Merge branch 'develop' into beta

Author: justcoding121

Examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs

@@ -14,7 +14,7 @@ namespace Titanium.Web.Proxy.Examples.Basic
     public class ProxyTestController
     {
         private readonly ProxyServer proxyServer;
-
+        private ExplicitProxyEndPoint explicitEndPoint;
 
         //keep track of request headers
         private readonly IDictionary<Guid, HeaderCollection> requestHeaderHistory = new ConcurrentDictionary<Guid, HeaderCollection>();
@@ -52,38 +52,31 @@ public void StartProxy()
         {
             proxyServer.BeforeRequest += OnRequest;
             proxyServer.BeforeResponse += OnResponse;
-            proxyServer.TunnelConnectRequest += OnTunnelConnectRequest;
-            proxyServer.TunnelConnectResponse += OnTunnelConnectResponse;
+            
             proxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
             proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;
 
             //proxyServer.EnableWinAuth = true;
 
-            var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)
+            explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)
             {
-                //Exclude Https addresses you don't want to proxy
-                //Useful for clients that use certificate pinning
-                //for example google.com and dropbox.com
-                ExcludedHttpsHostNameRegex = new List<string>
-                {
-                    "dropbox.com"
-                },
-
-                //Include Https addresses you want to proxy (others will be excluded)
-                //for example github.com
-                //IncludedHttpsHostNameRegex = new List<string>
-                //{
-                //    "github.com"
-                //},
-
-                //You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown
-
-                //Use self-issued generic certificate on all https requests
-                //Optimizes performance by not creating a certificate for each https-enabled domain
-                //Useful when certificate trust is not required by proxy clients
-                //GenericCertificate = new X509Certificate2(Path.Combine(System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "genericcert.pfx"), "password")
+            //You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown
+
+            //Use self-issued generic certificate on all https requests
+            //Optimizes performance by not creating a certificate for each https-enabled domain
+            //Useful when certificate trust is not required by proxy clients
+            //GenericCertificate = new X509Certificate2(Path.Combine(System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "genericcert.pfx"), "password")
             };
 
+            //Exclude Https addresses you don't want to proxy
+            //Useful for clients that use certificate pinning
+            //for example google.com and dropbox.com
+            explicitEndPoint.BeforeTunnelConnect += OnBeforeTunnelConnect;
+
+
+            explicitEndPoint.TunnelConnectRequest += OnTunnelConnectRequest;
+            explicitEndPoint.TunnelConnectResponse += OnTunnelConnectResponse;
+
             //An explicit endpoint is where the client knows about the existence of a proxy
             //So client sends request in a proxy friendly manner
             proxyServer.AddEndPoint(explicitEndPoint);
@@ -120,8 +113,10 @@ public void StartProxy()
 
         public void Stop()
         {
-            proxyServer.TunnelConnectRequest -= OnTunnelConnectRequest;
-            proxyServer.TunnelConnectResponse -= OnTunnelConnectResponse;
+            explicitEndPoint.BeforeTunnelConnect -= OnBeforeTunnelConnect;
+            explicitEndPoint.TunnelConnectRequest -= OnTunnelConnectRequest;
+            explicitEndPoint.TunnelConnectResponse -= OnTunnelConnectResponse;
+
             proxyServer.BeforeRequest -= OnRequest;
             proxyServer.BeforeResponse -= OnResponse;
             proxyServer.ServerCertificateValidationCallback -= OnCertificateValidation;
@@ -133,6 +128,20 @@ public void Stop()
             //proxyServer.CertificateManager.RemoveTrustedRootCertificates();
         }
 
+        private async Task<bool> OnBeforeTunnelConnect(string hostname)
+        {
+            if (hostname.Contains("amazon.com") || hostname.Contains("paypal.com"))
+            {
+                //exclude bing.com and google.com from being decrypted
+                //instead it will be relayed via a secure TCP tunnel
+                return await Task.FromResult(true);
+            }
+            else
+            {
+                return await Task.FromResult(false);
+            }
+        }
+
         private async Task OnTunnelConnectRequest(object sender, TunnelConnectSessionEventArgs e)
         {
             Console.WriteLine("Tunnel to: " + e.WebSession.Request.Host);
@@ -172,7 +181,7 @@ private async Task OnRequest(object sender, SessionEventArgs e)
 
             //To cancel a request with a custom HTML content
             //Filter URL
-            if (e.WebSession.Request.RequestUri.AbsoluteUri.Contains("google.com"))
+            if (e.WebSession.Request.RequestUri.AbsoluteUri.Contains("yahoo.com"))
             {
                 await e.Ok("<!DOCTYPE html>" +
                       "<html><body><h1>" +

Examples/Titanium.Web.Proxy.Examples.Wpf/MainWindow.xaml.cs

@@ -109,8 +109,8 @@ public MainWindow()
 
             proxyServer.BeforeRequest += ProxyServer_BeforeRequest;
             proxyServer.BeforeResponse += ProxyServer_BeforeResponse;
-            proxyServer.TunnelConnectRequest += ProxyServer_TunnelConnectRequest;
-            proxyServer.TunnelConnectResponse += ProxyServer_TunnelConnectResponse;
+            explicitEndPoint.TunnelConnectRequest += ProxyServer_TunnelConnectRequest;
+            explicitEndPoint.TunnelConnectResponse += ProxyServer_TunnelConnectResponse;
             proxyServer.ClientConnectionCountChanged += delegate { Dispatcher.Invoke(() => { ClientConnectionCount = proxyServer.ClientConnectionCount; }); };
             proxyServer.ServerConnectionCountChanged += delegate { Dispatcher.Invoke(() => { ServerConnectionCount = proxyServer.ServerConnectionCount; }); };
             proxyServer.Start();

