Initial commit

Author: ExplodingBottle

.classpath

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8"/>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>

.project

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>JMagicProxy</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,12 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8

custom_files/default_release/note.txt

@@ -0,0 +1,2 @@
+Release: Default-Release
+WUProxy related files will be missing.

custom_files/readme.txt

@@ -0,0 +1,2 @@
+You will find files that will be distributed in the two distinct releases of this proxy.
+This folder MUST NOT be in a release.

custom_files/starttool.bat

@@ -0,0 +1,5 @@
+@echo off
+rem Simple start tool for the proxy.
+
+java -jar jmagicproxy.jar
+pause

custom_files/wuproxy_release/certs/iexpress_installer/build.bat

@@ -0,0 +1,7 @@
+@echo off
+cd "%~dp0"
+copy wupd_certificate.sed_ wupd_certificate.sed
+cscript "replacetool.vbs
+%WINDIR%\System32\iexpress /N /Q wupd_certificate.sed
+%WINDIR%\SysWOW64\iexpress /N /Q wupd_certificate.sed
+del wupd_certificate.sed

custom_files/wuproxy_release/certs/iexpress_installer/installer.vbs

@@ -0,0 +1,10 @@
+Set WshShell = WScript.CreateObject("WScript.Shell")
+
+RetCode = WshShell.Run("certutil -addstore -v Root updcert.cer", 0, TRUE)
+If RetCode = 0 Then
+   MsgBox "The certificate has been successfully installed !", vbInformation, "Installation success"
+ElseIf RetCode = -2147024156 Then
+   MsgBox "The certificate installation failed with error " & RetCode & ". Try running the program as administrator to continue." , vbExclamation, "Installation failure"
+Else
+   MsgBox "The certificate installation failed with error " & RetCode & "." , vbExclamation, "Installation failure"
+End If

custom_files/wuproxy_release/certs/iexpress_installer/replacetool.vbs

@@ -0,0 +1,9 @@
+Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
+Set WshShell = CreateObject("WScript.Shell")
+Set oInput = oFSO.OpenTextFile("wupd_certificate.sed", 1)
+sData = Replace(oInput.ReadAll, "${SourceFolder}", WshShell.CurrentDirectory)
+sData = Replace(sData, "${TargetName}", WshShell.CurrentDirectory & "\wupdcerts_installer.exe")
+Set oOutput = oFSO.CreateTextFile("wupd_certificate.sed", True)
+oOutput.Write sData
+oInput.Close
+oOutput.Close

custom_files/wuproxy_release/certs/iexpress_installer/start.cmd

@@ -0,0 +1,4 @@
+@echo off
+
+cscript installer.vbs
+exit

custom_files/wuproxy_release/certs/iexpress_installer/wupd_certificate.sed_

@@ -0,0 +1,41 @@
+[Version]
+Class=IEXPRESS
+SEDVersion=3
+[Options]
+PackagePurpose=InstallApp
+ShowInstallProgramWindow=1
+HideExtractAnimation=0
+UseLongFileName=1
+InsideCompressed=0
+CAB_FixedSize=0
+CAB_ResvCodeSigning=0
+RebootMode=I
+InstallPrompt=%InstallPrompt%
+DisplayLicense=%DisplayLicense%
+FinishMessage=%FinishMessage%
+TargetName=%TargetName%
+FriendlyName=%FriendlyName%
+AppLaunched=%AppLaunched%
+PostInstallCmd=%PostInstallCmd%
+AdminQuietInstCmd=%AdminQuietInstCmd%
+UserQuietInstCmd=%UserQuietInstCmd%
+SourceFiles=SourceFiles
+[Strings]
+TargetName=${TargetName}
+InstallPrompt=Are you sure that you want to install the certificate ? This may constitute a securiy risk as this certificate will be used to intercept secured connections.
+DisplayLicense=
+FinishMessage=
+FriendlyName=Windows Update Certificate Installer
+AppLaunched=start.cmd
+PostInstallCmd=<None>
+AdminQuietInstCmd=
+UserQuietInstCmd=
+FILE0="installer.vbs"
+FILE1="start.cmd"
+FILE2="updcert.cer"
+[SourceFiles]
+SourceFiles0=${SourceFolder}
+[SourceFiles0]
+%FILE0%=
+%FILE1%=
+%FILE2%=

