Use SSL WebSockets for Nitro to prevent CSP issues

This commit is contained in:
UnfamiliarLegacy 2024-05-27 19:20:00 +02:00
parent bea6848fdc
commit 88ba87a819
5 changed files with 93 additions and 38 deletions

View File

@ -6,6 +6,8 @@ import gearth.protocol.connection.HProxySetter;
import gearth.protocol.connection.HState; import gearth.protocol.connection.HState;
import gearth.protocol.connection.HStateSetter; import gearth.protocol.connection.HStateSetter;
import gearth.protocol.connection.proxy.ProxyProvider; import gearth.protocol.connection.proxy.ProxyProvider;
import gearth.protocol.connection.proxy.nitro.http.NitroAuthority;
import gearth.protocol.connection.proxy.nitro.http.NitroCertificateSniffingManager;
import gearth.protocol.connection.proxy.nitro.http.NitroHttpProxy; import gearth.protocol.connection.proxy.nitro.http.NitroHttpProxy;
import gearth.protocol.connection.proxy.nitro.http.NitroHttpProxyServerCallback; import gearth.protocol.connection.proxy.nitro.http.NitroHttpProxyServerCallback;
import gearth.protocol.connection.proxy.nitro.websocket.NitroWebsocketProxy; import gearth.protocol.connection.proxy.nitro.websocket.NitroWebsocketProxy;
@ -13,7 +15,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.io.IOException; import java.io.IOException;
import java.net.ServerSocket;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
public class NitroProxyProvider implements ProxyProvider, NitroHttpProxyServerCallback, StateChangeListener { public class NitroProxyProvider implements ProxyProvider, NitroHttpProxyServerCallback, StateChangeListener {
@ -32,11 +33,14 @@ public class NitroProxyProvider implements ProxyProvider, NitroHttpProxyServerCa
private String originalCookies; private String originalCookies;
public NitroProxyProvider(HProxySetter proxySetter, HStateSetter stateSetter, HConnection connection) { public NitroProxyProvider(HProxySetter proxySetter, HStateSetter stateSetter, HConnection connection) {
final NitroAuthority authority = new NitroAuthority();
final NitroCertificateSniffingManager certificateManager = new NitroCertificateSniffingManager(authority);
this.proxySetter = proxySetter; this.proxySetter = proxySetter;
this.stateSetter = stateSetter; this.stateSetter = stateSetter;
this.connection = connection; this.connection = connection;
this.nitroHttpProxy = new NitroHttpProxy(this); this.nitroHttpProxy = new NitroHttpProxy(this, certificateManager);
this.nitroWebsocketProxy = new NitroWebsocketProxy(proxySetter, stateSetter, connection, this); this.nitroWebsocketProxy = new NitroWebsocketProxy(proxySetter, stateSetter, connection, this, certificateManager);
this.abortLock = new AtomicBoolean(); this.abortLock = new AtomicBoolean();
} }

View File

@ -20,12 +20,31 @@ public class NitroCertificateSniffingManager implements MitmManager {
private static final boolean DEBUG = false; private static final boolean DEBUG = false;
private final BouncyCastleSslEngineSource sslEngineSource; private final BouncyCastleSslEngineSource sslEngineSource;
private final Authority authority;
public NitroCertificateSniffingManager(Authority authority) throws RootCertificateException { public NitroCertificateSniffingManager(Authority authority) {
this.authority = authority;
try { try {
sslEngineSource = new BouncyCastleSslEngineSource(authority, true, true, null); sslEngineSource = new BouncyCastleSslEngineSource(authority, true, true, null);
} catch (final Exception e) { } catch (final Exception e) {
throw new RootCertificateException("Errors during assembling root CA.", e); throw new RuntimeException(new RootCertificateException("Errors during assembling root CA.", e));
}
}
public Authority getAuthority() {
return authority;
}
public SSLEngine websocketSslEngine(String commonName) {
final SubjectAlternativeNameHolder san = new SubjectAlternativeNameHolder();
san.addDomainName("localhost");
san.addIpAddress("127.0.0.1");
try {
return sslEngineSource.createCertForHost(commonName, san);
} catch (Exception e) {
throw new FakeCertificateException("Failed to create WebSocket certificate", e);
} }
} }

