trixy.encryption

The Trixy encryption module holds inputs and outputs that have support for encryption that applications might expect. For example, the trixy.encryption.TrixySSLInput can be used to trick a browser into thinking it is creating an encrypted connection, but the connection can then be re-routed through an unencrypted trixy.TrixyOutput for easier monitoring.

class trixy.encryption.TrixySSLInput(sock, addr, **kwargs)[source]

Acts like a normal TrixyInput, but uses Python’s ssl.wrap_socket() code to speak the SSL protocol back to applications that expect it.

class trixy.encryption.TrixySSLOutput(host, port, autoconnect=True, **kwargs)[source]

Acts like a normal TriyOutput, but uses Python’s ssl.wrap_socket() code to speak the SSL protocol to servers that expect it.

By default this class allows for SSL2 and SSL3 connections in addition to TLS. If you want to specify different settings, you can pass your own context to setup_socket().

assume_connected(host, port, sock, context=None, **kwargs)[source]

Assume a connection that is already in progress and encrypt the traffic with a default or provded SSL context.

Parameters:
  • host (str) – The hostname the output should connect to.
  • port (int) – The port this output should connect to.
  • sock (socket.socket) – The connected socket object.
  • context (ssl.SSLContext) – this optional parameter allows for custom security settings such as certificate verification and alternate SSL/TLS versions support.
  • **kwargs

    Anything else that should be passed to the SSLContext’s wrap_socket method.
setup_socket(host, port, autoconnect, context=None, **kwargs)[source]
Parameters:
  • host (str) – The hostname the output should connect to.
  • port (int) – The port this output should connect to.
  • autoconnect (bool) – Should the connection be established when the __init__ method is called?
  • context (ssl.SSLContext) – this optional parameter allows for custom security settings such as certificate verification and alternate SSL/TLS versions support.
  • **kwargs

    Anything else that should be passed to the SSLContext’s wrap_socket method.
class trixy.encryption.TrixyTLSOutput(host, port, autoconnect=True)[source]

Acts identical to a TrixySSLOutput, but defaults to only accepting TLS for security reasons. This makes it slightly easier to prevent downgrade attacks, especially when doing hasty testing rather than full development.