justcoding121 / titanium-web-proxy Goto Github PK

Does/will Titanium Web Proxy support binding to specific NICs? I'm interested in using this library to replace Fiddler but desire the ability to specify which NIC/interface to bind traffic to (http://fiddler.wikidot.com/egressip). Also interested in upstream proxy support as well (e.g., client -> titanium -> socks/http proxy - > server)

Please see this question on StackExchange:

http://sharepoint.stackexchange.com/questions/133091/soapexception-possible-soap-version-mismatch-accessing-ssl-enabled-site

Can this library be used to do the same I do with FidllerCore?

Thank you

I'm using Titanium Web Proxy to be able to monitor the traffic on my network, with the end goal of being able to get information about each URL visited, and potentially block them.

I've got it to the point where I can see the incoming URLs, but everytime I try and run HttpClient.PostAsync from within my application, I'm never able to get a response. If I turn the proxy off, it works just fine.

While working on titanium, I noticed that it creates and stores cert in certificate store for each and every request and in few days my personal cert store has hundreds of certs issued by titanium. I don't see any other proxy server behaving like this. Is there a way I can use only one CA trusted certificate and avoids creation of certs for every request? Thanks

Hi,

I am not sure if this is an issue or not. I noticed there are some certificates are generated with this parameter "-sky exchange" and then are stored in personal store.

I don't see this behavior exists in some other proxy servers like Fiddler or ieinspector.

Is there anyway we can stop creating certificates after importing the main certificate into "trusted root" store.

Thanks

I need to implement the same thing that you are doin in OSX. However, I am not able to find a utility like Titanium. Your suggestions are highly apprecialted.
Many thanks for building Titanium

Hiya,

I should have asked this on my previous issue regarding IP addresses so apologies i've been away!

I'd like to automatically exclude everything EXCEPT the sites I name, is this possible?

Thanks

Marc

i am testing this software time to time.
Youtube and vimeo videos don't play while this proxy running.

In a scenario using Titanium with a server application where all certificate errors are ignored, it would benefit proxy performance if the certificate creation could be bypassed by using a custom dummy certificate, loaded from a PFX-file on initialization - this certificate could for instance be returned on all calls to the CertificateManager.CreateCertificate method.

This would also solve the pain of not being able to install the root certificate on a server automatically since manual accept of the initial root certificate installation is required by design.

Is there a way to bypass the remote certificate validation for each request?

I've placed this code in many places but I couldn't get it to work:

ServicePointManager.ServerCertificateValidationCallback =
    (s, certificate, chain, sslPolicyErrors) => true;

Currently we are using HttpWebRequest class available in .Net framework to make requests. It works fine. But in the long run we would desire to have more control over requests. For example we won't able to support mutual authentication using HttpWebRequest. (since there is no callbacks to know if server requested client certificate during TLS handshake)

Also to support HTTP 2.0 in future, we would need direct control over request object.
Microsoft have not made HTTP 2 support for .Net framework, although they do support HTTP 2 for native applications under win8 and later.

I am working on this change and once it becomes stable I will merge with master.

See this this issue I made on corefx for issues on mutual authentication.

See this issue for HTTP 2 support pending for .Net framework.

Look forward to take advantage of Task (async/await)

We may be able to fork SslStream class in corefx to support HTTP 2 under Win8 and later. This may be done by setting ALPN flags in native calls made by SslStream class under the hood. its an option I am currently investigating. However if that forking is going to be time consuming, we could wait until ALPN is supported by MS.

When a URL is launched in a browser which sends a 302 code back, the code gets a null response and hence does not do anything.

1.How to read the send data? I need to read the submitted form data sent by normal html submit or by ajax call.

2.For certain Url(s), how to avoid connection? Kind of filtering.

By the way, really very good work. Thanks for sharing.

Muharrem

Hello,

I'd be interested in using Titanium for an internal application, is it possible to change the certificate name easily?

Thanks

Marc

public void OnRequest(object sender, SessionEventArgs e)
{
             //modifed request  header  AND   query   
}
public void OnResponse(object sender, SessionEventArgs e)
{
            //modifed response  header   

             e.SetResponseBodyString(modified);
}

# modifed response header OR modifed request header

According to the Stack Trace and error message, a negative number is being passed to System.IO.BinaryReader.ReadBytes for the count Parameter. Only zero and non-negative numbers are valid. This in in 2.1.110 with .Net Framework 4.5.

if an host name is in the excluded list like
ProxyServer.ExcludedHttpsHostNameRegex.Add(".youtube.com");
then proxy closing down the connection. Then it is not possible to access the website.
In our case youtube. Please test the proxy with above line.

I think, it should just by pass the request directly to server if it is in the excluded list.
Like a by pass proxy. If it is not in the excluded list then we should be able to modify the request and response, Am I right or mistaken?

In some https web sites, i got error. If i buy a SSL certifiicate, can i solve this problem?

Does it?

Hi Guys,

Is it possible to specify a number of hosts for proxy and ignore others? Couldn't seem to find it anywhere.

The only thing I could think of is look up the ip of each host and then foreach/add them as endpoints?

