Create a firefox interceptor

Author: pimterry

custom-typings/@james-proxy/index.d.ts

@@ -15,6 +15,7 @@ declare module '@james-proxy/james-browser-launcher' {
             detached?: boolean;
             noProxy?: string | string[];
             headless?: boolean;
+            prefs?: { [key: string]: any };
         }
 
         function Launch(

src/cert-check-server.ts

@@ -0,0 +1,145 @@
+import { promisify } from 'util';
+import * as fs from 'fs';
+
+import { getLocal, Mockttp } from 'mockttp';
+
+import { HttpsPathOptions } from 'mockttp/dist/util/tls';
+
+const readFile = promisify(fs.readFile);
+
+// Make the types for some of the browser code below happy.
+let targetUrl: string;
+let installingCert: boolean;
+
+// Check if an HTTPS cert to a server using the certificate succeeds
+// If it doesn't, redirect to the certificate itself (the browser will prompt to install)
+// Note that this function is stringified, and run in the browser, not here in node.
+function ensureCertificateIsInstalled() {
+    const testUrl = window.location.href.replace('http://', 'https://').replace('check-cert', 'test-https');
+    const downloadUrl = window.location.href.replace('check-cert', 'download-cert');
+
+    fetch(testUrl)
+        .then(() => true)
+        .catch(() => false)
+        .then((certificateIsTrusted) => {
+            if (certificateIsTrusted) {
+                window.location.replace(targetUrl);
+            } else {
+                if (!installingCert) {
+                    installingCert = true;
+                    const iframe = document.createElement('iframe');
+                    iframe.src = downloadUrl;
+                    document.body.appendChild(iframe);
+                    setInterval(ensureCertificateIsInstalled, 500);
+                }
+            }
+        });
+}
+
+export class CertCheckServer {
+
+    constructor(private config: { https: HttpsPathOptions }) { }
+
+    private server: Mockttp | undefined;
+
+    async start(targetUrl: string) {
+        this.server = getLocal({ https: this.config.https, debug: true, cors: true });
+        await this.server.start();
+
+        const certificatePem = await readFile(this.config.https.certPath);
+
+        this.server.get('/test-https').thenReply(200);
+
+        this.server.get('/download-cert').thenReply(200, certificatePem, {
+            'Content-type': 'application/x-x509-ca-cert'
+        });
+
+        this.server.get('/check-cert').thenReply(200, `
+            <html>
+                <title>HTTP Toolkit Certificate Setup</title>
+                <meta charset="UTF-8" />
+                <link href="http://fonts.googleapis.com/css?family=Lato" rel="stylesheet" />
+                <style>
+                    body {
+                        margin: 20px;
+                        background-color: #d8e2e6;
+                        font-family: Lato, Arial;
+                    }
+
+                    h1 {
+                        font-size: 36pt;
+                    }
+
+                    p {
+                        font-size: 16pt;
+                    }
+
+                    iframe {
+                        display: none;
+                    }
+                </style>
+                <script>
+                    let installingCert = false;
+                    const targetUrl = ${JSON.stringify(targetUrl)};
+
+                    ${ensureCertificateIsInstalled.toString()}
+                    ensureCertificateIsInstalled();
+                </script>
+                <body>
+                    <h1>
+                        Configuring Firefox to use HTTP Toolkit
+                    </h1>
+                    <p>
+                        To intercept HTTPS traffic, you need to trust the HTTP Toolkit certificate.
+                    </p>
+                    <p>
+                        Select 'Trust this CA to identify web sites' and press 'OK' to continue.
+                    </p>
+
+                    <svg
+                        version="1.1"
+                        xmlns="http://www.w3.org/2000/svg"
+                        xmlns:xlink="http://www.w3.org/1999/xlink"
+                        x="0px"
+                        y="0px"
+                        width="400px"
+                        height="400px"
+                        viewBox="0 0 50 50"
+                        style="enable-background:new 0 0 50 50;"
+                    >
+                        <path fill="#b6c2ca" d="M25.251,6.461c-10.318,0-18.683,8.365-18.683,18.683h4.068c0-8.071,6.543-14.615,14.615-14.615V6.461z">
+                            <animateTransform
+                                attributeType="xml"
+                                attributeName="transform"
+                                type="rotate"
+                                from="0 25 25"
+                                to="360 25 25"
+                                dur="6s"
+                                repeatCount="indefinite"
+                            />
+                        </path>
+                    </svg>
+                </div>
+                </body>
+            </html>
+        `);
+    }
+
+    get host(): string {
+        return this.server!.url
+            .replace('https://', '');
+    }
+
+    get checkCertUrl(): string {
+        return this.server!.url
+            .replace('https://', 'http://')
+            .replace(/\/?$/, '/check-cert');
+    }
+
+    async stop() {
+        if (this.server) {
+            await this.server.stop();
+            this.server = undefined;
+        }
+    }
+}

