-
Notifications
You must be signed in to change notification settings - Fork 5
/
FluxzySetting.cs
278 lines (239 loc) · 9.78 KB
/
FluxzySetting.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
// Copyright 2021 - Haga Rakotoharivelo - https://github.com/haga-rak
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Security.Authentication;
using System.Text.Json.Serialization;
using Fluxzy.Certificates;
using Fluxzy.Rules;
using Fluxzy.Rules.Actions;
using Fluxzy.Rules.Actions.HighLevelActions;
using Fluxzy.Rules.Filters;
using Fluxzy.Rules.Filters.RequestFilters;
namespace Fluxzy
{
/// <summary>
/// The main configuration for starting a proxy instance
/// </summary>
public partial class FluxzySetting
{
[JsonInclude()]
[Obsolete("Used only for serialization")]
[EditorBrowsable(EditorBrowsableState.Never)]
public List<Rule> InternalAlterationRules { get; internal set; } = new();
[JsonConstructor]
public FluxzySetting()
{
}
/// <summary>
/// Proxy listen address
/// </summary>
[JsonInclude]
public HashSet<ProxyBindPoint> BoundPoints { get; internal set; } = new();
/// <summary>
/// Returns a friendly description of the bound points
/// </summary>
public string BoundPointsDescription
{
get
{
return string.Join(", ", BoundPoints
.OrderByDescending(d => d.Default)
.Select(s => $"[{s.EndPoint}]"));
}
}
/// <summary>
/// Verbose mode
/// </summary>
public bool Verbose { get; internal set; }
/// <summary>
/// Number of concurrent connection per host maintained by the connection pool excluding websocket connections. Default
/// value is 16.
/// </summary>
[JsonInclude]
public int ConnectionPerHost { get; internal set; } = 16;
/// <summary>
/// Ssl protocols for remote host connection
/// </summary>
[JsonInclude]
public SslProtocols ServerProtocols { get; internal set; } =
#pragma warning disable SYSLIB0039
SslProtocols.Tls
| SslProtocols.Tls11
| SslProtocols.Tls12
#if NETCOREAPP3_1_OR_GREATER
| SslProtocols.Tls13
#endif
;
#pragma warning restore SYSLIB0039
/// <summary>
/// The CA certificate used for decryption
/// </summary>
[JsonInclude]
public Certificate CaCertificate { get; internal set; } = Certificate.UseDefault();
/// <summary>
/// The default certificate cache directory. Setting this value helps improving performance because producing
/// root certificate on the fly is expensive.
/// </summary>
[JsonInclude]
public string CertificateCacheDirectory { get; internal set; } = "%appdata%/.fluxzy/cert-caches";
/// <summary>
/// When set to true, fluxzy will automatically install default certificate when starting.
/// </summary>
[JsonInclude]
public bool AutoInstallCertificate { get; internal set; }
/// <summary>
/// Check whether server certificate is valid. Default value is true
/// </summary>
[JsonInclude]
public bool CheckCertificateRevocation { get; internal set; } = true;
/// <summary>
/// Do not use certificate cache. Regenerate certificate whenever asked
/// </summary>
[JsonInclude]
public bool DisableCertificateCache { get; internal set; }
/// <summary>
/// True if fluxzy should capture raw packet matching exchanges
/// </summary>
[JsonInclude]
public bool CaptureRawPacket { get; internal set; }
/// <summary>
/// </summary>
[JsonInclude]
public string? CaptureInterfaceName { get; internal set; }
/// <summary>
/// Hosts that by pass proxy
/// </summary>
public IReadOnlyCollection<string> ByPassHost
{
get
{
return ByPassHostFlat.Split(new[] { ";", ",", "\r", "\n", "\t" }, StringSplitOptions.RemoveEmptyEntries)
.Distinct().ToList();
}
}
[JsonInclude]
public string ByPassHostFlat { get; internal set; } = "";
/// <summary>
/// Archiving policy
/// </summary>
[JsonInclude]
public ArchivingPolicy ArchivingPolicy { get; internal set; } = ArchivingPolicy.None;
/// <summary>
/// Global alteration rules
/// </summary>
#pragma warning disable CS0618 // Type or member is obsolete for JSON serialization
public ReadOnlyCollection<Rule> AlterationRules => new ReadOnlyCollection<Rule>(InternalAlterationRules);
#pragma warning restore CS0618 // Type or member is obsolete
/// <summary>
/// Specify a filter which trigger save to directory when passed.