Cheers

Marc

In file ResponseHandler.cs line 105

response.Response.CharacterSet = response.Response.ResponseHeaders[i].Value.Split(';')[1].ToLower().Replace("charset=", string.Empty).Trim();

On machines which have different locale settings other than english, ToLower() function causes problem like it converts ISO-8859-9 to ıso-8859-9 which is Turkish and not a correct defininition for char set.

Please notice that ıso-8859-9 is not iso-8859-1.
I removed ToLower() like below and it works.

response.Response.CharacterSet = response.Response.ResponseHeaders[i].Value.Split(';')[1].Replace("charset=", string.Empty).Trim();

Hi, I'm working on a project where I need to create a proxy server to handle the web traffic (both http and https). Using the Titanium web proxy, i am able to handle the http requests but https are not working and I am getting empty string value for httpCmd at line 98 on requesthandler.cs while processing the https requests (e.g. google.com). Due to which request is not being generated. I have a project very much similar to the titanium test project except I'm not using any explicit end points or transparent end points. Can you please advise what could be the reason for that? Much appreciated!! Thanks.

By default, it only works with direct connection to the Internet. How can set it up, that he responsed and received packages through an external proxy?

Hello, Open debug .exe file but not work say: "hit any key to exit" in windows 7 32 bits, Why?

Thank you guys.

If a HTTP service request is an asynchronus one, am always getting its response bytes content length as -1.

I am using a HttpClient client = new HttpClient ()
to create a POST to an API that is working correctly me
as without the proxy initiated returns JSON me correctly ,
when starting the proxy and launch the application ( cliente.PostAsync ) hard
a standby time and returns an exception that says a task I was canceled ,
There was one or more errors
mscorlib , I would like to know how would have to do the POST for
add the headers that I need to send .

Thanks for the collaboration

I'm trying to modify a request coming through Titanium Web Proxy, specifically modifying the querystring on a request.

I've tried setting my own Uri object on e.ProxySession.Request.RequestUri in OnRequest(), but it doesn't look like it is reflected in the browser.

This excerpt from stackoverflow
**
"When you make requests with "Connection: keep-alive" the subsequent request to the server will use the same TCP connection. This is called HTTP persistent connection. This helps in reduction CPU load on server side and improves latency/response time.

If a request is made with "Connection: close" this indicates that once the request has been made the server needs to close the connection. And so for each request a new TCP connection will be established.

By default HTTP 1.1 client/server uses keep-alive where as HTTP 1.0 client/server dont support keep-alive by default."
**
From your code, I understand that you force to browser to close the connection immediately.

private static void WriteConnectResponse(StreamWriter clientStreamWriter, string httpVersion) { clientStreamWriter.WriteLine(httpVersion + " 200 Connection established"); clientStreamWriter.WriteLine("Timestamp: {0}", DateTime.Now); clientStreamWriter.WriteLine("connection:close");// <-- This line force the browser disconnect. clientStreamWriter.WriteLine(); clientStreamWriter.Flush(); }

And establishing a secure connection takes too long time.
With this current version, although it runs almost perfect but the performance is really headache.
Is it because of not supporting the persistent connection or not as I am thinking or anything else?

Please reconsider the design issue of this wonderful work.
Lastly, anyhow many thanks for your effort and sharing it to community.

I use Titanium Proxy as proxy server in local network, All works fine. But i want to know which ip adreses use proxy. Is it possible?

I have an ASP.Net WebForm delivered over HTTPS and within that page there is a jQuery AJAX call to a third-party REST service that interfaces with hardware connected to the client's PC at http://localhost:8080. The third-party service doesn't have an HTTPS endpoint, so the browsers block the AJAX call to to the client's local service because the page contains "Mixed-Content".

Can Titanium be set up as a MITM proxy to listen for inbound requests to the client's PC at https://localhost:8080, forward them to http://localhost:8080 and relay the responses back?

Is there a way to cancel a request and respond with binary data in the same way that e.Ok responds with text? I want to catch requests to a server that doesn't exist so there will be no response I can wait for and replace.

Hello, I was wondering if there was a way to prevent firefox from throwing the 'This Connection is Untrusted' page. I noticed it works perfectly fine within Chrome. But the moment you open Firefox and try to browse an https website, it throws that page saying 'This Connection is Untrusted'. Is there any way to prevent Firefox from doing this?

If there is no EnableAutoproxyResultCache registry key or it is set to 1, the proxy settings in the registry are not going to be reset after proxy is stopped.

The Titanium project is very interesting, and I have a specific scenario in mind for the Azure Storage. I would like some guidance to figure out if Titanium can be used for this scenario.

The Azure Storage (blobs, queues, tables) is great but the storage keys only comes as read+write. Yet, for many scenarios it would be much safer to have only a read access (ex: backup agent, production monitoring agent, etc). Indeed, a read+write access to a production system is inherently risky.

Thus, I am considering a setup that involves the HTTP proxy. The proxy would only forward the safe requests with a filter the HTTP verbs; plus the proxy would perform a API key replacement as well. So that the proxied agent hold only proxy keys and not real storage keys.

