internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders) { X509Certificate2 x509Certificate; try { x509Certificate = CertMaker.FindCert(sHostname); } catch (Exception ex) { FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, ex.Message }); x509Certificate = null; } try { if (x509Certificate == null) { FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure"); oHeaders.SetStatus(502, "Fiddler unable to generate certificate"); } if (CONFIG.bDebugSpew) { FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 32)); } base.Send(oHeaders.ToByteArray(true, true)); bool result; if (oHeaders.HTTPResponseCode != 200) { FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200"); result = false; return(result); } this._httpsStream = new SslStream(new NetworkStream(this._baseSocket, false), false); this._httpsStream.AuthenticateAsServer(x509Certificate, ClientPipe._bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false); result = true; return(result); } catch (Exception eX) { FiddlerApplication.Log.LogFormat("SecureClientPipe ({0} failed: {1}.", new object[] { sHostname, Utilities.DescribeException(eX) }); try { base.End(); } catch (Exception) { } } return(false); }
internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders) { X509Certificate2 certificate; try { certificate = CertMaker.FindCert(sHostname, true); } catch (Exception exception) { FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, exception.Message }); certificate = null; } try { if (certificate == null) { FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure"); oHeaders.HTTPResponseCode = 0x1f6; oHeaders.HTTPResponseStatus = "502 Fiddler unable to generate certificate"; } if (CONFIG.bDebugSpew) { FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 0x20)); } base.Send(oHeaders.ToByteArray(true, true)); if (oHeaders.HTTPResponseCode != 200) { FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200"); return(false); } base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false); base._httpsStream.AuthenticateAsServer(certificate, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false); return(true); } catch (Exception exception2) { FiddlerApplication.Log.LogFormat("Secure client pipe failed: {0}{1}.", new object[] { exception2.Message, (exception2.InnerException == null) ? string.Empty : (" InnerException: " + exception2.InnerException.Message) }); FiddlerApplication.DebugSpew("Secure client pipe failed: " + exception2.Message); try { base.End(); } catch (Exception) { } } return(false); }
internal bool ActAsHTTPSEndpointForHostname(string sHTTPSHostname) { try { if (string.IsNullOrEmpty(sHTTPSHostname)) { throw new ArgumentException(); } this._oHTTPSCertificate = CertMaker.FindCert(sHTTPSHostname, true); this._sHTTPSHostname = this._oHTTPSCertificate.Subject; return(true); } catch (Exception) { this._oHTTPSCertificate = null; this._sHTTPSHostname = null; } return(false); }
private void DoTunnel() { try { this.bIsBlind = (!CONFIG.bMITM_HTTPS || this._mySession.oFlags.ContainsKey("x-no-decrypt")); if (!this.bIsBlind) { this.bIsBlind = (CONFIG.oHLSkipDecryption != null && CONFIG.oHLSkipDecryption.ContainsHost(this._mySession.PathAndQuery)); } if (!this.bIsBlind && CONFIG.DecryptWhichProcesses != ProcessFilterCategories.All) { string text = this._mySession.oFlags["x-ProcessInfo"]; if (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.HideAll) { if (!string.IsNullOrEmpty(text)) { this.bIsBlind = true; } } else { if (!string.IsNullOrEmpty(text)) { bool flag = Utilities.IsBrowserProcessName(text); if ((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.Browsers && !flag) || (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.NonBrowsers && flag)) { this.bIsBlind = true; } } } } bool flag2; string text3; X509Certificate2 x509Certificate; while (true) { this._mySession.SetBitFlag(SessionFlags.IsDecryptingTunnel, !this.bIsBlind); this._mySession.SetBitFlag(SessionFlags.IsBlindTunnel, this.bIsBlind); if (this.bIsBlind) { break; } flag2 = false; if (!this._mySession.oFlags.ContainsKey("x-OverrideCertCN")) { if (CONFIG.bUseSNIForCN) { string text2 = this._mySession.oFlags["https-Client-SNIHostname"]; if (!string.IsNullOrEmpty(text2) && text2 != this._mySession.hostname) { this._mySession.oFlags["x-OverrideCertCN"] = this._mySession.oFlags["https-Client-SNIHostname"]; } } if (this._mySession.oFlags["x-OverrideCertCN"] == null && this._mySession.oFlags.ContainsKey("x-UseCertCNFromServer")) { if (!this.pipeTunnelRemote.SecureExistingConnection(this._mySession, this._mySession.hostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime)) { goto IL_2F2; } flag2 = true; string serverCertCN = this.pipeTunnelRemote.GetServerCertCN(); if (!string.IsNullOrEmpty(serverCertCN)) { this._mySession.oFlags["x-OverrideCertCN"] = serverCertCN; } } } text3 = (this._mySession.oFlags["x-OverrideCertCN"] ?? this._mySession.hostname); try { x509Certificate = CertMaker.FindCert(text3); if (x509Certificate == null) { throw new Exception("Certificate Maker returned null when asked for a certificate for " + text3); } goto IL_2FD; } catch (Exception ex) { x509Certificate = null; FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { text3, ex.Message }); this._mySession.oFlags["x-HTTPS-Decryption-Error"] = "Could not find or generate interception certificate."; if (flag2 || !FiddlerApplication.Prefs.GetBoolPref("fiddler.network.https.blindtunnelifcertunobtainable", true)) { goto IL_2FD; } this.bIsBlind = true; } } this.DoBlindTunnel(); return; IL_2F2: throw new Exception("HTTPS Early-Handshaking to server did not succeed."); IL_2FD: if (!this.pipeTunnelClient.SecureClientPipeDirect(x509Certificate)) { throw new Exception("HTTPS Handshaking to client did not succeed."); } this._mySession["https-Client-Version"] = this.pipeTunnelClient.SecureProtocol.ToString(); if (!flag2 && !this.pipeTunnelRemote.SecureExistingConnection(this._mySession, text3, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime)) { throw new Exception("HTTPS Handshaking to server did not succeed."); } this._mySession.responseBodyBytes = Encoding.UTF8.GetBytes("Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.\n\n" + this.pipeTunnelRemote.DescribeConnectionSecurity()); this._mySession["https-Server-Cipher"] = this.pipeTunnelRemote.GetConnectionCipherInfo(); this._mySession["https-Server-Version"] = this.pipeTunnelRemote.SecureProtocol.ToString(); Session session = new Session(this.pipeTunnelClient, this.pipeTunnelRemote); session.oFlags["x-serversocket"] = this._mySession.oFlags["x-securepipe"]; if (this.pipeTunnelRemote != null && this.pipeTunnelRemote.Address != null) { session.m_hostIP = this.pipeTunnelRemote.Address.ToString(); session.oFlags["x-hostIP"] = session.m_hostIP; session.oFlags["x-EgressPort"] = this.pipeTunnelRemote.LocalPort.ToString(); } session.Execute(null); } catch (Exception) { try { this.pipeTunnelClient.End(); this.pipeTunnelRemote.End(); } catch (Exception) { } } }