src/config.d.ts

@@ -1,3 +1,6 @@
+import { HttpsPathOptions } from "mockttp/dist/util/tls";
+
 export interface HtkConfig {
     configPath: string;
+    https: HttpsPathOptions
 }

src/index.ts

@@ -22,7 +22,7 @@ async function generateHTTPSConfig(configPath: string) {
         canAccess(certPath, fs.constants.R_OK)
     ]).catch(() => {
         const newCertPair = generateCACertificate({
-            commonName: 'HTTP Toolkit CA - DO NOT TRUST'
+            commonName: 'HTTP Toolkit CA'
         });
 
         return Promise.all([
@@ -58,7 +58,8 @@ export async function runHTK(options: {
 
     // Start a HTK server
     const htkServer = new HttpToolkitServer({
-        configPath
+        configPath,
+        https: httpsConfig
     });
     await htkServer.start();
 

src/interceptors/fresh-chrome.ts

@@ -38,7 +38,7 @@ export class FreshChrome {
         const certificatePem = await readFile(path.join(this.config.configPath, 'ca.pem'), 'utf8');
         const spkiFingerprint = generateSPKIFingerprint(certificatePem);
 
-        const browser = await launchBrowser('https://example.com', {
+        const browser = await launchBrowser('https://amiusing.httptoolkit.tech', {
             browser: 'chrome',
             proxy: `https://localhost:${proxyPort}`,
             options: [

src/interceptors/fresh-firefox.ts

@@ -0,0 +1,92 @@
+import * as _ from 'lodash';
+
+import { HtkConfig } from '../config';
+
+import { getAvailableBrowsers, launchBrowser, BrowserInstance } from '../browsers';
+import { CertCheckServer } from '../cert-check-server';
+
+let browsers: _.Dictionary<BrowserInstance> = {};
+
+export class FreshFirefox {
+    id = 'fresh-firefox';
+    version = '1.0.0';
+
+    constructor(private config: HtkConfig) { }
+
+    isActive(proxyPort: number) {
+        return browsers[proxyPort] != null && !!browsers[proxyPort].pid;
+    }
+
+    async isActivable() {
+        const browsers = await getAvailableBrowsers(this.config.configPath);
+
+        return _(browsers)
+            .map(b => b.name)
+            .includes('firefox')
+
+    }
+
+    async activate(proxyPort: number) {
+        if (this.isActive(proxyPort)) return;
+
+        const certCheckServer = new CertCheckServer(this.config);
+        await certCheckServer.start('https://amiusing.httptoolkit.tech');
+
+        // TODO: Change james launcher so I can pass a profile here,
+        // so things persist across launches. Permanently? Yes, probably.
+
+        const browser = await launchBrowser(certCheckServer.checkCertUrl, {
+            browser: 'firefox',
+            proxy: `localhost:${proxyPort}`,
+            // Don't intercept our cert testing requests
+            noProxy: certCheckServer.host,
+            prefs: {
+                // By default james-launcher only configures HTTP, so we need to add HTTPS:
+                'network.proxy.ssl': '"localhost"',
+                'network.proxy.ssl_port': proxyPort,
+
+                // Disable the noisy captive portal check requests
+                'network.captive-portal-service.enabled': false,
+
+                // Disable some annoying tip messages
+                'browser.chrome.toolbar_tips': false,
+
+                // Ignore available updates:
+                "app.update.auto": false,
+                "browser.startup.homepage_override.mstone": "ignore",
+
+                // Disable exit warnings:
+                "browser.showQuitWarning": false,
+                "browser.tabs.warnOnClose": false,
+                "browser.tabs.warnOnCloseOtherTabs": false,
+
+                // Disable 'new FF available' messages
+
+                // Disable various first-run things:
+                "browser.uitour.enabled": false,
+                'browser.usedOnWindows10': true,
+                "browser.usedOnWindows10.introURL": "",
+                'datareporting.healthreport.service.firstRun': false,
+                'toolkit.telemetry.reportingpolicy.firstRun': false,
+                'browser.reader.detectedFirstArticle': false,
+                "datareporting.policy.dataSubmissionEnabled": false,
+                "datareporting.policy.dataSubmissionPolicyAccepted": false,
+                "datareporting.policy.dataSubmissionPolicyBypassNotification": true
+            }
+        }, this.config.configPath);
+
+        browsers[proxyPort] = browser;
+        browser.process.once('exit', () => {
+            certCheckServer.stop();
+            delete browsers[proxyPort];
+        });
+    }
+
+    async deactivate(proxyPort: number) {
+        if (this.isActive(proxyPort)) {
+            const browser = browsers[proxyPort];
+            browser!.process.kill();
+            await new Promise((resolve) => browser!.process.once('exit', resolve));
+        }
+    }
+};