custom_files/wuproxy_release/certs/makecerts.bat

@@ -0,0 +1,9 @@
+@echo off
+
+set JRE_HOME="C:\Program Files\Java\jre1.8.0_351"
+
+%JRE_HOME%\bin\keytool -genkeypair -alias WUHTTP -keysize 2048 -keyalg RSA -startdate "2010/12/03 16:33:48" -validity 9999 -keystore updks.jks -keypass WindowsUpdate -storepass WindowsUpdate -ext "san=DNS:*.microsoft.com,DNS:*.windowsupdate.com,DNS:*.update.microsoft.com" -ext "ExtendedkeyUsage=serverAuth"  -ext "BC:critical=ca:false" -ext "KeyUsage:critical=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment" -sigalg SHA1WithRSA -dname "CN=update.microsoft.com, OU=Fake, O=Fake Certificator, C=France"
+%JRE_HOME%\bin\keytool -importkeystore -srckeystore updks.jks -destkeystore updks.p12 -deststoretype pkcs12 -srcstorepass WindowsUpdate -deststorepass WindowsUpdate
+%JRE_HOME%\bin\keytool -exportcert -keystore updks.p12 -rfc -alias WUHTTP -file iexpress_installer\updcert.cer -storepass WindowsUpdate
+
+pause

custom_files/wuproxy_release/certs/readme.txt

@@ -0,0 +1,4 @@
+1. Build certificates using makecerts.bat tool. If needed, change the JRE_HOME variable to match the real JRE home.
+2. Go in iexpress_installer and run build.bat.
+
+The file wupdcerts_installer.exe is ready to be launched on a client machine.

custom_files/wuproxy_release/content/redirect.js

@@ -0,0 +1 @@
+console.log("redirect.js disabled by JMagicProxy.");

custom_files/wuproxy_release/jmagicproxy.cfg

@@ -0,0 +1,13 @@
+#JMagicProxy Configuration File
+#Sun Feb 12 16:36:19 CET 2023
+proxy.ssl.keystoretype=pkcs12
+proxy.plugins=io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy
+proxy.ssl.keystorepass=WindowsUpdate
+proxy.ssl.warn.algorithms=true
+proxy.ssl.keystorepath=certs/updks.p12
+proxy.server.port=8087
+proxy.logging.logfile=log&$LNUM$.txt
+proxy.plugin.wuproxy.redirectjs=content/redirect.js
+proxy.ssl.scan.startingport=9784
+proxy.logging.logsfolder=logs
+proxy.ssl.enabled=true

custom_files/wuproxy_release/note.txt

@@ -0,0 +1,2 @@
+Release: WU-Release
+WUProxy related files will be present.

