Skip to content

Commit 4a9b8c8

Browse files
author
Eric Lawrence
committed
v1.3.1
Add HSTS upgrades Add socket addresses to list
1 parent 6d428bd commit 4a9b8c8

File tree

3 files changed

+73
-28
lines changed

3 files changed

+73
-28
lines changed

FiddlerImportNetlog/FiddlerInterface.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
namespace FiddlerImportNetlog
1010
{
11-
[ProfferFormat("NetLog JSON", "Chromium's JSON-based event log format (v1.3). See https://dev.chromium.org/for-testers/providing-network-details for more details.")]
11+
[ProfferFormat("NetLog JSON", "Chromium's JSON-based event log format (v1.3.1). See https://dev.chromium.org/for-testers/providing-network-details for more details.")]
1212
public class HTTPArchiveFormatImport : ISessionImporter
1313
{
1414
public Session[] ImportSessions(string sFormat, Dictionary<string, object> dictOptions, EventHandler<Fiddler.ProgressCallbackEventArgs> evtProgressNotifications)
@@ -48,7 +48,7 @@ public Session[] ImportSessions(string sFormat, Dictionary<string, object> dictO
4848
else
4949
{
5050
Stream oFS = File.OpenRead(sFilename);
51-
51+
FiddlerApplication.Log.LogFormat("!NetLog Importer is loading {0}", sFilename);
5252
// Check to see if this file data was GZIP'd or PKZIP'd.
5353
bool bWasGZIP = false;
5454
bool bWasPKZIP = false;

FiddlerImportNetlog/Importer.cs

Lines changed: 51 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -31,12 +31,14 @@ struct Magics
3131
public int SEND_QUIC_HEADERS;
3232
public int SEND_HTTP2_HEADERS;
3333
public int READ_HEADERS;
34+
public int FAKE_RESPONSE_HEADERS_CREATED;
3435
public int COOKIE_INCLUSION_STATUS;
3536
public int FILTERED_BYTES_READ;
3637
public int SEND_BODY;
3738
public int SEND_REQUEST;
3839
public int SSL_CERTIFICATES_RECEIVED;
3940
public int SSL_HANDSHAKE_MESSAGE_RECEIVED;
41+
public int TCP_CONNECT;
4042
}
4143

4244
internal static string DescribeExceptionWithStack(Exception eX)
@@ -151,12 +153,14 @@ private void ExtractSessionsFromTraceJSON(ArrayList alTraceEvents)
151153
NetLogMagics.SEND_QUIC_HEADERS = 6;
152154
NetLogMagics.SEND_HTTP2_HEADERS = 7;
153155
NetLogMagics.READ_HEADERS = 8;
154-
NetLogMagics.COOKIE_INCLUSION_STATUS = 9;
155-
NetLogMagics.FILTERED_BYTES_READ = 10;
156-
NetLogMagics.SEND_BODY = 11;
157-
NetLogMagics.SEND_REQUEST = 12;
158-
NetLogMagics.SSL_CERTIFICATES_RECEIVED = 13;
159-
NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED = 14;
156+
NetLogMagics.FAKE_RESPONSE_HEADERS_CREATED = 9;
157+
NetLogMagics.COOKIE_INCLUSION_STATUS = 10;
158+
NetLogMagics.FILTERED_BYTES_READ = 11;
159+
NetLogMagics.SEND_BODY = 12;
160+
NetLogMagics.SEND_REQUEST = 13;
161+
NetLogMagics.SSL_CERTIFICATES_RECEIVED = 14;
162+
NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED = 15;
163+
NetLogMagics.TCP_CONNECT = 16;
160164

161165
List<Hashtable> listEvents = new List<Hashtable>();
162166
foreach (Hashtable htItem in alTraceEvents)
@@ -196,14 +200,14 @@ private void ExtractSessionsFromTraceJSON(ArrayList alTraceEvents)
196200
iType != NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED) continue;
197201
198202
// Get (or create) the List of entries for this SOCKET.
199-
if (!dictSecureSockets.ContainsKey(iSocketID))
203+
if (!dictSockets.ContainsKey(iSocketID))
200204
{
201205
events = new List<Hashtable>();
202-
dictSecureSockets.Add(iSocketID, events);
206+
dictSockets.Add(iSocketID, events);
203207
}
204208
else
205209
{
206-
events = dictSecureSockets[iSocketID];
210+
events = dictSockets[iSocketID];
207211
}
208212
// Add this event to the SOCKET's list.
209213
events.Add(htEvent);
@@ -270,7 +274,7 @@ private void ExtractSessionsFromTraceJSON(ArrayList alTraceEvents)
270274
sessSummary.utilSetResponseBody(sbClientInfo.ToString());*/
271275

272276
//GenerateDebugTreeSession(dictURLRequests);
273-
//GenerateSocketListSession(dictSecureSockets);
277+
//GenerateSocketListSession(dictSockets);
274278