src/interceptors/index.ts

@@ -3,6 +3,7 @@ import * as _ from 'lodash';
 import { HtkConfig } from '../config';
 
 import { FreshChrome } from './fresh-chrome';
+import { FreshFirefox } from './fresh-firefox';
 
 export interface Interceptor {
     id: string;
@@ -17,6 +18,7 @@ export interface Interceptor {
 
 export function buildInterceptors(config: HtkConfig): _.Dictionary<Interceptor> {
     return _.keyBy([
-        new FreshChrome(config)
+        new FreshChrome(config),
+        new FreshFirefox(config)
     ], (interceptor) => interceptor.id);
 }

test/interceptors.spec.ts

@@ -3,9 +3,9 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as tmp from 'tmp';
 import { expect } from 'chai';
-import { getLocal, CompletedRequest, generateCACertificate, Mockttp } from 'mockttp';
+import { getLocal, CompletedRequest, generateCACertificate } from 'mockttp';
 
-import { buildInterceptors, Interceptor } from '../src/interceptors';
+import { buildInterceptors } from '../src/interceptors';
 
 const configPath = tmp.dirSync({ unsafeCleanup: true }).name;
 
@@ -15,8 +15,8 @@ const newCertPair = generateCACertificate({ commonName: 'HTTP Toolkit CA - DO NO
 fs.writeFileSync(keyPath, newCertPair.key);
 fs.writeFileSync(certPath, newCertPair.cert);
 
-const server = getLocal({ https: { certPath, keyPath } });
-const interceptors = buildInterceptors({ configPath });
+const server = getLocal({ https: { certPath, keyPath }, debug: true });
+const interceptors = buildInterceptors({ configPath, https: { certPath, keyPath } });
 
 _.forEach(interceptors, (interceptor, name) =>
     describe(`${name} interceptor`, function () {
@@ -42,20 +42,26 @@ _.forEach(interceptors, (interceptor, name) =>
             expect(interceptor.isActive(server.port)).to.equal(false);
         });
 
-        it('successfully makes requests', async () => {
+        it('successfully makes requests', async function () {
+            // Firefox needs a manual acceptance of the cert to successfully make requests
+            if (name === 'fresh-firefox') {
+                await server.stop();
+                this.skip();
+            }
+
             await server.anyRequest().thenPassThrough();
 
             const exampleRequestReceived = new Promise<CompletedRequest>((resolve) =>
                 server.on('request', (req) => {
-                    if (req.url.startsWith('https://example.com')) {
+                    if (req.url.startsWith('https://amiusing.httptoolkit.tech')) {
                         resolve(req);
                     }
                 })
             );
 
             await interceptor.activate(server.port);
 
-            // Only resolves if example.com request is sent successfully
+            // Only resolves if amiusing request is sent successfully
             await exampleRequestReceived;
         });
     })