-
Notifications
You must be signed in to change notification settings - Fork 623
Home
Proxy is asynchronously multi-threaded, so request/response handlers will be fired as soon as we receive data from client/server asynchronously. This won't be in order necessarily. To store data specific to a request/response sequence, one can use SessionEventArgs.UserData property.
Firefox doesn't look at the Windows Certificate Store by default for Root Certificates. It maintains its own Certificate Infrastructure. As such one need to configure Firefox to use Windows Store.
As per below guideline, Firefox should use Windows root certificates if root was added to Local Windows Machine Store. To install in Local Machine Store one need to have local administrator privilege. Alternatively proxy will install root to local machine if it was run as an administrator. In addition, the API flag CERT_SYSTEM_STORE_LOCAL_MACHINE in Firefox needs to be toggled to true. API flags can be modified in Firefox by navigating to about:firefox from Firefox browser URL tab.
https://wiki.mozilla.org/CA:AddRootToFirefox
Mono is supported. Of course, calls such as SetAsSystemHttpProxy
would fail since they make use of windows specific APIs. In Mono, we make use of BouncyCastle library to generate Certificates and it is the only option. In Windows, we make use of BouncyCastle by default, or optionally native COM calls to faster Windows inbuilt certificate generator, but not recommended due to a bug (see #468). If someone could fix the bug it would be appreciated. This is controlled by below flag.
proxyServer.CertificateEngine = Network.CertificateEngine.DefaultWindows;
.Net standard is supported and the minimum version required is 1.6. Nuget packages are available with .Net standard support. A sample project is in the repository. Again, Windows specific calls for setting system proxy or anything similar won't work. Similar to Mono, only BouncyCastle is supported as Certificate Maker Engine.
Proxy can relay incoming HTTPS connections without doing decryption when using ExplicitEndPoint
. This can be done using OnBeforeTunnelConnect
of TransparentEndPoint
as follows.
explicitEndPoint.BeforeTunnelConnect += OnBeforeTunnelConnect;
private async Task<bool> OnBeforeTunnelConnect(string hostname)
{
if (hostname.Contains("google.com") || hostname.Contains("bing.com"))
{
//exclude bing.com and google.com from being decrypted
//instead it will be relayed via a secure TCP tunnel
return await Task.FromResult(true);
}
else
{
return await Task.FromResult(false);
}
}
One can set Root Certificate used by the proxy using below property.
X509Certificate2 RootCertificate { get; set; }
If the user did not set RootCertificate, we will do the following.
- We will check for "rootCert.pfx" in the current working directory.
- If it's not found, we will create "rootCert.pfx" and save it to the current working directory. The root certificate name will be "Titanium Root Certificate Authority". This is so that we won't create new root certificates each time the proxy is started.
- Next, we will read "rootCert.pfx" as our root certificate.
- And finally, we will trust the loaded RootCertificate by checking below property. (It's true by default)
public bool TrustRootCertificate { get; set; }
We follow standard CSharp naming conventions
Would be nice to discuss any new public APIs before making an effort via PR. Also, note this is not intended to be a web debugging proxy. So APIs for timers or other trivial details are avoided mostly. We are focused more on performance.
As the original author of this project and maintainer, I've (@justcoding121) received couple of offers for monetary rewards or donations to either add features or dedicate more time to this project. I am unable to spend time on this. I recommend contacting @honfika, a good contributor from the past for any such offers. (I can give his email address if you contact me via my LinkedIn account).
http代理