275279
NotifyProgress(1, "Import Completed.");
276280
}
@@ -328,14 +332,16 @@ public bool ExtractSessionsFromJSON(Hashtable htFile)
328332
NetLogMagics.SEND_QUIC_HEADERS = getIntValue(htEventTypes["HTTP_TRANSACTION_QUIC_SEND_REQUEST_HEADERS"], -995);
329333
NetLogMagics.SEND_HTTP2_HEADERS = getIntValue(htEventTypes["HTTP_TRANSACTION_HTTP2_SEND_REQUEST_HEADERS"], -994);
330334
NetLogMagics.READ_HEADERS = getIntValue(htEventTypes["HTTP_TRANSACTION_READ_RESPONSE_HEADERS"], -993);
331-
NetLogMagics.FILTERED_BYTES_READ = getIntValue(htEventTypes["URL_REQUEST_JOB_FILTERED_BYTES_READ"], -992);
332-
NetLogMagics.COOKIE_INCLUSION_STATUS = getIntValue(htEventTypes["COOKIE_INCLUSION_STATUS"], -991);
333-
NetLogMagics.SEND_BODY = getIntValue(htEventTypes["HTTP_TRANSACTION_SEND_REQUEST_BODY"], -990);
334-
NetLogMagics.SEND_REQUEST = getIntValue(htEventTypes["HTTP_TRANSACTION_SEND_REQUEST"], -989);
335+
NetLogMagics.FAKE_RESPONSE_HEADERS_CREATED = getIntValue(htEventTypes["URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED"], -992);
336+
NetLogMagics.FILTERED_BYTES_READ = getIntValue(htEventTypes["URL_REQUEST_JOB_FILTERED_BYTES_READ"], -991);
337+
NetLogMagics.COOKIE_INCLUSION_STATUS = getIntValue(htEventTypes["COOKIE_INCLUSION_STATUS"], -990);
338+
NetLogMagics.SEND_BODY = getIntValue(htEventTypes["HTTP_TRANSACTION_SEND_REQUEST_BODY"], -989);
339+
NetLogMagics.SEND_REQUEST = getIntValue(htEventTypes["HTTP_TRANSACTION_SEND_REQUEST"], -988);
335340

336341
// Socket-level Events
337-
NetLogMagics.SSL_CERTIFICATES_RECEIVED = getIntValue(htEventTypes["SSL_CERTIFICATES_RECEIVED"], -988);
338-
NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED = getIntValue(htEventTypes["SSL_HANDSHAKE_MESSAGE_RECEIVED"], -987);
342+
NetLogMagics.SSL_CERTIFICATES_RECEIVED = getIntValue(htEventTypes["SSL_CERTIFICATES_RECEIVED"], -987);
343+
NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED = getIntValue(htEventTypes["SSL_HANDSHAKE_MESSAGE_RECEIVED"], -986);
344+
NetLogMagics.TCP_CONNECT = getIntValue(htEventTypes["TCP_CONNECT"], -987);
339345

340346
// Get ALL event type names as strings for pretty print view
341347
dictEventTypes = new Dictionary<int, string>();
@@ -410,7 +416,7 @@ public bool ExtractSessionsFromJSON(Hashtable htFile)
410416
int iEvent = -1;
411417
int iLastPct = 25;
412418
var dictURLRequests = new Dictionary<int, List<Hashtable>>();
413-
var dictSecureSockets = new Dictionary<int, List<Hashtable>>();
419+
var dictSockets = new Dictionary<int, List<Hashtable>>();
414420

415421
// Loop over events; bucket those associated to URLRequests by the source request's ID.
416422
ArrayList alEvents = htFile["events"] as ArrayList;
@@ -435,17 +441,18 @@ public bool ExtractSessionsFromJSON(Hashtable htFile)
435441
int iSocketID = getIntValue(htSource["id"], -1);
436442

437443
if (iType != NetLogMagics.SSL_CERTIFICATES_RECEIVED &&
438-
iType != NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED) continue;
444+
iType != NetLogMagics.SSL_HANDSHAKE_MESSAGE_RECEIVED &&
445+
iType != NetLogMagics.TCP_CONNECT) continue;
439446

440447
// Get (or create) the List of entries for this SOCKET.
441-
if (!dictSecureSockets.ContainsKey(iSocketID))
448+
if (!dictSockets.ContainsKey(iSocketID))
442449
{
443450
events = new List<Hashtable>();
444-
dictSecureSockets.Add(iSocketID, events);
451+
dictSockets.Add(iSocketID, events);
445452
}
446453
else
447454
{
448-
events = dictSecureSockets[iSocketID];
455+
events = dictSockets[iSocketID];
449456
}
450457
// Add this event to the SOCKET's list.
451458
events.Add(htEvent);
@@ -506,7 +513,7 @@ public bool ExtractSessionsFromJSON(Hashtable htFile)
506513
sessSummary.utilSetResponseBody(sbClientInfo.ToString());
507514

508515
GenerateDebugTreeSession(dictURLRequests);
509-
GenerateSocketListSession(dictSecureSockets);
516+
GenerateSocketListSession(dictSockets);
510517

