-
Notifications
You must be signed in to change notification settings - Fork 625
Home
Proxy is asynchronously multi-threaded, so request/response handlers will be fired as soon as we receive data from client/server asynchronously. This won't be in order necessarily. To sync request/response sequence one can use e.RequestId property. This Guid will be same across both request & response event handlers for same request/response sequence.
Firefox doesn't look at Windows Certificate Store by default for Root Certificates. It maintains its own Certificate Infrastructure. As such one need to configure Firefox to also use Windows Store.
As per below guideline, Firefox should use Windows root certificates if root was added to Local Windows Machine Store. To install in Local Machine Store one need to have local administrator privilege. Alternatively proxy will install root to local machine if it is run as an administrator user. In addition the API flag (CERT_SYSTEM_STORE_LOCAL_MACHINE) in Firefox needs to be toggled to true. API flags can be modified in Firefox by navigating to about:firefox from Firefox browser URL tab.
https://wiki.mozilla.org/CA:AddRootToFirefox
Mono support is not verified. However we assume it would run in mono, since users have reported so. Of course calls such as SetAsSystemHttpProxy would fail since they make use of windows specific APIs. In Mono we make use of BouncyCastle library to generate Certificates and it is the only option. In Windows we make use of BouncyCastle to generate Certificates, and optionally by using native COM calls. This is controlled by below flag.
proxyServer.CertificateEngine = Network.CertificateEngine.BouncyCastle;
.Net standard is supported and minimum version required is 1.6. Nuget packages are available with .Net standard 1.6 support. A sample project is in the repository. Again Windows specific calls for setting system proxy or anything similar won't work. Similar to Mono only BouncyCastle is supported as Certificate Maker Engine.
Proxy can relay incoming HTTPS connections without doing decryption when using ExplicitEndPoint. This can be done in two mutually exclusive ways.
-
EndPoint.ExcludedHttpsHostNameRegex- Only specified host names will not be decrypted. -
EndPoint.IncludedHttpsHostNameRegex- Only specified host names will be decrypted.
One can set the Root Certificate used by proxy by using below property.
X509Certificate2 RootCertificate { get; set; }
And if the user do not set RootCertificate, then we will do the following.
- We will check for "rootCert.pfx" in the current working directory first.
- If its not found there, then we will create "rootCert.pfx" and save it in current working directory. The root certificate name will be "Titanium Root Certificate Authority". This is so that we don't create new RootCertificates each time the proxy is started and RootCertificate is not set.
- Next we will read the "rootCert.pfx" as our root certificate.
- And finally we will Trust the loaded RootCertificate by checking below existing property. (Its true by default)
public bool TrustRootCertificate { get; set; }
The code style is as follows.
- Property and Field names should be camelCase for private
- Property and Field names should be PascalCase for public, internal or any other.
- Method names should be always be in PascalCase.
- Argument names should be always camelCase.
- Local variables should be always camelCase
- Class definitions should define private members first (also const), followed by private properties and then public properties (also const) etc.
- Use helper classes for methods if relevant to improve readability.
Would be nice to discuss any new public API to the project before making an effort via PR. Also please note this is not intended to be a web debugging proxy. So APIs for timers or other trivial details are avoided mostly. We are focused more on performance.
- Issues with windows authentication https://github.com/justcoding121/Titanium-Web-Proxy/issues/251
http代理