Merge pull request #406 from justcoding121/develop

Beta 3.0.393+

Author: justcoding121

Examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs

@@ -78,7 +78,7 @@ public void StartProxy()
 
             //proxyServer.EnableWinAuth = true;
 
-            explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)
+            explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000)
             {
                 //You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown
 

Titanium.Web.Proxy/Models/ExplicitProxyEndPoint.cs

@@ -17,6 +17,11 @@ public class ExplicitProxyEndPoint : ProxyEndPoint
 
         internal bool IsSystemHttpsProxy { get; set; }
 
+        /// <summary>
+        /// Enable SSL?
+        /// </summary>
+        public bool DecryptSsl { get; }
+
         /// <summary>
         /// Generic certificate to use for SSL decryption.
         /// </summary>
@@ -40,9 +45,10 @@ public class ExplicitProxyEndPoint : ProxyEndPoint
         /// </summary>
         /// <param name="ipAddress"></param>
         /// <param name="port"></param>
-        /// <param name="enableSsl"></param>
-        public ExplicitProxyEndPoint(IPAddress ipAddress, int port, bool enableSsl) : base(ipAddress, port, enableSsl)
+        /// <param name="decryptSsl"></param>
+        public ExplicitProxyEndPoint(IPAddress ipAddress, int port, bool decryptSsl = true) : base(ipAddress, port)
         {
+            this.DecryptSsl = decryptSsl;
         }
 
         internal async Task InvokeBeforeTunnelConnectRequest(ProxyServer proxyServer, TunnelConnectSessionEventArgs connectArgs, ExceptionHandler exceptionFunc)

Titanium.Web.Proxy/Models/ProxyEndPoint.cs

@@ -17,11 +17,10 @@ public abstract class ProxyEndPoint
         /// <param name="ipAddress"></param>
         /// <param name="port"></param>
         /// <param name="enableSsl"></param>
-        protected ProxyEndPoint(IPAddress ipAddress, int port, bool enableSsl)
+        protected ProxyEndPoint(IPAddress ipAddress, int port)
         {
             IpAddress = ipAddress;
             Port = port;
-            EnableSsl = enableSsl;
         }
 
         /// <summary>
@@ -39,10 +38,6 @@ protected ProxyEndPoint(IPAddress ipAddress, int port, bool enableSsl)
         /// </summary>
         public int Port { get; internal set; }
 
-        /// <summary>
-        /// Enable SSL?
-        /// </summary>
-        public bool EnableSsl { get; }
 
         /// <summary>
         /// Is IPv6 enabled?

Titanium.Web.Proxy/Models/TransparentProxyEndPoint.cs

@@ -20,7 +20,7 @@ public class TransparentProxyEndPoint : ProxyEndPoint
         /// <param name="ipAddress"></param>
         /// <param name="port"></param>
         /// <param name="enableSsl"></param>
-        public TransparentProxyEndPoint(IPAddress ipAddress, int port, bool enableSsl) : base(ipAddress, port, enableSsl)
+        public TransparentProxyEndPoint(IPAddress ipAddress, int port) : base(ipAddress, port)
         {
             GenericCertificateName = "localhost";
         }

Titanium.Web.Proxy/ProxyServer.cs

@@ -319,10 +319,6 @@ public void SetAsSystemProxy(ExplicitProxyEndPoint endPoint, ProxyProtocolType p
 
             if (isHttps)
             {
-                if (!endPoint.EnableSsl)
-                {
-                    throw new Exception("Endpoint do not support Https connections");
-                }
 
                 CertificateManager.EnsureRootCertificate();
 

Titanium.Web.Proxy/RequestHandler.cs

@@ -79,7 +79,7 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli
                     await endPoint.InvokeBeforeTunnelConnectRequest(this, connectArgs, ExceptionFunc);
 
                     //filter out excluded host names
-                    bool excluded = connectArgs.Excluded;
+                    bool excluded = !endPoint.DecryptSsl || connectArgs.Excluded;
 
                     if (await CheckAuthorization(connectArgs) == false)
                     {
@@ -92,17 +92,15 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli
 
