public static bool rootCertIsTrusted()
{
CertMaker.EnsureReady();
bool flag;
bool flag2;
return(CertMaker.oCertProvider.rootCertIsTrusted(out flag, out flag2));
}
public static void EnsureReady()
{
if (CertMaker.oCertProvider != null)
{
return;
}
CertMaker.oCertProvider = (CertMaker.LoadOverrideCertProvider() ?? new NewCertificateProvider());
}
internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
{
X509Certificate2 x509Certificate;
try
{
x509Certificate = CertMaker.FindCert(sHostname);
}
catch (Exception ex)
{
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
{
sHostname,
ex.Message
});
x509Certificate = null;
}
try
{
if (x509Certificate == null)
{
FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
oHeaders.SetStatus(502, "Fiddler unable to generate certificate");
}
if (CONFIG.bDebugSpew)
{
FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 32));
}
base.Send(oHeaders.ToByteArray(true, true));
bool result;
if (oHeaders.HTTPResponseCode != 200)
{
FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
result = false;
return(result);
}
this._httpsStream = new SslStream(new NetworkStream(this._baseSocket, false), false);
this._httpsStream.AuthenticateAsServer(x509Certificate, ClientPipe._bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
result = true;
return(result);
}
catch (Exception eX)
{
FiddlerApplication.Log.LogFormat("SecureClientPipe ({0} failed: {1}.", new object[]
{
sHostname,
Utilities.DescribeException(eX)
});
try
{
base.End();
}
catch (Exception)
{
}
}
return(false);
}
public static bool rootCertIsMachineTrusted()
{
CertMaker.EnsureReady();
bool flag;
bool result;
CertMaker.oCertProvider.rootCertIsTrusted(out flag, out result);
return(result);
}
public static bool removeFiddlerGeneratedCerts(bool bRemoveRoot)
{
CertMaker.EnsureReady();
if (CertMaker.oCertProvider is ICertificateProvider2)
{
return((CertMaker.oCertProvider as ICertificateProvider2).ClearCertificateCache(bRemoveRoot));
}
return(CertMaker.oCertProvider.ClearCertificateCache());
}
public static void StoreCert(string sHost, string sPFXFilename, string sPFXPassword)
{
X509Certificate2 oCert = new X509Certificate2(sPFXFilename, sPFXPassword);
if (!CertMaker.StoreCert(sHost, oCert))
{
throw new InvalidOperationException("The current ICertificateProvider does not support storing custom certificates.");
}
}
internal static byte[] getRootCertBytes()
{
X509Certificate2 rootCertificate = CertMaker.GetRootCertificate();
if (rootCertificate == null)
{
return(null);
}
return(rootCertificate.Export(X509ContentType.Cert));
}
internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
{
X509Certificate2 certificate;
try
{
certificate = CertMaker.FindCert(sHostname, true);
}
catch (Exception exception)
{
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, exception.Message });
certificate = null;
}
try
{
if (certificate == null)
{
FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
oHeaders.HTTPResponseCode = 0x1f6;
oHeaders.HTTPResponseStatus = "502 Fiddler unable to generate certificate";
}
if (CONFIG.bDebugSpew)
{
FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 0x20));
}
base.Send(oHeaders.ToByteArray(true, true));
if (oHeaders.HTTPResponseCode != 200)
{
FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
return(false);
}
base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false);
base._httpsStream.AuthenticateAsServer(certificate, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
return(true);
}
catch (Exception exception2)
{