View File

@ -12,8 +12,6 @@ import javafx.scene.control.ButtonType;
import javafx.scene.control.Label; import javafx.scene.control.Label;
import org.littleshoot.proxy.HttpProxyServer; import org.littleshoot.proxy.HttpProxyServer;
import org.littleshoot.proxy.impl.DefaultHttpProxyServer; import org.littleshoot.proxy.impl.DefaultHttpProxyServer;
import org.littleshoot.proxy.mitm.Authority;
import org.littleshoot.proxy.mitm.RootCertificateException;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
@ -25,20 +23,20 @@ public class NitroHttpProxy {
private static final String ADMIN_WARNING_KEY = "admin_warning_dialog"; private static final String ADMIN_WARNING_KEY = "admin_warning_dialog";
private static final AtomicBoolean SHUTDOWN_HOOK = new AtomicBoolean(); private static final AtomicBoolean SHUTDOWN_HOOK = new AtomicBoolean();
private final Authority authority;
private final NitroOsFunctions osFunctions; private final NitroOsFunctions osFunctions;
private final NitroHttpProxyServerCallback serverCallback; private final NitroHttpProxyServerCallback serverCallback;
private final NitroCertificateSniffingManager certificateManager;
private HttpProxyServer proxyServer = null; private HttpProxyServer proxyServer = null;
public NitroHttpProxy(NitroHttpProxyServerCallback serverCallback) { public NitroHttpProxy(NitroHttpProxyServerCallback serverCallback, NitroCertificateSniffingManager certificateManager) {
this.serverCallback = serverCallback; this.serverCallback = serverCallback;
this.authority = new NitroAuthority(); this.certificateManager = certificateManager;
this.osFunctions = NitroOsFunctionsFactory.create(); this.osFunctions = NitroOsFunctionsFactory.create();
} }
private boolean initializeCertificate() { private boolean initializeCertificate() {
final File certificate = this.authority.aliasFile(".pem"); final File certificate = this.certificateManager.getAuthority().aliasFile(".pem");
// All good if certificate is already trusted. // All good if certificate is already trusted.
if (this.osFunctions.isRootCertificateTrusted(certificate)) { if (this.osFunctions.isRootCertificateTrusted(certificate)) {
@ -80,7 +78,7 @@ public class NitroHttpProxy {
return false; return false;
} }
return this.osFunctions.installRootCertificate(this.authority.aliasFile(".pem")); return this.osFunctions.installRootCertificate(this.certificateManager.getAuthority().aliasFile(".pem"));
} }
/** /**
@ -100,10 +98,9 @@ public class NitroHttpProxy {
public boolean start() { public boolean start() {
setupShutdownHook(); setupShutdownHook();
try {
proxyServer = DefaultHttpProxyServer.bootstrap() proxyServer = DefaultHttpProxyServer.bootstrap()
.withPort(NitroConstants.HTTP_PORT) .withPort(NitroConstants.HTTP_PORT)
.withManInTheMiddle(new NitroCertificateSniffingManager(authority)) .withManInTheMiddle(this.certificateManager)
.withFiltersSource(new NitroHttpProxyFilterSource(serverCallback)) .withFiltersSource(new NitroHttpProxyFilterSource(serverCallback))
.withTransparent(true) .withTransparent(true)
.start(); .start();
@ -123,10 +120,6 @@ public class NitroHttpProxy {
} }
return true; return true;
} catch (RootCertificateException e) {
e.printStackTrace();
return false;
}
} }
public void pause() { public void pause() {

View File

@ -0,0 +1,20 @@
package gearth.protocol.connection.proxy.nitro.http;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import javax.net.ssl.SSLEngine;
public class NitroSslContextFactory extends SslContextFactory.Server {
private final NitroCertificateSniffingManager certificateManager;
public NitroSslContextFactory(NitroCertificateSniffingManager certificateManager) {
this.certificateManager = certificateManager;
}
@Override
public SSLEngine newSSLEngine(String host, int port) {
System.out.printf("[NitroSslContextFactory] Creating SSLEngine for %s:%d%n", host, port);
return certificateManager.websocketSslEngine(host);
}
}

View File

@ -4,7 +4,8 @@ import gearth.protocol.HConnection;
import gearth.protocol.connection.HProxySetter; import gearth.protocol.connection.HProxySetter;
import gearth.protocol.connection.HStateSetter; import gearth.protocol.connection.HStateSetter;
import gearth.protocol.connection.proxy.nitro.NitroProxyProvider; import gearth.protocol.connection.proxy.nitro.NitroProxyProvider;
import org.eclipse.jetty.server.Connector; import gearth.protocol.connection.proxy.nitro.http.NitroCertificateSniffingManager;
import gearth.protocol.connection.proxy.nitro.http.NitroSslContextFactory;
import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.ServerConnector;
@ -21,19 +22,37 @@ public class NitroWebsocketProxy {
private final HStateSetter stateSetter; private final HStateSetter stateSetter;
private final HConnection connection; private final HConnection connection;
private final NitroProxyProvider proxyProvider; private final NitroProxyProvider proxyProvider;
private final NitroCertificateSniffingManager certificateManager;
private final Server server; private final Server server;
private final int serverPort;
public NitroWebsocketProxy(HProxySetter proxySetter, HStateSetter stateSetter, HConnection connection, NitroProxyProvider proxyProvider) { public NitroWebsocketProxy(HProxySetter proxySetter,
HStateSetter stateSetter,
HConnection connection,
NitroProxyProvider proxyProvider,
NitroCertificateSniffingManager certificateManager) {
this.proxySetter = proxySetter; this.proxySetter = proxySetter;
this.stateSetter = stateSetter; this.stateSetter = stateSetter;
this.connection = connection; this.connection = connection;
this.proxyProvider = proxyProvider; this.proxyProvider = proxyProvider;
this.server = new Server(0); this.certificateManager = certificateManager;
this.server = new Server();
this.serverPort = 0;
} }
public boolean start() { public boolean start() {
try { try {
// Configure SSL.
final NitroSslContextFactory sslContextFactory = new NitroSslContextFactory(this.certificateManager);
final ServerConnector sslConnector = new ServerConnector(server, sslContextFactory);
sslConnector.setPort(this.serverPort);
// Add SSL to the server.
server.addConnector(sslConnector);
// Configure the WebSocket.
final ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); final ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/"); context.setContextPath("/");