Titanium.Web.Proxy/Helpers/Firefox.cs

@@ -1,5 +1,7 @@
-using System;
+using StreamExtended.Network;
+using System;
 using System.Text;
+using System.Threading.Tasks;
 using Titanium.Web.Proxy.Extensions;
 using Titanium.Web.Proxy.Http;
 using Titanium.Web.Proxy.Shared;
@@ -113,5 +115,45 @@ internal static string GetWildCardDomainName(string hostname)
             //return as it is
             return hostname;
         }
+
+        /// <summary>
+        /// Determines whether is connect method.
+        /// </summary>
+        /// <param name="clientStream">The client stream.</param>
+        /// <returns>1: when CONNECT, 0: when valid HTTP method, -1: otherwise</returns>
+        internal static async Task<int> IsConnectMethod(CustomBufferedStream clientStream)
+        {
+            bool isConnect = true;
+            int legthToCheck = 10;
+            for (int i = 0; i < legthToCheck; i++)
+            {
+                int b = await clientStream.PeekByteAsync(i);
+                if (b == -1)
+                {
+                    return -1;
+                }
+
+                if (b == ' ' && i > 2)
+                {
+                    // at least 3 letters and a space
+                    return isConnect ? 1 : 0;
+                }
+
+                char ch = (char)b;
+                if (!char.IsLetter(ch))
+                {
+                    // non letter or too short
+                    return -1;
+                }
+
+                if (i > 6 || ch != "CONNECT"[i])
+                {
+                    isConnect = false;
+                }
+            }
+
+            // only letters
+            return isConnect ? 1 : 0;
+        }
     }
 }

Titanium.Web.Proxy/Helpers/HttpHelper.cs

@@ -5,6 +5,9 @@
 using System.Net.Sockets;
 using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+using Titanium.Web.Proxy.EventArguments;
+using Titanium.Web.Proxy.Extensions;
 
 namespace Titanium.Web.Proxy.Models
 {
@@ -67,9 +70,15 @@ public class ExplicitProxyEndPoint : ProxyEndPoint
 
         internal bool IsSystemHttpsProxy { get; set; }
 
+        /// <summary>
+        /// Generic certificate to use for SSL decryption.
+        /// </summary>
+        public X509Certificate2 GenericCertificate { get; set; }
+
         /// <summary>
         /// List of host names to exclude using Regular Expressions.
         /// </summary>
+        [Obsolete("ExcludedHttpsHostNameRegex is deprecated, please use BeforeTunnelConnect event instead.")]
         public IEnumerable<string> ExcludedHttpsHostNameRegex
         {
             get { return ExcludedHttpsHostNameRegexList?.Select(x => x.ToString()).ToList(); }
@@ -87,6 +96,7 @@ public IEnumerable<string> ExcludedHttpsHostNameRegex
         /// <summary>
         /// List of host names to exclude using Regular Expressions.
         /// </summary>
+        [Obsolete("IncludedHttpsHostNameRegex is deprecated, please use BeforeTunnelConnect event instead.")]
         public IEnumerable<string> IncludedHttpsHostNameRegex
         {
             get { return IncludedHttpsHostNameRegexList?.Select(x => x.ToString()).ToList(); }
@@ -102,10 +112,22 @@ public IEnumerable<string> IncludedHttpsHostNameRegex
         }
 
         /// <summary>
-        /// Generic certificate to use for SSL decryption.
+        /// Return true if this HTTP connect request should'nt be decrypted and instead be relayed
+        /// Valid only for explicit endpoints
         /// </summary>
-        public X509Certificate2 GenericCertificate { get; set; }
+        public Func<string, Task<bool>> BeforeTunnelConnect;
 
+        /// <summary>
+        /// Intercept tunnel connect request
+        /// Valid only for explicit endpoints
+        /// </summary>
+        public event AsyncEventHandler<TunnelConnectSessionEventArgs> TunnelConnectRequest;
+
+        /// <summary>
+        /// Intercept tunnel connect response
+        /// Valid only for explicit endpoints
+        /// </summary>
+        public event AsyncEventHandler<TunnelConnectSessionEventArgs> TunnelConnectResponse;
         /// <summary>
         /// Constructor.
         /// </summary>
@@ -115,6 +137,31 @@ public IEnumerable<string> IncludedHttpsHostNameRegex
         public ExplicitProxyEndPoint(IPAddress ipAddress, int port, bool enableSsl) : base(ipAddress, port, enableSsl)
         {
         }
+
+        internal async Task InvokeTunnectConnectRequest(ProxyServer proxyServer, TunnelConnectSessionEventArgs connectArgs, Action<Exception> exceptionFunc)
+        {
+            if (TunnelConnectRequest != null)
+            {
+                await TunnelConnectRequest.InvokeAsync(proxyServer, connectArgs, exceptionFunc);
+            }
+        }
+
+        internal async Task InvokeTunnectConnectResponse(ProxyServer proxyServer, TunnelConnectSessionEventArgs connectArgs, Action<Exception> exceptionFunc)
+        {
+            if (TunnelConnectResponse != null)
+            {
+                await TunnelConnectResponse.InvokeAsync(proxyServer, connectArgs, exceptionFunc);
+            }
+        }
+
+        internal async Task InvokeTunnectConnectResponse(ProxyServer proxyServer, TunnelConnectSessionEventArgs connectArgs, Action<Exception> exceptionFunc, bool isClientHello)
+        {
+            if (TunnelConnectResponse != null)
+            {
+                connectArgs.IsHttpsConnect = isClientHello;
+                await TunnelConnectResponse.InvokeAsync(proxyServer, connectArgs, exceptionFunc);
+            }
+        }
     }
 
     /// <summary>