FiddlerApplication.Log.LogFormat("Secure client pipe failed: {0}{1}.", new object[] { exception2.Message, (exception2.InnerException == null) ? string.Empty : (" InnerException: " + exception2.InnerException.Message) });
FiddlerApplication.DebugSpew("Secure client pipe failed: " + exception2.Message);
try
{
base.End();
}
catch (Exception)
{
}
}
return(false);
}
public static bool rootCertExists()
{
bool result;
try
{
X509Certificate2 rootCertificate = CertMaker.GetRootCertificate();
result = (null != rootCertificate);
}
catch (Exception)
{
result = false;
}
return(result);
}
public static bool StoreCert(string sHost, X509Certificate2 oCert)
{
CertMaker.EnsureReady();
ICertificateProvider3 certificateProvider = CertMaker.oCertProvider as ICertificateProvider3;
if (certificateProvider == null)
{
return(false);
}
if (!oCert.HasPrivateKey)
{
throw new ArgumentException("The provided certificate MUST have a private key.", "oCert");
}
return(certificateProvider.CacheCertificateForHost(sHost, oCert));
}
internal bool ActAsHTTPSEndpointForHostname(string sHTTPSHostname)
{
try
{
if (string.IsNullOrEmpty(sHTTPSHostname))
{
throw new ArgumentException();
}
this._oHTTPSCertificate = CertMaker.FindCert(sHTTPSHostname, true);
this._sHTTPSHostname = this._oHTTPSCertificate.Subject;
return(true);
}
catch (Exception)
{
this._oHTTPSCertificate = null;
this._sHTTPSHostname = null;
}
return(false);
}
public static void DoDispose()
{
if (FiddlerApplication.isClosing && CertMaker.oCertProvider == null)
{
return;
}
CertMaker.EnsureReady();
if (FiddlerApplication.Prefs.GetBoolPref("fiddler.CertMaker.CleanupServerCertsOnExit", false))
{
CertMaker.removeFiddlerGeneratedCerts(false);
}
IDisposable disposable = CertMaker.oCertProvider as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
CertMaker.oCertProvider = null;
}
internal static bool exportRootToDesktop()
{
try
{
byte[] rootCertBytes = CertMaker.getRootCertBytes();
if (rootCertBytes != null)
{
File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory) + Path.DirectorySeparatorChar + "FiddlerRoot.cer", rootCertBytes);
bool result = true;
return(result);
}
FiddlerApplication.DoNotifyUser("The root certificate could not be located.", "Export Failed");
}
catch (Exception eX)
{
FiddlerApplication.ReportException(eX, "Certificate Export Failed");
bool result = false;
return(result);
}
return(false);
}
private void DoTunnel()
{
try
{
this.bIsBlind = (!CONFIG.bMITM_HTTPS || this._mySession.oFlags.ContainsKey("x-no-decrypt"));
if (!this.bIsBlind)
{
this.bIsBlind = (CONFIG.oHLSkipDecryption != null && CONFIG.oHLSkipDecryption.ContainsHost(this._mySession.PathAndQuery));
}
if (!this.bIsBlind && CONFIG.DecryptWhichProcesses != ProcessFilterCategories.All)
{
string text = this._mySession.oFlags["x-ProcessInfo"];
if (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.HideAll)
{
if (!string.IsNullOrEmpty(text))
{
this.bIsBlind = true;
}
}
else
{
if (!string.IsNullOrEmpty(text))
{
bool flag = Utilities.IsBrowserProcessName(text);
if ((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.Browsers && !flag) || (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.NonBrowsers && flag))
{
this.bIsBlind = true;
}
}
}
}
bool flag2;
string text3;
X509Certificate2 x509Certificate;
while (true)
{
this._mySession.SetBitFlag(SessionFlags.IsDecryptingTunnel, !this.bIsBlind);
this._mySession.SetBitFlag(SessionFlags.IsBlindTunnel, this.bIsBlind);
if (this.bIsBlind)
{
break;
}
flag2 = false;
if (!this._mySession.oFlags.ContainsKey("x-OverrideCertCN"))
