Esempio n. 1
0
        public static bool rootCertIsTrusted()
        {
            CertMaker.EnsureReady();
            bool flag;
            bool flag2;

            return(CertMaker.oCertProvider.rootCertIsTrusted(out flag, out flag2));
        }
Esempio n. 2
0
 public static void EnsureReady()
 {
     if (CertMaker.oCertProvider != null)
     {
         return;
     }
     CertMaker.oCertProvider = (CertMaker.LoadOverrideCertProvider() ?? new NewCertificateProvider());
 }
Esempio n. 3
0
        internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
        {
            X509Certificate2 x509Certificate;

            try
            {
                x509Certificate = CertMaker.FindCert(sHostname);
            }
            catch (Exception ex)
            {
                FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
                {
                    sHostname,
                    ex.Message
                });
                x509Certificate = null;
            }
            try
            {
                if (x509Certificate == null)
                {
                    FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
                    oHeaders.SetStatus(502, "Fiddler unable to generate certificate");
                }
                if (CONFIG.bDebugSpew)
                {
                    FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 32));
                }
                base.Send(oHeaders.ToByteArray(true, true));
                bool result;
                if (oHeaders.HTTPResponseCode != 200)
                {
                    FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
                    result = false;
                    return(result);
                }
                this._httpsStream = new SslStream(new NetworkStream(this._baseSocket, false), false);
                this._httpsStream.AuthenticateAsServer(x509Certificate, ClientPipe._bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
                result = true;
                return(result);
            }
            catch (Exception eX)
            {
                FiddlerApplication.Log.LogFormat("SecureClientPipe ({0} failed: {1}.", new object[]
                {
                    sHostname,
                    Utilities.DescribeException(eX)
                });
                try
                {
                    base.End();
                }
                catch (Exception)
                {
                }
            }
            return(false);
        }
Esempio n. 4
0
        public static bool rootCertIsMachineTrusted()
        {
            CertMaker.EnsureReady();
            bool flag;
            bool result;

            CertMaker.oCertProvider.rootCertIsTrusted(out flag, out result);
            return(result);
        }
Esempio n. 5
0
 public static bool removeFiddlerGeneratedCerts(bool bRemoveRoot)
 {
     CertMaker.EnsureReady();
     if (CertMaker.oCertProvider is ICertificateProvider2)
     {
         return((CertMaker.oCertProvider as ICertificateProvider2).ClearCertificateCache(bRemoveRoot));
     }
     return(CertMaker.oCertProvider.ClearCertificateCache());
 }
Esempio n. 6
0
        public static void StoreCert(string sHost, string sPFXFilename, string sPFXPassword)
        {
            X509Certificate2 oCert = new X509Certificate2(sPFXFilename, sPFXPassword);

            if (!CertMaker.StoreCert(sHost, oCert))
            {
                throw new InvalidOperationException("The current ICertificateProvider does not support storing custom certificates.");
            }
        }
Esempio n. 7
0
        internal static byte[] getRootCertBytes()
        {
            X509Certificate2 rootCertificate = CertMaker.GetRootCertificate();

            if (rootCertificate == null)
            {
                return(null);
            }
            return(rootCertificate.Export(X509ContentType.Cert));
        }
Esempio n. 8
0
        internal bool SecureClientPipe(string sHostname, HTTPResponseHeaders oHeaders)
        {
            X509Certificate2 certificate;

            try
            {
                certificate = CertMaker.FindCert(sHostname, true);
            }
            catch (Exception exception)
            {
                FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, exception.Message });
                certificate = null;
            }
            try
            {
                if (certificate == null)
                {
                    FiddlerApplication.DoNotifyUser("Unable to find Certificate for " + sHostname, "HTTPS Interception Failure");
                    oHeaders.HTTPResponseCode   = 0x1f6;
                    oHeaders.HTTPResponseStatus = "502 Fiddler unable to generate certificate";
                }
                if (CONFIG.bDebugSpew)
                {
                    FiddlerApplication.DebugSpew("SecureClientPipe for: " + this.ToString() + " sending data to client:\n" + Utilities.ByteArrayToHexView(oHeaders.ToByteArray(true, true), 0x20));
                }
                base.Send(oHeaders.ToByteArray(true, true));
                if (oHeaders.HTTPResponseCode != 200)
                {
                    FiddlerApplication.DebugSpew("SecureClientPipe returning FALSE because HTTPResponseCode != 200");
                    return(false);
                }
                base._httpsStream = new SslStream(new NetworkStream(base._baseSocket, false), false);
                base._httpsStream.AuthenticateAsServer(certificate, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);
                return(true);
            }
            catch (Exception exception2)
            {
                FiddlerApplication.Log.LogFormat("Secure client pipe failed: {0}{1}.", new object[] { exception2.Message, (exception2.InnerException == null) ? string.Empty : (" InnerException: " + exception2.InnerException.Message) });
                FiddlerApplication.DebugSpew("Secure client pipe failed: " + exception2.Message);
                try
                {
                    base.End();
                }
                catch (Exception)
                {
                }
            }
            return(false);
        }
Esempio n. 9
0
        public static bool rootCertExists()
        {
            bool result;

