This is a migrated thread and some comments may be shown as answers.

Chained Fiddler Proxies Not Work For HTTPS

7 Answers 20 Views
Windows
This is a migrated thread and some comments may be shown as answers.
jack
Top achievements
Rank 1
jack asked on 11 Mar 2015, 03:53 AM
Hi Eric,

I've created a chained HTTP/HTTPS proxy with fiddler. The whole system works as following:
proxy1 is deployed at client side. It encrypts the requested host and content, then pass it to proxy2 at server side. proxy2 decrypts the request, pass it to target websites, then encrypts the response and send it back to proxy1.

Everything works fine but for HTTPS. The source code and Wireshark pcap file are as following. Please kindly let me know how to get this work.

Server code

Client code

Pcap file


Regards,
Jack Wang

7 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 13 Mar 2015, 02:21 PM
Hi, Jack--

It's not really clear what you're asking.

Your client.cs file shows a FiddlerCore program which sets X-OverrideHost on every request and which disables all HTTPS security by trusting every certificate.

Your server.cs file shows a FiddlerCore program that doesn't do anything at all.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
jack
Top achievements
Rank 1
answered on 17 Mar 2015, 03:19 AM
Hi Eric,

Thanks to your awesome FiddlerCore, the code IS simple yet working. The core concept lies in the server proxy-client proxy model. It works as following:
1. The client.cs is deployed at client pc side. User points his web proxy to client.cs. Then all user requests goes to client.cs.
2. client.cs make some encryption to the content(the code is removed for clarity), then send it to server.cs(via X-OverrideHost), which is deployed remotely.
3. server.cs accepts the encrypted user request, decrypts the content(the code is also removed for clarity), then send the response back to client.cs.
4. This is basically a remote web proxy, the only difference is that the user requests are encrypted before they are sent to server. 

My question is, the code attached works fine for HTTP requests, but not OK for HTTPS. Can you please kindly take another look into it?




0
Eric Lawrence
Telerik team
answered on 17 Mar 2015, 05:14 PM
Your message is:

"I sent you some code that doesn't work."
"The code that I'm actually using does work."
"But the code that I'm using doesn't always work."
"Please debug the code I didn't send you."

Obviously, that's not something I can help with.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
jack
Top achievements
Rank 1
answered on 18 Mar 2015, 05:39 AM
No. The code I post behaves exactly the same as the code I have: works for HTTP, doesn't work for HTTPS.
Anyway, now I've uploaded the code I'm using. Hope it helps.

ClientProxy.cs
ServerProxy.cs
sln files
0
Eric Lawrence
Telerik team
answered on 19 Mar 2015, 03:29 PM
It might be helpful for you to explain how you think your code works, and what problem specifically occurs.

The client.cs file you've shared does not encrypt the request; it appears to attempt to obfuscate the hostname of the request using a character rotation, and obfuscate the body of the request using a byte rotation.

Among other problems, this code doesn't work properly because you haven't set oSession.bBufferResponse inside the BeforeRequest handler, which means that the BeforeResponse byte rotation code runs AFTER the proxy has already streamed the complete body to the client.

Your code shouldn't touch the request or response body at all in the case that oSession.HTTPMethodIs("CONNECT")

Your code doesn't have any handlers to emit the Logging messages (as shown in the demo program) which means that it will not notify you of any problems it encounters as it runs.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
jack
Top achievements
Rank 1
answered on 25 Mar 2015, 09:30 AM
Hi Eric,

Following picture shall explain how the code works: FiddlerProxy.png

Thanks very much for pointing out the mistakes, I've updated the code:ProxyClient.csProxyServer.cs.

But the issue still exists: even though I kept CONNECT untouched, the code still works only for HTTP, but no luck in HTTPS.

Thanks for help,
Jack


0
Eric Lawrence
Telerik team
answered on 25 Mar 2015, 01:11 PM
Hello, Jack--

Have you tried stepping through your code in a debugger to see how it's working?

It's entirely possible that your code fails because the certificates are not being created properly or a similar problem. You should update your code to emit logging information:

Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA) { Console.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA) { Console.WriteLine("** LogString: " + oLEA.LogString); };

...and watch for any notices.

Your code almost certainly still isn't working the way you think it is. ProxyClient.cs and ProxyServer.cs only enable buffering of the response if the REQUEST headers have a Content-Type of text/, while you almost certainly want to check the RESPONSE Content-Type.




Regards,
Eric Lawrence
Telerik
 

See What's Next in App Development. Register for TelerikNEXT.

 
Tags
Windows
Asked by
jack
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
jack
Top achievements
Rank 1
Share this question
or