{
if (CONFIG.bUseSNIForCN)
{
string text2 = this._mySession.oFlags["https-Client-SNIHostname"];
if (!string.IsNullOrEmpty(text2) && text2 != this._mySession.hostname)
{
this._mySession.oFlags["x-OverrideCertCN"] = this._mySession.oFlags["https-Client-SNIHostname"];
}
}
if (this._mySession.oFlags["x-OverrideCertCN"] == null && this._mySession.oFlags.ContainsKey("x-UseCertCNFromServer"))
{
if (!this.pipeTunnelRemote.SecureExistingConnection(this._mySession, this._mySession.hostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
goto IL_2F2;
}
flag2 = true;
string serverCertCN = this.pipeTunnelRemote.GetServerCertCN();
if (!string.IsNullOrEmpty(serverCertCN))
{
this._mySession.oFlags["x-OverrideCertCN"] = serverCertCN;
}
}
}
text3 = (this._mySession.oFlags["x-OverrideCertCN"] ?? this._mySession.hostname);
try
{
x509Certificate = CertMaker.FindCert(text3);
if (x509Certificate == null)
{
throw new Exception("Certificate Maker returned null when asked for a certificate for " + text3);
}
goto IL_2FD;
}
catch (Exception ex)
{
x509Certificate = null;
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
{
text3,
ex.Message
});
this._mySession.oFlags["x-HTTPS-Decryption-Error"] = "Could not find or generate interception certificate.";
if (flag2 || !FiddlerApplication.Prefs.GetBoolPref("fiddler.network.https.blindtunnelifcertunobtainable", true))
{
goto IL_2FD;
}
this.bIsBlind = true;
}
}
this.DoBlindTunnel();
return;
IL_2F2:
throw new Exception("HTTPS Early-Handshaking to server did not succeed.");
IL_2FD:
if (!this.pipeTunnelClient.SecureClientPipeDirect(x509Certificate))
{
throw new Exception("HTTPS Handshaking to client did not succeed.");
}
this._mySession["https-Client-Version"] = this.pipeTunnelClient.SecureProtocol.ToString();
if (!flag2 && !this.pipeTunnelRemote.SecureExistingConnection(this._mySession, text3, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
throw new Exception("HTTPS Handshaking to server did not succeed.");
}
this._mySession.responseBodyBytes = Encoding.UTF8.GetBytes("Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.\n\n" + this.pipeTunnelRemote.DescribeConnectionSecurity());
this._mySession["https-Server-Cipher"] = this.pipeTunnelRemote.GetConnectionCipherInfo();
this._mySession["https-Server-Version"] = this.pipeTunnelRemote.SecureProtocol.ToString();
Session session = new Session(this.pipeTunnelClient, this.pipeTunnelRemote);
session.oFlags["x-serversocket"] = this._mySession.oFlags["x-securepipe"];
if (this.pipeTunnelRemote != null && this.pipeTunnelRemote.Address != null)
{
session.m_hostIP = this.pipeTunnelRemote.Address.ToString();
session.oFlags["x-hostIP"] = session.m_hostIP;
session.oFlags["x-EgressPort"] = this.pipeTunnelRemote.LocalPort.ToString();
}
session.Execute(null);
}
catch (Exception)
{
try
{
this.pipeTunnelClient.End();
this.pipeTunnelRemote.End();
}
catch (Exception)
{
}
}
}
public static bool removeFiddlerGeneratedCerts()
{
return(CertMaker.removeFiddlerGeneratedCerts(true));
}
public static bool trustRootCert()
{
CertMaker.EnsureReady();
return(CertMaker.oCertProvider.TrustRootCertificate());
}
public static bool createRootCert()
{
CertMaker.EnsureReady();
return(CertMaker.oCertProvider.CreateRootCertificate());
}
public static X509Certificate2 GetRootCertificate()
{
CertMaker.EnsureReady();
return(CertMaker.oCertProvider.GetRootCertificate());
}
public static X509Certificate2 FindCert(string sHostname)
{
CertMaker.EnsureReady();
return(CertMaker.oCertProvider.GetCertificateForHost(sHostname));
}
