private void TamperRequest(IRequest request, Session fiddlerSession, TamperingContext tamperingContext)
{
LogFormat("Tampering request: {0}", fiddlerSession.url);
var fullUrl = fiddlerSession.fullUrl;
var host = fiddlerSession.host;
if (!string.IsNullOrEmpty(tamperingContext.ServerTcpAddressWithPort))
{
fiddlerSession["X-OverrideHost"] = tamperingContext.ServerTcpAddressWithPort;
LogFormat("IP changed to {0}", tamperingContext.ServerTcpAddressWithPort);
}
if (!string.IsNullOrEmpty(tamperingContext.HostHeader))
{
fullUrl = request.Protocol + "://" + tamperingContext.HostHeader + fiddlerSession.PathAndQuery;
host = tamperingContext.HostHeader;
LogFormat("HostName changed to {0}", host);
}
if (!string.IsNullOrEmpty(tamperingContext.PathAndQuery))
{
fullUrl = request.Protocol + "://" + host + tamperingContext.PathAndQuery;
}
if (!string.IsNullOrEmpty(tamperingContext.Protocol) && !string.Equals(
tamperingContext.Protocol, request.Protocol, StringComparison.OrdinalIgnoreCase))
{
fullUrl = fullUrl.Replace(request.Protocol + "://", tamperingContext.Protocol + "://");
}
fiddlerSession.fullUrl = fullUrl;
fiddlerSession.bypassGateway = true;
LogFormat("Url set to {0}", fullUrl);
}
private void TestNoTampering()
{
var tamperingContext = new TamperingContext();
var req = CreateRequestDescriptorFromUri(new Uri(
"http://wwww.test.com/prefix/sample-request/12345?test=testval"));
tamperingRules.ApplyMatchingTamperingRules(req, tamperingContext);
Assert.Null(tamperingContext.ServerTcpAddressWithPort);
Assert.Null(tamperingContext.HostHeader);
Assert.Null(tamperingContext.PathAndQuery);
}
private void TestPathQueryAdvancedTampering()
{
var req = CreateRequestDescriptorFromUri(new Uri(
"http://wwww.test.com/prefix/advert/12345?test=testval"));
var tamperingContext = new TamperingContext();
tamperingRules.ApplyMatchingTamperingRules(req, tamperingContext);
Assert.Null(tamperingContext.ServerTcpAddressWithPort);
Assert.Null(tamperingContext.HostHeader);
Assert.Equal("/prefix/advert?id=12345&test=testval", tamperingContext.PathAndQuery, StringComparer.Ordinal);
}
private void TestHostHeaderAndPathQueryTampering()
{
var req = CreateRequestDescriptorFromUri(new Uri(
"http://wwww.test.com/sample-request?test=testval&test2=testval2"));
var tamperingContext = new TamperingContext();
tamperingRules.ApplyMatchingTamperingRules(req, tamperingContext);
Assert.Null(tamperingContext.ServerTcpAddressWithPort);
Assert.Equal(tamperingContext.HostHeader, "www.test2.com", StringComparer.Ordinal);
Assert.Equal("/small?test=testval&test2=testval2", tamperingContext.PathAndQuery, StringComparer.Ordinal);
}
private void ApplyHttpsRedirection(IRequest request, TamperingContext tamperParams)
{
var localPort = settings.FindLocalPortForHttpsRedirection(request.Port);
if (localPort > 0)
{
Log(string.Format("Redirecting local https to http :{0}->:{1}.", request.Port, localPort));
request.SetHeader("X-OriginalBaseUri", string.Format("https://{0}", request.Host));
tamperParams.ServerTcpAddressWithPort = string.Format("localhost:{0}", localPort);
tamperParams.Protocol = "http";
}
}
private void Test2StepHostRedirect()
{
var req = CreateRequestDescriptorFromUri(new Uri("http://www.test.com/newver?withpar1=v1&withpar2=v2"));
var tamperingContext = new TamperingContext();
tamperingRules.ApplyMatchingTamperingRules(req, tamperingContext);
serverRedirectionRules.ApplyMatchingTamperingRules(req, tamperingContext, selectedServer);
Assert.True(tamperingContext.ShouldTamperRequest);
Assert.Equal("http", tamperingContext.Protocol);
Assert.Equal("srv1.test.com:80", tamperingContext.ServerTcpAddressWithPort);
Assert.Equal("www.test-newver.com", tamperingContext.HostHeader);
}
private void TestIpHttpsRedirect()
{
var req = CreateRequestDescriptorFromUri(new Uri("https://www.testip.com/testurl?withpar1=v1&withpar2=v2"));
var tamperingContext = new TamperingContext();
tamperingRules.ApplyMatchingTamperingRules(req, tamperingContext);
serverRedirectionRules.ApplyMatchingTamperingRules(req, tamperingContext, selectedServer);
Assert.True(tamperingContext.ShouldTamperRequest);
Assert.Null(tamperingContext.PathAndQuery);
Assert.Null(tamperingContext.HostHeader);
Assert.Equal("https", tamperingContext.Protocol);
Assert.Equal("192.168.1.10:443", tamperingContext.ServerTcpAddressWithPort);
}
public void AutoTamperRequestBefore(Session oSession)
{
if (!isLoaded)
{
return;
}
if (!lck.TryEnterReadLock(TimeSpan.FromSeconds(1)))
{
LogFormat("ERROR: Timeout when acquiring lock.");
return;
}
try {
var request = new Request(oSession);
if (request.IsHttpsConnect)
{
if (request.IsLocal && shouldInterceptHttps)
{
PerformHttpsHandshake(oSession);
}
return;
}
var tamperingContext = new TamperingContext();
if (request.IsLocal && request.IsHttps && shouldInterceptHttps)
{
ApplyHttpsRedirection(request, tamperingContext);
}
else
{
tamperer.ApplyMatchingTamperingRules(request, tamperingContext);
if (isRedirectionToOneHostEnabled)
{
tamperingContext.ServerTcpAddressWithPort = customServerAddressWithPort;
}
else if (IsApplicationServerSelected())
{
serverRedirector.ApplyMatchingTamperingRules(request, tamperingContext, selectedServer);
}
}
if (tamperingContext.ShouldTamperRequest)
{
TamperRequest(request, oSession, tamperingContext);
}
} finally {
lck.ExitReadLock();
}
}