            try
            {
                X509Certificate2 rootCertificate = CertMaker.GetRootCertificate();
                result = (null != rootCertificate);
            }
            catch (Exception)
            {
                result = false;
            }
            return(result);
        }
Esempio n. 10
0
        public static bool StoreCert(string sHost, X509Certificate2 oCert)
        {
            CertMaker.EnsureReady();
            ICertificateProvider3 certificateProvider = CertMaker.oCertProvider as ICertificateProvider3;

            if (certificateProvider == null)
            {
                return(false);
            }
            if (!oCert.HasPrivateKey)
            {
                throw new ArgumentException("The provided certificate MUST have a private key.", "oCert");
            }
            return(certificateProvider.CacheCertificateForHost(sHost, oCert));
        }
Esempio n. 11
0
 internal bool ActAsHTTPSEndpointForHostname(string sHTTPSHostname)
 {
     try
     {
         if (string.IsNullOrEmpty(sHTTPSHostname))
         {
             throw new ArgumentException();
         }
         this._oHTTPSCertificate = CertMaker.FindCert(sHTTPSHostname, true);
         this._sHTTPSHostname    = this._oHTTPSCertificate.Subject;
         return(true);
     }
     catch (Exception)
     {
         this._oHTTPSCertificate = null;
         this._sHTTPSHostname    = null;
     }
     return(false);
 }
Esempio n. 12
0
        public static void DoDispose()
        {
            if (FiddlerApplication.isClosing && CertMaker.oCertProvider == null)
            {
                return;
            }
            CertMaker.EnsureReady();
            if (FiddlerApplication.Prefs.GetBoolPref("fiddler.CertMaker.CleanupServerCertsOnExit", false))
            {
                CertMaker.removeFiddlerGeneratedCerts(false);
            }
            IDisposable disposable = CertMaker.oCertProvider as IDisposable;

            if (disposable != null)
            {
                disposable.Dispose();
            }
            CertMaker.oCertProvider = null;
        }
Esempio n. 13
0
 internal static bool exportRootToDesktop()
 {
     try
     {
         byte[] rootCertBytes = CertMaker.getRootCertBytes();
         if (rootCertBytes != null)
         {
             File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory) + Path.DirectorySeparatorChar + "FiddlerRoot.cer", rootCertBytes);
             bool result = true;
             return(result);
         }
         FiddlerApplication.DoNotifyUser("The root certificate could not be located.", "Export Failed");
     }
     catch (Exception eX)
     {
         FiddlerApplication.ReportException(eX, "Certificate Export Failed");
         bool result = false;
         return(result);
     }
     return(false);
 }
Esempio n. 14
0
        private void DoTunnel()
        {
            try
            {
                this.bIsBlind = (!CONFIG.bMITM_HTTPS || this._mySession.oFlags.ContainsKey("x-no-decrypt"));
                if (!this.bIsBlind)
                {
                    this.bIsBlind = (CONFIG.oHLSkipDecryption != null && CONFIG.oHLSkipDecryption.ContainsHost(this._mySession.PathAndQuery));
                }
                if (!this.bIsBlind && CONFIG.DecryptWhichProcesses != ProcessFilterCategories.All)
                {
                    string text = this._mySession.oFlags["x-ProcessInfo"];
                    if (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.HideAll)
                    {
                        if (!string.IsNullOrEmpty(text))
                        {
                            this.bIsBlind = true;
                        }
                    }
                    else
                    {
                        if (!string.IsNullOrEmpty(text))
                        {
                            bool flag = Utilities.IsBrowserProcessName(text);
                            if ((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.Browsers && !flag) || (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.NonBrowsers && flag))
                            {
                                this.bIsBlind = true;
                            }
                        }
                    }
                }
                bool             flag2;
                string           text3;
                X509Certificate2 x509Certificate;
                while (true)
                {
                    this._mySession.SetBitFlag(SessionFlags.IsDecryptingTunnel, !this.bIsBlind);
                    this._mySession.SetBitFlag(SessionFlags.IsBlindTunnel, this.bIsBlind);
                    if (this.bIsBlind)
                    {
                        break;
                    }
                    flag2 = false;
                    if (!this._mySession.oFlags.ContainsKey("x-OverrideCertCN"))
                    {
                        if (CONFIG.bUseSNIForCN)
                        {
                            string text2 = this._mySession.oFlags["https-Client-SNIHostname"];
                            if (!string.IsNullOrEmpty(text2) && text2 != this._mySession.hostname)
                            {
                                this._mySession.oFlags["x-OverrideCertCN"] = this._mySession.oFlags["https-Client-SNIHostname"];
                            }
                        }
                        if (this._mySession.oFlags["x-OverrideCertCN"] == null && this._mySession.oFlags.ContainsKey("x-UseCertCNFromServer"))
                        {
                            if (!this.pipeTunnelRemote.SecureExistingConnection(this._mySession, this._mySession.hostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
                            {
                                goto IL_2F2;
                            }
                            flag2 = true;
                            string serverCertCN = this.pipeTunnelRemote.GetServerCertCN();
                            if (!string.IsNullOrEmpty(serverCertCN))
                            {
                                this._mySession.oFlags["x-OverrideCertCN"] = serverCertCN;
                            }
                        }
                    }
                    text3 = (this._mySession.oFlags["x-OverrideCertCN"] ?? this._mySession.hostname);
                    try
                    {
                        x509Certificate = CertMaker.FindCert(text3);
                        if (x509Certificate == null)
                        {
                            throw new Exception("Certificate Maker returned null when asked for a certificate for " + text3);
                        }
                        goto IL_2FD;
                    }
                    catch (Exception ex)
                    {
                        x509Certificate = null;
                        FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[]
                        {
                            text3,
                            ex.Message
                        });
                        this._mySession.oFlags["x-HTTPS-Decryption-Error"] = "Could not find or generate interception certificate.";
                        if (flag2 || !FiddlerApplication.Prefs.GetBoolPref("fiddler.network.https.blindtunnelifcertunobtainable", true))
                        {
                            goto IL_2FD;
                        }
                        this.bIsBlind = true;
                    }
                }
                this.DoBlindTunnel();
                return;

