-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
poc: add embedded proxy to grab external cookies #7643
base: master
Are you sure you want to change the base?
Conversation
The private key is included in our public source? Haven't looked at the whole PR yet, but that seems like a huge red flag. |
I've looked at it some more, and there's also a .pfx file added? These are usually huge security no-no's. If we decide to add this, it would probably be better for Jackett to generate these from scratch for the local installation instead of having a global cert. The rest of the implementation looks fine, but I don't know if this is the best way to implement this fix. Most of these people needing this will be running non-windows servers/seedboxes/etc. which means that there's likely some version of SSH on the box for administration/tool installation, which can be used to generate a socks proxy for the same purpose. https://www.systutorials.com/proxy-using-ssh-tunnel/ |
Very interesting proof of concept.. I wonder if a decoupled implementation might work well, ie. with a cookie jar that Jackett reads from and the proxy writes to |
This is just a POC. In the real implementation the pfx (private + public key) will be generated in the client machine, the same as the apikey. And the pem (public key) will be downloaded from the WebUI so it can be installed in the web browser. This implementation can be safe, I have a lot of experience in security. The code to generate the certificates is already in the PR => https://github.com/Jackett/Jackett/pull/7643/files#diff-85a043c4864ef296e6b4a81909451893R43
There are several ways of grabbing the cookies but I think this is easier for the average user. This feature will include 3 things: Installing a proxy + auto copy the cookies + auto configure the trackers. |
Revert "poc: add embedded proxy to grab external cookies"
First of all, the code is s**t I know. I want to get some feedback before spending my time on this.
This PR embedded a proxy server into Jackett with the goal of grabbing the cookies directly from the web browser.
Configuration:
jackattCA.pem
into the trusted CAs in the web browser. In Firefox:Pros:
Cons:
Notes:
@Jackett/maintainers What do you think?