The author of, a tool for analyzing HTTP / HTTPS traffic, to the appearance of a fork of his project in the Python Package Index (PyPI) directory. The fork was distributed under the similar name mitmproxy2 and the non-existent version 8.0.1 (current release of mitmproxy 7.0.4) with the expectation that inattentive users will perceive the package as a new version of the main project ( typesquatting ) and wish to try the new version.
In terms of its composition, mitmproxy2 was similar to mitmproxy, with the exception ofin the implementation of malicious functionality. The changes were reduced to the termination of setting the HTTP header ” “, which prohibits the processing of content inside the iframe, disabling protection against XSRF attacks and setting the headers ” “, ” “and” “.
These changes removed the restrictions on access to the HTTP API used to control mitmproxy via the Web interface, which allowed any attacker located on the same local network to organize the execution of their code on the user’s system by sending an HTTP request.
The directory administration agreed that the changes made can be interpreted as malicious, and the package itself as an attempt to promote another product under the guise of the main project (the package description stated that this is a new version of mitmproxy, not a fork). After removing the package from the directory the next day, a new packagewas posted to PyPI , the which also completely coincided with the . The mitmproxy-iframe package has now been removed from the PyPI directory as well.