Trapping the socket creation event

[Emmanuel E]

Hi,

Is it possible to trap the socket creation event from javascript? I was
looking at the Tamper Data extension and saw that it catches the
http-on-modify-request event which led me to the global event list on
xulplanet.

What I want to achieve is a secure and/or chained proxying:

I have Apache running on my home computer on port 443, SSL + proxying
enabled.

I want FF to connect to the Apache proxy using SSL and then send the
request.

As far as I can see, data transfer between a proxy and FF is being done
in plain text.

Would it be possible to intercept the socket event and set the socket to
be SSL enabled so that FF can communicate with an SSL speaking proxy?

A further bonus would be getting chaining of multiple proxies to work!

Thanks,
Emmanuel

[Eric H. Jung]

It's a lot easier to tunnel the HTTP connection over SSL using stunnel or openssl... no coding necessary. I have a tutorial on how to do this if you're interested.

FYI, the FoxyProxy extension supports proxy chaining in some instances (with more coming).

-Eric

Hi,

Thanks,
Emmanuel
_______________________________________________
dev-extensions mailing list
dev-ext...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-extensions

[Christian Biesinger]

Emmanuel E wrote:
> Is it possible to trap the socket creation event from javascript? I was
> looking at the Tamper Data extension and saw that it catches the
> http-on-modify-request event which led me to the global event list on
> xulplanet.

What you can do is set the network.http.default-socket-type preference
and register a socket provider. However, you can only implement socket
providers in C++... I suppose you could set that pref to "ssl", that
might actually work (if you also set your HTTP proxy to something that
accepts SSL).

> A further bonus would be getting chaining of multiple proxies to work!

That seems harder...

[Emmanuel E]

hmm.. youre right.

let me see if i can intercept the proxy call and set the socket flag to SSL.

given the current object model it will be difficult to implement
chaining unless a protocol handler is introduced something like
tunnel:// . i wonder if a plugin would be able to accomplish that. or a
complete socketserver would have to be implemented in javascript, which
might make FF quite unstable because of rapid triggering of events.

[Eric H. Jung]

Have you seen the protocol handler tutorial that explains how to write on in javascript for Firefox?

----- Original Message ----
From: Emmanuel E <emman...@gmx.net>

[Emmanuel E]

[Emmanuel E]

trying again in plain text...

No I havent seen the protocol handler tutorial. Can you please send me
the link?

Out here - http://www.xulplanet.com/tutorials/mozsdk/observerserv.php it
says " There are also a number of topics that are too
application-specific so they are omitted from the table below." Is it
possible to view the entire list of observable events? I am clueless as
to where xulplanet generated that list from.

Okay I did a bit of poking around on lxr and found the CONNECT and the
SSL code. The CONNECT code is out here
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#672
If this function is accessible then proxy chaining should not be a problem.

The function to start SSL on a socket is out here.
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#185

I saw that the CONNECT code modifies the request method to CONNECT. So
possibly proxy chaining could also be implemented at the
http-on-modify-request global notification level similar to the tamper
data extension. One would have to trap the original request, and save it
for future reference, then send a CONNECT request, trap the response
using http-on-examine-response, parse the response and send the original
request.

Are these functions available via xpconnect to javascript? I'm still
lost on how to access them from Javascript.

[Emmanuel E]

now I think i'm stuck.

the http-on-modify-request and http-on-examine-response events are
generated here:
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpChannel.cpp

Here I could set UsingSSL() to true. But in this context it only applies
to the normal request and not to the proxy request :(

The only place where something seems to be doable is at
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp
using the SetupSSLProxyConnect() and ProxyStartSSL() functions. But
HttpConnection does not have any observable events :(. Is there any
other way to intercept calls made to objects/functions in
HttpConnection.cpp ? Or will HttpConnection.cpp have to be re-written?
If re-writing is the only way I dont think it will be integrated with
the main sources very soon, given that its such a critical component.

---

The other way seems to be is to write a full-fledged Proxy
Chaining/Tunnel socket server in Javascript running on localhost and
making FF use the socket server as the proxy. But I wonder if it will be
stable and fast.