In order to avoid mishaps relative to the keys read+write, the HTTP proxy is intended to be hosted on Azure itself, and fully isolated from all proxied agents. The agent never gets any access to the real storage keys, only to the proxy keys. This prevents any destructive behavior from the proxied agents.

Now this flavor of HTTP proxy is intended to inbound HTTP traffic; while the current Titanium flavor seems to capture output HTTP traffic.

Could someone shed some light on how Titanium could be used in such a scenario? Thanks!

Connection gets broken when downloading big files, for instance http://saimei.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-8.4.0-amd64-DVD-1.iso

Hi,
i try to open this image and so i found an error in HttpWebResponseExtensions->GetResponseEncoding method. It throws exception because of response.Response.CharacterSet="binary". So i surrond the code with try catch block and in catch block I return a default CharacterSet.

URL: http://trthaberstatic.s3-website-eu-west-1.amazonaws.com/resimler/532000/532980.jpg

I noticed a stack overflow exception when ran overnight. Looks like there is a potential memory leak somewhere.

Domain names with non-ASCII characters are failing. I believe it can be fixed by using UTF8 encoding instead of ASCII on all streams.

I was wondering if there is a way I can pass login credentials using your web proxy. I want to mostly use the proxy as a back end service that will be used for logging into multiple websites to access information without the users having or knowing the login credentials to those sites. So, they click a link, it sends it to the proxy, it logs them in and then they can view the contents of the logged in account.
I have been messing with the code foe a bit and can get it to semi work, I can go to the page but it does not auto login, I have to click the submit button to be able to login, but once that is done all works fine. I am trying to figure out a way to bypass having to click the submit button and have them autologin with the credentials via the proxy.
Thanks for your time!

I'm trying at append some information into a soap header using titanium web proxy. I can get the request body using e.GetRequestBodyAsString() but when I modify the string and send it back using e.SetRequestBodyString() the string is truncated to the length of the original request body.

For example, if the original request body was:

<soap:Envelope>
    <soap:Header />
    <soap:Body>
        <tag>
            info
        </tag>
    </soap:Body>
</soap:Envelope>

And I changed it to be:

<soap:Envelope>
    <soap:Header>
    </soap:Header>
    <soap:Body>
        <tag>
            info
        </tag>
    </soap:Body>
</soap:Envelope>

The e.SetRequestBodyString would actually send:

<soap:Envelope>
    <soap:Header>
    </soap:Header>
    <soap:Body>
        <tag>
            info
        </tag>
    </soap:Body>
</so

In other words, if the original request was 500 bytes, and the modified message I was trying to send was 512 bytes, the actual message sent with the e.SetRequestBodyString would just be the first 500 bytes of the 512 byte message that I was trying to send.

Using Titanium Web Proxy 2.1.110 with .Net Framework 4.5

Hi, I tried to build the titanium proxy server in a remote machine A. And I set the proxy server as A:8000 on my laptop B. when it goes to https website like google, youtube. the chrome always show the warning "Your connection is not private", IE has similar warning.
How can we make the browse don't show this warning?

Hello! I have launched and built Titanium Proxy. Console Says Listening for connections on localhost:49487

I then try to go on another pc and connect via proxy manager but it will not connect?

I debug and test on an alternate SSL port so for instance https://qa.example.com:4444/ would be the target for my Selenium test suite whereas https://www.example.com/ would be the real enchilada. It seems that due to this logic: https://github.com/titanium007/Titanium-Web-Proxy/blob/a88c68c4b64b8988153d3728ec8c721d38310600/Titanium.Web.Proxy/RequestHandler.cs#L57 the proxy isn't working on another port other than the default SSL port. Either we need to be able to supply a list of alternate ports to consider as SSL in the ProxyServer configuration or come up with a better way to detect an SSL request.

Hi there,

Is it possible to use directly, or slightly modify this library to let it "convert" a SOCKS5 proxy to HTTP proxy?

Regards,
Jackson Hu.

Hello,

The websites that needs the windows authentication over http is failing to load the pages while using the proxy.Chrome shows the message as This webpage is not available, ERR_CONTENT_LENGTH_MISMATCH. Please help me to solve the issue

There are many exception for System.IO.IOException when I run the proxy in my machine.
the detail information is "Unable to write data to the transport connection: An established connection was aborted by the software in your host machine."
I think it affects the performance

I try to block some URLs. I am developing a free ( and open source) web browser for kids.
ProxyTestController.cs -> OnRequest -> e.Cancel = true doesn't work.
What is the best way to block URLs and show a warning page?

Thanks.

I experience performance related issues with cntlm, notably when using npm.

Could titanium-web-proxy be used as an authentication proxy ?

Hi,

When i am using the proxy i cannot open the http://www.haberler.com and also http://www.yemeksepeti.com. I try to debug but i can not find the problem. Chrome ask for kill the web site or wait for but never opens the site.

Thanks.

I'm trying this on Windows 10 with the firewall disabled, and though it's setting the proxy correctly (with SetAsSystemProxy=true), it doesn't seem to direct traffic to the server unless I navigate to IP address. Running Fiddler works as expected, but even when I use the same IP/Port in Titanium, it doesn't direct any traffic.

Is there something I'm missing?