private void _ReturnSelfGeneratedCONNECTTunnel(string sHostname)
{
this.SetBitFlag(SessionFlags.IsDecryptingTunnel | SessionFlags.ResponseGeneratedByFiddler, true);
this.oResponse.headers = new HTTPResponseHeaders();
this.oResponse.headers.HTTPResponseCode = 200;
this.oResponse.headers.HTTPResponseStatus = "200 DecryptEndpoint Created";
this.oResponse.headers.Add("Timestamp", DateTime.Now.ToString("HH:mm:ss.fff"));
this.oResponse.headers.Add("FiddlerGateway", "AutoResponder");
this.oResponse.headers.Add("Connection", "close");
this.responseBodyBytes = Encoding.UTF8.GetBytes("This is a Fiddler-generated response to the client's request for a CONNECT tunnel.\n\n");
this.oFlags["ui-backcolor"] = "Lavender";
FiddlerApplication.DoBeforeResponse(this);
this.state = SessionStates.Done;
FiddlerApplication.DoAfterSessionComplete(this);
if (CONFIG.bUseSNIForCN && !this.oFlags.ContainsKey("x-OverrideCertCN"))
{
string str = this.oFlags["https-Client-SNIHostname"];
if (!string.IsNullOrEmpty(str) && (str != sHostname))
{
this.oFlags["x-OverrideCertCN"] = this.oFlags["https-Client-SNIHostname"];
}
}
string str2 = this.oFlags["x-OverrideCertCN"] ?? sHostname;
if ((this.oRequest.pipeClient == null) || !this.oRequest.pipeClient.SecureClientPipe(str2, this.oResponse.headers))
{
this.CloseSessionPipes(false);
}
else
{
Session session = new Session(this.oRequest.pipeClient, null);
this.oRequest.pipeClient = null;
session.oFlags["x-serversocket"] = "AUTO-RESPONDER-GENERATED";
session.Execute(null);
}
}
private void DoTunnel()
{
try
{
this.bIsBlind = !CONFIG.bMITM_HTTPS || this._mySession.oFlags.ContainsKey("x-no-decrypt");
if (!this.bIsBlind)
{
this.bIsBlind = (CONFIG.oHLSkipDecryption != null) && CONFIG.oHLSkipDecryption.ContainsHost(this._mySession.PathAndQuery);
}
if (!this.bIsBlind && (CONFIG.DecryptWhichProcesses != ProcessFilterCategories.All))
{
string str = this._mySession.oFlags["x-ProcessInfo"];
if (CONFIG.DecryptWhichProcesses == ProcessFilterCategories.HideAll)
{
if (!string.IsNullOrEmpty(str))
{
this.bIsBlind = true;
}
}
else if (!string.IsNullOrEmpty(str))
{
bool flag = Utilities.IsBrowserProcessName(str);
if (((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.Browsers) && !flag) || ((CONFIG.DecryptWhichProcesses == ProcessFilterCategories.NonBrowsers) && flag))
{
this.bIsBlind = true;
}
}
}
Label_00BC:
this._mySession.SetBitFlag(SessionFlags.IsDecryptingTunnel, !this.bIsBlind);
this._mySession.SetBitFlag(SessionFlags.IsBlindTunnel, this.bIsBlind);
if (this.bIsBlind)
{
this.DoBlindTunnel();
}
else
{
X509Certificate2 certificate;
bool flag2 = false;
if (!this._mySession.oFlags.ContainsKey("x-OverrideCertCN"))
{
if (CONFIG.bUseSNIForCN)
{
string str2 = this._mySession.oFlags["https-Client-SNIHostname"];
if (!string.IsNullOrEmpty(str2) && (str2 != this._mySession.hostname))
{
this._mySession.oFlags["x-OverrideCertCN"] = this._mySession.oFlags["https-Client-SNIHostname"];
}
}
if ((this._mySession.oFlags["x-OverrideCertCN"] == null) && this._mySession.oFlags.ContainsKey("x-UseCertCNFromServer"))
{
if (!this.pipeTunnelRemote.SecureExistingConnection(this._mySession, this._mySession.hostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
throw new Exception("HTTPS Early-Handshaking to server did not succeed.");
}
flag2 = true;
string serverCertCN = this.pipeTunnelRemote.GetServerCertCN();
if (!string.IsNullOrEmpty(serverCertCN))
{
this._mySession.oFlags["x-OverrideCertCN"] = serverCertCN;
}
}
}
string sHostname = this._mySession.oFlags["x-OverrideCertCN"] ?? this._mySession.hostname;
try
{
certificate = CertMaker.FindCert(sHostname);
if (certificate == null)
{
throw new Exception("Certificate Maker returned null when asked for a certificate for " + sHostname);
}
}
catch (Exception exception)
{
certificate = null;
FiddlerApplication.Log.LogFormat("fiddler.https> Failed to obtain certificate for {0} due to {1}", new object[] { sHostname, exception.Message });
this._mySession.oFlags["x-HTTPS-Decryption-Error"] = "Could not find or generate interception certificate.";
if (!flag2 && FiddlerApplication.Prefs.GetBoolPref("fiddler.network.https.blindtunnelifcertunobtainable", true))
{
this.bIsBlind = true;
goto Label_00BC;
}
}
if (!this.pipeTunnelClient.SecureClientPipeDirect(certificate))
{
throw new Exception("HTTPS Handshaking to client did not succeed.");
}
this._mySession["https-Client-Version"] = this.pipeTunnelClient.SecureProtocol.ToString();
if (!flag2 && !this.pipeTunnelRemote.SecureExistingConnection(this._mySession, sHostname, this._mySession.oFlags["https-Client-Certificate"], ref this._mySession.Timers.HTTPSHandshakeTime))
{
throw new Exception("HTTPS Handshaking to server did not succeed.");
}
this._mySession.responseBodyBytes = Encoding.UTF8.GetBytes("Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.\n\n" + this.pipeTunnelRemote.DescribeConnectionSecurity());
this._mySession["https-Server-Cipher"] = this.pipeTunnelRemote.GetConnectionCipherInfo();
this._mySession["https-Server-Version"] = this.pipeTunnelRemote.SecureProtocol.ToString();
Session session = new Session(this.pipeTunnelClient, this.pipeTunnelRemote);
session.oFlags["x-serversocket"] = this._mySession.oFlags["x-securepipe"];
if ((this.pipeTunnelRemote != null) && (this.pipeTunnelRemote.Address != null))
{
session.m_hostIP = this.pipeTunnelRemote.Address.ToString();
session.oFlags["x-hostIP"] = session.m_hostIP;
session.oFlags["x-EgressPort"] = this.pipeTunnelRemote.LocalPort.ToString();
}
session.Execute(null);
}
}
catch (Exception)
{
try
{
this.pipeTunnelClient.End();
this.pipeTunnelRemote.End();
}
catch (Exception)
{
}
}
}
internal static void CreateAndExecute(object oParams)
{
try
{
ProxyExecuteParams @params = (ProxyExecuteParams) oParams;
Socket oSocket = @params.oSocket;
ClientPipe clientPipe = new ClientPipe(oSocket, @params.dtConnectionAccepted);
Session oSession = new Session(clientPipe, null);
FiddlerApplication.DoAfterSocketAccept(oSession, oSocket);
if ((@params.oServerCert == null) || oSession.AcceptHTTPSRequest(@params.oServerCert))
{
oSession.Execute(null);
}
}
catch (Exception exception)
{
FiddlerApplication.ReportException(exception);
}
}