IL_2F2:
                throw new Exception("HTTPS Early-Handshaking to server did not succeed.");
IL_2FD:
                if (!this.pipeTunnelClient.SecureClientPipeDirect(x509Certificate))
                {
                    throw new Exception("HTTPS Handshaking to client did not succeed.");
                }
                this._mySession["https-Client-Version"] = this.pipeTunnelClient.SecureProtocol.ToString();
                if (!flag2 && !this.pipeTunnelRemote.SecureExistingConnection(this._mySession, text3, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
                {
                    throw new Exception("HTTPS Handshaking to server did not succeed.");
                }
                this._mySession.responseBodyBytes       = Encoding.UTF8.GetBytes("Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.\n\n" + this.pipeTunnelRemote.DescribeConnectionSecurity());
                this._mySession["https-Server-Cipher"]  = this.pipeTunnelRemote.GetConnectionCipherInfo();
                this._mySession["https-Server-Version"] = this.pipeTunnelRemote.SecureProtocol.ToString();
                Session session = new Session(this.pipeTunnelClient, this.pipeTunnelRemote);
                session.oFlags["x-serversocket"] = this._mySession.oFlags["x-securepipe"];
                if (this.pipeTunnelRemote != null && this.pipeTunnelRemote.Address != null)
                {
                    session.m_hostIP               = this.pipeTunnelRemote.Address.ToString();
                    session.oFlags["x-hostIP"]     = session.m_hostIP;
                    session.oFlags["x-EgressPort"] = this.pipeTunnelRemote.LocalPort.ToString();
                }
                session.Execute(null);
            }
            catch (Exception)
            {
                try
                {
                    this.pipeTunnelClient.End();
                    this.pipeTunnelRemote.End();
                }
                catch (Exception)
                {
                }
            }
        }
Esempio n. 15
0
 public static bool removeFiddlerGeneratedCerts()
 {
     return(CertMaker.removeFiddlerGeneratedCerts(true));
 }
Esempio n. 16
0
 public static bool trustRootCert()
 {
     CertMaker.EnsureReady();
     return(CertMaker.oCertProvider.TrustRootCertificate());
 }
Esempio n. 17
0
 public static bool createRootCert()
 {
     CertMaker.EnsureReady();
     return(CertMaker.oCertProvider.CreateRootCertificate());
 }
Esempio n. 18
0
 public static X509Certificate2 GetRootCertificate()
 {
     CertMaker.EnsureReady();
     return(CertMaker.oCertProvider.GetRootCertificate());
 }
Esempio n. 19
0
 public static X509Certificate2 FindCert(string sHostname)
 {
     CertMaker.EnsureReady();
     return(CertMaker.oCertProvider.GetCertificateForHost(sHostname));
 }