Any pointers will be appreciated.

Thanks,
Emmanuel

[Emmanuel E]

[Emmanuel E]

[Emmanuel E]

[Emmanuel E]

damn blank again! hope it works this time... its the 4th time...

Wonder if this could be included in the mozilla codebase: An event just
before and after socket creation.

In
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#442

442 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#442> rv <http://lxr.mozilla.org/mozilla1.8.0/ident?i=rv> = sts->CreateTransport <http://lxr.mozilla.org/mozilla1.8.0/ident?i=CreateTransport>(types <http://lxr.mozilla.org/mozilla1.8.0/ident?i=types>, typeCount,
443 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#443> nsDependentCString <http://lxr.mozilla.org/mozilla1.8.0/ident?i=nsDependentCString>(mConnInfo->Host <http://lxr.mozilla.org/mozilla1.8.0/ident?i=Host>()),
444 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#444> mConnInfo->Port(),
445 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#445> mConnInfo->ProxyInfo(),
446 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#446> getter_AddRefs <http://lxr.mozilla.org/mozilla1.8.0/ident?i=getter_AddRefs>(strans)); <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#142>

could be modified to

442 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#442> NotifyObservers(this, "Just-Before-Socket-Creation");
rv <http://lxr.mozilla.org/mozilla1.8.0/ident?i=rv> = sts->CreateTransport <http://lxr.mozilla.org/mozilla1.8.0/ident?i=CreateTransport>(types <http://lxr.mozilla.org/mozilla1.8.0/ident?i=types>, typeCount,
443 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#443> nsDependentCString <http://lxr.mozilla.org/mozilla1.8.0/ident?i=nsDependentCString>(mConnInfo->Host <http://lxr.mozilla.org/mozilla1.8.0/ident?i=Host>()),
444 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#444> mConnInfo->Port(),
445 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#445> mConnInfo->ProxyInfo(),
446 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#446> getter_AddRefs <http://lxr.mozilla.org/mozilla1.8.0/ident?i=getter_AddRefs>(strans)); <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#142>

And further below

469 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#469> return NS_OK <http://lxr.mozilla.org/mozilla1.8.0/ident?i=NS_OK>;

could be modified to

469 <http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#469> NotifyObservers(this, "Just-After-Socket-Creation");
return NS_OK <http://lxr.mozilla.org/mozilla1.8.0/ident?i=NS_OK>;

Futher nsHttpConnection will have to be declared as a class of type
nsIObserver and nice wrappers can be added around the NotifyObservers
call like in
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpHandler.h#178

I'm not sure if returning "this" in NotifyObservers will work. Eric will
know better.

So that the browser's socket object can be manipulated by an extension.
Just before socket creation one can manipulate the types and mConnInfo
and after socket creation manipulate the ReadSegments and WriteSegments
methods.

Dunno if all this is even syntactically correct. Am not a C++ expert.
But at least I hope I have documented something of value for future
reference to anyone interested in implementing chaining and ssling proxies.

Cheers,
Emmanuel

[Emmanuel E]

okay for the last time... the last one formatting was badly mangled...
sorry everyone.

Wonder if this could be included in the mozilla codebase: An event just
before and after socket creation.

In
http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/protocol/http/src/nsHttpConnection.cpp#442

442 rv = sts->CreateTransport(types, typeCount,
443 nsDependentCString(mConnInfo->Host()),
444 mConnInfo->Port(),
445 mConnInfo->ProxyInfo(),
446 getter_AddRefs(strans));

could be modified to

442 NotifyObservers(this, "Just-Before-Socket-Creation");
rv = sts->CreateTransport(types, typeCount,
443 nsDependentCString(mConnInfo->Host()),
444 mConnInfo->Port(),
445 mConnInfo->ProxyInfo(),
446 getter_AddRefs(strans));

And further below

469 return NS_OK;

could be modified to

469 NotifyObservers(this, "Just-After-Socket-Creation");
return NS_OK;