/// When this filter is null, all exchanges will be saved.
/// </summary>
[JsonInclude]
public Filter? SaveFilter { get; internal set; }
/// <summary>
/// Skip SSL decryption for any exchanges. This setting cannot be overriden by rules
/// </summary>
[JsonInclude]
public bool GlobalSkipSslDecryption { get; internal set; } = false;
/// <summary>
/// When set to true, the raw network capture will be done out of process.
/// </summary>
[JsonInclude]
public bool OutOfProcCapture { get; internal set; } = true;
/// <summary>
/// Using bouncy castle for ssl streams instead of OsDefault (SChannel or OpenSSL)
/// </summary>
[JsonInclude]
public bool UseBouncyCastle { get; internal set; } = false;
/// <summary>
/// Fluxzy will exit when the number of exchanges reaches this value.
/// Default value is null (no limit)
/// </summary>
[JsonInclude]
public int? MaxExchangeCount { get; set; }
/// <summary>
/// No proxy CONNECT parsing. The client will send directly requests as if fluxzy is a web server.
/// </summary>
[JsonInclude]
public bool ReverseMode { get; internal set; }
/// <summary>
/// When reverse mode forced port is set, fluxzy will use the specified port to connect to the remote instead of client connected port
/// </summary>
[JsonInclude]
public int? ReverseModeForcedPort { get; internal set; }
/// <summary>
/// When set to true, fluxzy will expect plain http for reverse mode
/// </summary>
[JsonInclude]
public bool ReverseModePlainHttp { get; internal set; }
/// <summary>
/// The current proxy authentication setting if any
/// </summary>
[JsonInclude]
public ProxyAuthentication? ProxyAuthentication { get; internal set; }
/// <summary>
/// Use a provided configuration file instead of default
/// to determine user agent used in UserAgentAction
/// </summary>
[JsonInclude]
public string? UserAgentActionConfigurationFile { get; internal set; }
internal IEnumerable<Rule> FixedRules()
{
if (GlobalSkipSslDecryption)
yield return new Rule(new SkipSslTunnelingAction(), AnyFilter.Default);
yield return new Rule(
new MountCertificateAuthorityAction(), new FilterCollection(new IsSelfFilter(),
new PathFilter("/ca", StringSelectorOperation.StartsWith))
{
Operation = SelectorCollectionOperation.And
});
yield return new Rule(
new MountWelcomePageAction(), new IsSelfFilter());
}
/// <summary>
/// Create a default setting for a fluxzy capture session.
/// Fluxzy will listen on 127.0.0.1 on port 44344
/// </summary>
/// <returns></returns>
public static FluxzySetting CreateDefault()
{
return new FluxzySetting {
ConnectionPerHost = 16
}.SetBoundAddress(IPAddress.Loopback, 44344);
}
/// <summary>
/// Create a default setting for a fluxzy capture session with provided address and port
/// </summary>
/// <param name="address"></param>
/// <param name="port"></param>
/// <returns></returns>
public static FluxzySetting CreateDefault(IPAddress address, int port)
{
return new FluxzySetting
{
ConnectionPerHost = 16
}.SetBoundAddress(address, port);
}
/// <summary>
/// Create a default instance and listen on IPv4 loopback address
/// </summary>
/// <param name="port"></param>
/// <returns></returns>
public static FluxzySetting CreateLocal(int port = 44344)
{
return CreateDefault(IPAddress.Loopback, port);
}
/// <summary>
/// Creates a FluxzySetting with a randomly generated local port number and bound to the IPv4 loopback address.
/// </summary>
/// <returns>A FluxzySetting object with the local port number set to a random value.</returns>
public static FluxzySetting CreateLocalRandomPort()
{
return CreateLocal(0);
}
}
}