok with reaching into the ConsoleMaster object, I was able to even work around the issues.
Let me know if you want any of the above questions broken out into separate issues.
I'm pretty happy with how I was able to re-implement most of the features I cared about from https://github.com/simplesamlphp/SAML-tracer in <200 lines of Python. This code is lightly tested, but I could contribute it in a PR if you'd like. I used this to exploit a misconfigured IdP that wasn't validating SAML signatures.