                     //write back successfull CONNECT response
                     var response = ConnectResponse.CreateSuccessfullConnectResponse(version);
+                    // Set ContentLength explicitly to properly handle HTTP 1.0
+                    response.ContentLength = 0;
                     response.Headers.FixProxyHeaders();
                     connectArgs.WebSession.Response = response;
 
                     await clientStreamWriter.WriteResponseAsync(response);
 
-                    ClientHelloInfo clientHelloInfo = null;
-                    if (endPoint.EnableSsl)
-                    {
-                        clientHelloInfo = await SslTools.PeekClientHello(clientStream);
-                    }
-
+                    var clientHelloInfo =  await SslTools.PeekClientHello(clientStream);
+                    
                     bool isClientHello = clientHelloInfo != null;
                     if (isClientHello)
                     {
@@ -232,48 +230,46 @@ private async Task HandleClient(TransparentProxyEndPoint endPoint, TcpClient tcp
 
             try
             {
-                if (endPoint.EnableSsl)
-                {
-                    var clientHelloInfo = await SslTools.PeekClientHello(clientStream);
+                var clientHelloInfo = await SslTools.PeekClientHello(clientStream);
 
-                    if (clientHelloInfo != null)
-                    {
-                        SslStream sslStream = null;
-                        string sniHostName = null;
+                var isHttps = clientHelloInfo != null;
+                string httpsHostName = null;
 
-                        try
-                        {
-                            sslStream = new SslStream(clientStream);
+                if (isHttps)
+                {
+                    SslStream sslStream = null;
+                  
+                    try
+                    {
+                        sslStream = new SslStream(clientStream);
 
-                            sniHostName = clientHelloInfo.GetServerName() ?? endPoint.GenericCertificateName;
+                        httpsHostName = clientHelloInfo.GetServerName() ?? endPoint.GenericCertificateName;
 
-                            string certName = HttpHelper.GetWildCardDomainName(sniHostName);
-                            var certificate = await CertificateManager.CreateCertificateAsync(certName);
+                        string certName = HttpHelper.GetWildCardDomainName(httpsHostName);
+                        var certificate = await CertificateManager.CreateCertificateAsync(certName);
 
-                            //Successfully managed to authenticate the client using the fake certificate
-                            await sslStream.AuthenticateAsServerAsync(certificate, false, SslProtocols.Tls, false);
+                        //Successfully managed to authenticate the client using the fake certificate
+                        await sslStream.AuthenticateAsServerAsync(certificate, false, SslProtocols.Tls, false);
 
-                            //HTTPS server created - we can now decrypt the client's traffic
-                            clientStream = new CustomBufferedStream(sslStream, BufferSize);
+                        //HTTPS server created - we can now decrypt the client's traffic
+                        clientStream = new CustomBufferedStream(sslStream, BufferSize);
 
-                            clientStreamReader.Dispose();
-                            clientStreamReader = new CustomBinaryReader(clientStream, BufferSize);
-                            clientStreamWriter = new HttpResponseWriter(clientStream, BufferSize);
-                        }
-                        catch (Exception e)
-                        {
-                            ExceptionFunc(new Exception($"Could'nt authenticate client '{sniHostName}' with fake certificate.", e));
-                            sslStream?.Dispose();
-                            return;
-                        }
+                        clientStreamReader.Dispose();
+                        clientStreamReader = new CustomBinaryReader(clientStream, BufferSize);
+                        clientStreamWriter = new HttpResponseWriter(clientStream, BufferSize);
+                    }
+                    catch (Exception e)
+                    {
+                        ExceptionFunc(new Exception($"Could'nt authenticate client '{httpsHostName}' with fake certificate.", e));
+                        sslStream?.Dispose();
+                        return;
                     }
-
-                    //HTTPS server created - we can now decrypt the client's traffic
                 }
 
