internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
{
X509Certificate2 x509Certificate;
try
{
x509Certificate = CertMaker.FindCert(sHostname);
}
catch (Exception ex)
{
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
{
sHostname,
ex.Message
});
x509Certificate = null;
}
try
{
if (x509Certificate == null)
{
FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
oHeaders.SetStatus(502, "Fiddler unable to generate certificate");
}
if (CONFIG.bDebugSpew)
{
FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 32));
}
base.Send(oHeaders.ToByteArray(true, true));
bool result;
if (oHeaders.HTTPResponseCode != 200)
{
FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
result = false;
return(result);
}
this._httpsStream = new SslStream(new NetworkStream(this._baseSocket, false), false);
this._httpsStream.AuthenticateAsServer(x509Certificate, ClientPipe._bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
result = true;
return(result);
}
catch (Exception eX)
{
FiddlerApplication.Log.LogFormat("SecureClientPipe ({0} failed: {1}.", new object[]
{
sHostname,
Utilities.DescribeException(eX)
});
try
{
base.End();
}
catch (Exception)
{
}
}
return(false);
}
internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
{
X509Certificate2 certificate;
try
{
certificate = CertMaker.FindCert(sHostname, true);
}
catch (Exception exception)
{
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, exception.Message });
certificate = null;
}
try
{
if (certificate == null)
{
FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
oHeaders.HTTPResponseCode = 0x1f6;
oHeaders.HTTPResponseStatus = "502 Fiddler unable to generate certificate";
}
if (CONFIG.bDebugSpew)
{
FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 0x20));
}
base.Send(oHeaders.ToByteArray(true, true));
if (oHeaders.HTTPResponseCode != 200)
{
FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
return(false);
}
base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false);
base._httpsStream.AuthenticateAsServer(certificate, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
return(true);
}
catch (Exception exception2)
{
FiddlerApplication.Log.LogFormat("Secure client pipe failed: {0}{1}.", new object[] { exception2.Message, (exception2.InnerException == null) ? string.Empty : (" InnerException: " + exception2.InnerException.Message) });
FiddlerApplication.DebugSpew("Secure client pipe failed: " + exception2.Message);
try
{
base.End();
}
catch (Exception)
{
}
}
return(false);
}
internal bool ActAsHTTPSEndpointForHostname(string sHTTPSHostname)
{
try
{
if (string.IsNullOrEmpty(sHTTPSHostname))
{
throw new ArgumentException();
}
this._oHTTPSCertificate = CertMaker.FindCert(sHTTPSHostname, true);
this._sHTTPSHostname = this._oHTTPSCertificate.Subject;
return(true);
}
catch (Exception)
{
this._oHTTPSCertificate = null;
this._sHTTPSHostname = null;
}
return(false);
}
private void DoTunnel()
{
try
{
this.bIsBlind = (!CONFIG.bMITM_HTTPS || this._mySession.oFlags.ContainsKey("x-no-decrypt"));
if (!this.bIsBlind)
{
this.bIsBlind = (CONFIG.oHLSkipDecryption != null && CONFIG.oHLSkipDecryption.ContainsHost(this._mySession.PathAndQuery));
}
if (!this.bIsBlind && CONFIG.DecryptWhichProcesses != ProcessFilterCategories.All)
{
string text = this._mySession.oFlags["x-ProcessInfo"];
if (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.HideAll)
{
if (!string.IsNullOrEmpty(text))
{
this.bIsBlind = true;
}
}
else
{
if (!string.IsNullOrEmpty(text))
{
bool flag = Utilities.IsBrowserProcessName(text);
if ((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.Browsers && !flag) || (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.NonBrowsers && flag))
{
this.bIsBlind = true;
}
}
}
}
bool flag2;
string text3;
X509Certificate2 x509Certificate;
while (true)
{
this._mySession.SetBitFlag(SessionFlags.IsDecryptingTunnel, !this.bIsBlind);
this._mySession.SetBitFlag(SessionFlags.IsBlindTunnel, this.bIsBlind);
if (this.bIsBlind)
{
break;
}
flag2 = false;
if (!this._mySession.oFlags.ContainsKey("x-OverrideCertCN"))
{
if (CONFIG.bUseSNIForCN)
{
string text2 = this._mySession.oFlags["https-Client-SNIHostname"];
if (!string.IsNullOrEmpty(text2) && text2 != this._mySession.hostname)
{
this._mySession.oFlags["x-OverrideCertCN"] = this._mySession.oFlags["https-Client-SNIHostname"];
}
}
if (this._mySession.oFlags["x-OverrideCertCN"] == null && this._mySession.oFlags.ContainsKey("x-UseCertCNFromServer"))
{
if (!this.pipeTunnelRemote.SecureExistingConnection(this._mySession, this._mySession.hostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
goto IL_2F2;
}
flag2 = true;
string serverCertCN = this.pipeTunnelRemote.GetServerCertCN();
if (!string.IsNullOrEmpty(serverCertCN))
{
this._mySession.oFlags["x-OverrideCertCN"] = serverCertCN;
}
}
}
text3 = (this._mySession.oFlags["x-OverrideCertCN"] ?? this._mySession.hostname);
try
{
x509Certificate = CertMaker.FindCert(text3);
if (x509Certificate == null)
{
throw new Exception("Certificate Maker returned null when asked for a certificate for " + text3);
}
goto IL_2FD;
}
catch (Exception ex)
{
x509Certificate = null;
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
{
text3,
ex.Message
});
this._mySession.oFlags["x-HTTPS-Decryption-Error"] = "Could not find or generate interception certificate.";
if (flag2 || !FiddlerApplication.Prefs.GetBoolPref("fiddler.network.https.blindtunnelifcertunobtainable", true))
{
goto IL_2FD;
}
this.bIsBlind = true;
}
}
this.DoBlindTunnel();
return;
IL_2F2:
throw new Exception("HTTPS Early-Handshaking to server did not succeed.");
IL_2FD:
if (!this.pipeTunnelClient.SecureClientPipeDirect(x509Certificate))
{
throw new Exception("HTTPS Handshaking to client did not succeed.");
}
this._mySession["https-Client-Version"] = this.pipeTunnelClient.SecureProtocol.ToString();
if (!flag2 && !this.pipeTunnelRemote.SecureExistingConnection(this._mySession, text3, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
throw new Exception("HTTPS Handshaking to server did not succeed.");
}
this._mySession.responseBodyBytes = Encoding.UTF8.GetBytes("Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.\n\n" + this.pipeTunnelRemote.DescribeConnectionSecurity());
this._mySession["https-Server-Cipher"] = this.pipeTunnelRemote.GetConnectionCipherInfo();
this._mySession["https-Server-Version"] = this.pipeTunnelRemote.SecureProtocol.ToString();
Session session = new Session(this.pipeTunnelClient, this.pipeTunnelRemote);
session.oFlags["x-serversocket"] = this._mySession.oFlags["x-securepipe"];
if (this.pipeTunnelRemote != null && this.pipeTunnelRemote.Address != null)
{
session.m_hostIP = this.pipeTunnelRemote.Address.ToString();
session.oFlags["x-hostIP"] = session.m_hostIP;
session.oFlags["x-EgressPort"] = this.pipeTunnelRemote.LocalPort.ToString();
}
session.Execute(null);
}
catch (Exception)
{
try
{
this.pipeTunnelClient.End();
this.pipeTunnelRemote.End();
}
catch (Exception)
{
}
}
}