Skip to content
This repository has been archived by the owner on Jul 9, 2023. It is now read-only.
Jehonathan Thomas edited this page Jun 27, 2017 · 56 revisions

Syncing Request & Response

Proxy is asynchronously multi-threaded, so request/response handlers will be fired as soon as we receive data from client/server asynchronously. This won't be in order necessarily. To sync request/response sequence one can use e.RequestId property. This Guid will be same across both request & response event handlers for same request/response sequence.

Firefox

Firefox doesn't look at Windows Certificate Store by default for Root Certificates. It maintains its own Certificate Infrastructure. As such one need to configure Firefox to also use Windows Store.

As per below guideline, Firefox should use Windows root certificates if root was added to Local Windows Machine Store. To install in Local Machine Store one need to have local administrator privilege. Alternatively proxy will install root to local machine if it is run as an administrator user. In addition the API flag (CERT_SYSTEM_STORE_LOCAL_MACHINE) in Firefox needs to be toggled to true. API flags can be modified in Firefox by navigating to about:firefox from Firefox browser URL tab.

https://wiki.mozilla.org/CA:AddRootToFirefox

Mono Support (for Apple Mac OS or Linux)

Mono support is not verified. However we assume it would run in mono, since users have reported so. Of course calls such as SetAsSystemHttpProxy would fail since they make use of windows specific APIs. In Mono we make use of BouncyCastle library to generate Certificates and it is the only option. In Windows we make use of native COM calls to generate Certificates, and optionally by using BouncyCastle (which is reportedly slower). This is controlled by below flag.

proxyServer.CertificateEngine = Network.CertificateEngine.BouncyCastle;

Excluding & Including HTTPS connections

Proxy can relay incoming HTTPS connections without doing decryption when using ExplicitEndPoint. This can be done in two mutually exclusive ways.

  1. EndPoint.ExcludedHttpsHostNameRegex - Only specified host names will not be decrypted.
  2. EndPoint.IncludedHttpsHostNameRegex - Only specified host names will be decrypted.

Custom Root Certificates

One can set the Root Certificate used by proxy by using below property.

X509Certificate2 RootCertificate { get; set; }

And if the user do not set RootCertificate, then we will do the following.

  1. We will check for "rootCert.pfx" in the current working directory first.
  2. If its not found there, then we will create "rootCert.pfx" and save it in current working directory. The root certificate name will be "Titanium Root Certificate Authority". This is so that we don't create new RootCertificates each time the proxy is started and RootCertificate is not set.
  3. Next we will read the "rootCert.pfx" as our root certificate.
  4. And finally we will Trust the loaded RootCertificate by checking below existing property. (Its true by default)

public bool TrustRootCertificate { get; set; }

Contribution Guidelines

Code Style

The code style is as follows.

  1. Property and Field names should be camelCase for private
  2. Property and Field names should be PascalCase for public, internal or any other.
  3. Method names should be always be in PascalCase.
  4. Argument names should be always camelCase.
  5. Local variables should be always camelCase
  6. Class definitions should define private members first (also const), followed by private properties and then public properties (also const) etc.
  7. Use helper classes for methods if relevant to improve readability.

New APIs

Would be nice to discuss any new public API to the project before making an effort via PR. Also please note this is not intended to be a web debugging proxy. We are focused more on performance.

Major issues

  1. It has been reported that proxy fails to accept connections under HTTPS when reaching heavy traffic. Contributions in this regard (such as memory leak identification or code flaws) will be appreciated. https://github.com/justcoding121/Titanium-Web-Proxy/issues/184

  2. Issues with windows authentication https://github.com/justcoding121/Titanium-Web-Proxy/issues/251

Clone this wiki locally