511518
NotifyProgress(1, "Import Completed.");
512519
return true;
@@ -600,6 +607,24 @@ private void GenerateSocketListSession(Dictionary<int, List<Hashtable>> dictSock
600607
int iType = getIntValue(htEvent["type"], -1);
601608
var htParams = (Hashtable) htEvent["params"];
602609

610+
if (iType == NetLogMagics.TCP_CONNECT)
611+
{
612+
if (htParams.ContainsKey("local_address"))
613+
{
614+
htThisSocket.Add("local_address", htParams["local_address"]);
615+
}
616+
//"remote_address", "local_address", "address_list"
617+
if (htParams.ContainsKey("remote_address"))
618+
{
619+
htThisSocket.Add("remote_address", htParams["remote_address"]);
620+
}
621+
if (htParams.ContainsKey("address_list"))
622+
{
623+
htThisSocket.Add("address_list", htParams["address_list"]);
624+
}
625+
continue;
626+
}
627+
603628
if (iType == NetLogMagics.SSL_CERTIFICATES_RECEIVED)
604629
{
605630
StringBuilder sbCertsReceived = new StringBuilder();
@@ -730,7 +755,7 @@ private void GenerateSocketListSession(Dictionary<int, List<Hashtable>> dictSock
730755
{
731756
_listSessions.Add(Session.BuildFromData(false,
732757
new HTTPRequestHeaders(
733-
String.Format("/SECURE_SOCKETS"), // TODO: Add Machine name?
758+
String.Format("/SOCKETS"), // TODO: Add Machine name?
734759
new[] { "Host: NETLOG" }),
735760
Utilities.emptyByteArray,
736761
new HTTPResponseHeaders(200, "Analyzed Data", new[] { "Content-Type: application/json; charset=utf-8" }),
@@ -857,7 +882,7 @@ private void ParseSessionsFromBucket(KeyValuePair<int, List<Hashtable>> kvpUR)
857882
// Most events we care about should have parameters. LANDMINE_MEME HERE
858883
if (iType != NetLogMagics.SEND_REQUEST && null == htParams) continue;
859884

860-
FiddlerApplication.Log.LogFormat("URLRequest#{0} - Event type: {1} - {2}", kvpUR.Key, iType, sURL);
885+
// FiddlerApplication.Log.LogFormat("URLRequest#{0} - Event type: {1} - {2}", kvpUR.Key, iType, sURL);
861886

862887
#region ParseImportantEvents
863888
// C# cannot |switch()| on non-constant case values. Hrmph.
@@ -1032,7 +1057,8 @@ private void ParseSessionsFromBucket(KeyValuePair<int, List<Hashtable>> kvpUR)
10321057
continue;
10331058
}
10341059

1035-
if (iType == NetLogMagics.READ_HEADERS)
1060+
if ((iType == NetLogMagics.READ_HEADERS) ||
1061+
(iType == NetLogMagics.FAKE_RESPONSE_HEADERS_CREATED))
10361062
{
10371063
ArrayList alHeaderLines = htParams["headers"] as ArrayList;
10381064
oTimers.ServerBeginResponse = oTimers.FiddlerGotResponseHeaders = GetTimeStamp(htEvent["time"], baseTime);

FiddlerImportNetlog/Properties/AssemblyInfo.cs

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,28 @@
66
[assembly: AssemblyCopyright("Copyright ©2021 Eric Lawrence")]
77
[assembly: System.Resources.NeutralResourcesLanguage("en-US")]
88
[assembly: ComVisible(false)]
9-
[assembly: AssemblyVersion("1.3.0.0")] // ALWAYS UPDATE THE VERSION in the [ProfferFormat] attribute in FiddlerInterface.cs to match!
9+
[assembly: AssemblyVersion("1.3.1.0")] // ALWAYS UPDATE THE VERSION in the [ProfferFormat] attribute in FiddlerInterface.cs to match!
1010
[assembly: Fiddler.RequiredVersion("4.6.0.0")]
1111

12+
13+
/*
14+
TODO:
15+
HTTP_STREAM_JOB has a binding between the request and the socket. Hook them up so we can propagate the connection info to the URL_REQUEST-generated Sessions.
16+
17+
t=3262 [st=0] SOCKET_POOL_BOUND_TO_SOCKET
18+
--> source_dependency = 1250 (SOCKET)
19+
t=3262 [st=0] HTTP_STREAM_JOB_BOUND_TO_REQUEST
20+
--> source_dependency = 1701 (URL_REQUEST)
21+
*/
22+
23+
// v1.3.1.0
24+
// Support for FAKE_RESPONSE_HEADERS_CREATED for HSTS and Automatic HTTPS upgrades
25+
// Add socket address info to generated SOCKETS list's session
26+
27+
// v1.3.0.1
28+
// Less Log spam
29+
// Write imported filename to log
30+
1231
// v1.3
1332
// Support importing NetLog events from a Chromium trace json file
1433

0 commit comments

Comments
 (0)