+                //HTTPS server created - we can now decrypt the client's traffic
                 //Now create the request
                 await HandleHttpSessionRequest(tcpClient, clientStream, clientStreamReader, clientStreamWriter,
-                    endPoint.EnableSsl ? endPoint.GenericCertificateName : null, endPoint, null, true);
+                    isHttps ? httpsHostName : null, endPoint, null, true);
             }
             finally
             {
@@ -621,7 +617,7 @@ private async Task<TcpConnection> GetServerConnection(SessionEventArgs args, boo
         /// <param name="requestHeaders"></param>
         private void PrepareRequestHeaders(HeaderCollection requestHeaders)
         {
-            if(requestHeaders.HeaderExists(KnownHeaders.AcceptEncoding))
+            if (requestHeaders.HeaderExists(KnownHeaders.AcceptEncoding))
             {
                 requestHeaders.SetOrAddHeaderValue(KnownHeaders.AcceptEncoding, "gzip,deflate");
             }

Titanium.Web.Proxy/WinAuthHandler.cs

@@ -14,21 +14,21 @@ namespace Titanium.Web.Proxy
     public partial class ProxyServer
     {
         //possible header names
-        private static readonly List<string> authHeaderNames = new List<string>
+        private static readonly HashSet<string> authHeaderNames = new HashSet<string>
         {
-            "WWW-Authenticate",
+            "WWW-Authenticate".ToLower(),
             //IIS 6.0 messed up names below
-            "WWWAuthenticate",
-            "NTLMAuthorization",
-            "NegotiateAuthorization",
-            "KerberosAuthorization"
+            "WWWAuthenticate".ToLower(),
+            "NTLMAuthorization".ToLower(),
+            "NegotiateAuthorization".ToLower(),
+            "KerberosAuthorization".ToLower()
         };
 
-        private static readonly List<string> authSchemes = new List<string>
+        private static readonly HashSet<string> authSchemes = new HashSet<string>
         {
-            "NTLM",
-            "Negotiate",
-            "Kerberos"
+            "NTLM".ToLower(),
+            "Negotiate".ToLower(),
+            "Kerberos".ToLower()
         };
 
         /// <summary>
@@ -49,7 +49,7 @@ internal async Task Handle401UnAuthorized(SessionEventArgs args)
 
             //check in non-unique headers first
             var header = response.Headers.NonUniqueHeaders.FirstOrDefault(
-                    x => authHeaderNames.Any(y => x.Key.Equals(y, StringComparison.OrdinalIgnoreCase)));
+                    x => authHeaderNames.Contains(x.Key.ToLower()));
 
             if (!header.Equals(new KeyValuePair<string, List<HttpHeader>>()))
             {
@@ -65,8 +65,10 @@ internal async Task Handle401UnAuthorized(SessionEventArgs args)
             //check in unique headers
             if (authHeader == null)
             {
+                headerName = null;
+
                 //check in non-unique headers first
-                var uHeader = response.Headers.Headers.FirstOrDefault(x => authHeaderNames.Any(y => x.Key.Equals(y, StringComparison.OrdinalIgnoreCase)));
+                var uHeader = response.Headers.Headers.FirstOrDefault(x => authHeaderNames.Contains(x.Key.ToLower()));
 
                 if (!uHeader.Equals(new KeyValuePair<string, HttpHeader>()))
                 {
@@ -84,7 +86,7 @@ internal async Task Handle401UnAuthorized(SessionEventArgs args)
 
             if (authHeader != null)
             {
-                string scheme = authSchemes.FirstOrDefault(x => authHeader.Value.Equals(x, StringComparison.OrdinalIgnoreCase));
+                string scheme = authSchemes.Contains(authHeader.Value.ToLower()) ? authHeader.Value.ToLower() : null;
 
                 var expectedAuthState = scheme == null ? State.WinAuthState.INITIAL_TOKEN : State.WinAuthState.UNAUTHORIZED;
 
@@ -109,7 +111,7 @@ internal async Task Handle401UnAuthorized(SessionEventArgs args)
 
                     //replace existing authorization header if any
                     request.Headers.SetOrAddHeaderValue(KnownHeaders.Authorization, auth);
-                    
+
                     //don't need to send body for Authorization request
                     if (request.HasBody)
                     {
@@ -131,7 +133,7 @@ internal async Task Handle401UnAuthorized(SessionEventArgs args)
                     request.Headers.SetOrAddHeaderValue(KnownHeaders.Authorization, auth);
 
                     //send body for final auth request
-                    if (request.HasBody)
+                    if (request.OriginalHasBody)
                     {
                         request.ContentLength = request.Body.Length;
                     }