readme.txt

@@ -0,0 +1,46 @@
+JMagicProxy
+===============
+This proxy consists in a system which allows HTTP and HTTPS requests to be modified.
+
+1) Command line arguments
+-help					| Displays the help.
+-override-config:<cfg>	| Overrides the path to the configuration file which is jmagicproxy.cfg by default.
+
+2) Configuration file
+proxy.ssl.keystoretype					| Represents the type of the keystore ( pkcs12 by default )
+proxy.plugins							| Represents the list of plugins to modify requests. Multiple plugins can be used with a semicolon
+											Example: io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy
+											The plugin which is at the left will be the most priority, and the one at the right will be the less priority one.
+proxy.ssl.keystorepass					| Represents the password to access the keystore.
+proxy.ssl.warn.algorithms				| Choose whether or not you must be warned if the java.security file disables some algorithms.
+proxy.ssl.keystorepath					| Where to find the keystore file.
+proxy.server.port						| Represents the proxy port for both HTTP and HTTPS.
+proxy.logging.logfile					| Represents the naming of log files.
+											&$LNUM$ is a placeholder that can be used and denotes the current milliseconds.
+proxy.plugin.wuproxy.redirectjs			| A setting specific for WUProxy: Where can we find a replaced version of redirect.js
+proxy.ssl.scan.startingport				| Represents what is the first port to scan to find where a SSL Server Socket can be created on the local machine.
+proxy.logging.logsfolder				| Represents the folder in which you will find log files.
+proxy.ssl.enabled						| Choose whether or not if SSL will be supported.
+
+3) Known issues
+	- When gracefully shutting down, the proxy may just not stop.
+	- A lot of exceptions can be thrown in the console.
+
+4) WUProxy Configuration.
+IMPORTANT: Some files may be missing if you download the standard release.
+
+To allow Windows Update to be used, you must change the property proxy.plugins to
+	io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy
+in order to allow the WUProxy plugin impact requests.
+Next, you must set proxy.plugin.wuproxy.redirectjs to where you can find a replaced redirect.js ( very important as it allows you to access the Windows Update website )
+Be sure to generate a certificate using the tools available in the certs folder and to install it as computer account.
+
+Operating System Status:
+
+Windows 2000: If you install the proxy certificate as well as the Microsoft Root Certificate Authority
+(it can be extracted from https://fe2.update.microsoft.com/v8/windowsupdate/redir/muv3wuredir.cab), if you
+also configure Internet Explorer Proxy AND the System Proxy to point to this proxy, everything will work fine with no modifications.
+
+Windows XP: You need to install this proxy certificate, configure Internet Explorer Proxy AND the System Proxy to point to this proxy
+and then configure the WSUS Server locations as https://fe2.update.microsoft.com/v6
+The website won't work.

src/io/github/explodingbottle/jmagicproxy/ArgumentsParser.java

@@ -0,0 +1,69 @@
+/*
+ *   JMagic Proxy - A HTTP and HTTPS Proxy
+ *   Copyright (C) 2023  ExplodingBottle
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package io.github.explodingbottle.jmagicproxy;
+
+import java.util.TreeMap;
+
+/**
+ * This class is useful to parse arguments from the {@code main} method.
+ * 
+ * @author ExplodingBottle
+ */
+public class ArgumentsParser {
+
+	private TreeMap<String, String> argsParsed;
+
+	/**
+	 * Initiates the parser with the arguments. Arguments will also be parsed while
+	 * constructing.
+	 * 
+	 * @param args Arguments provided by the {@code main} method.
+	 */
+	public ArgumentsParser(String[] args) {
+		argsParsed = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER);
+		for (String s : args) {
+			if (s.startsWith("-")) {
+				String[] split = s.split(":");
+				String argument = split[0].replaceFirst("-", "");
+				if (split.length > 1) {
+					String p2 = "";
+					for (int i = 1; i < split.length; i++) {
+						if (i == split.length - 1)
+							p2 += split[i];
+						else
+							p2 += split[i] + ":";
+					}
+					argsParsed.put(argument, p2);
+				} else {
+					argsParsed.put(argument, "");
+				}
+			}
+		}
+	}
+
+	/**
+	 * Get a parsed arguments by giving its name.
+	 * 
+	 * @param argName The name of the argument.
+	 * @return The value of the argument or {@code null}.
+	 */
+	public String getArgumentByName(String argName) {
+		return argsParsed.get(argName);
+	}
+
+}

src/io/github/explodingbottle/jmagicproxy/DisabledAlgorithmsWarner.java

@@ -0,0 +1,56 @@
+/*
+ *   JMagic Proxy - A HTTP and HTTPS Proxy
+ *   Copyright (C) 2023  ExplodingBottle
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package io.github.explodingbottle.jmagicproxy;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Properties;
+
+/**
+ * This class is very useful to find issues that may be related to the
+ * java.security file with disabled algorithms.
+ * 
+ * @author ExplodingBottle
+ *
+ */
+public class DisabledAlgorithmsWarner {
+
+	private Properties javaSecurity;
+
+	/**
+	 * Gets ready the warner.
+	 * 
+	 * @throws IOException if an issue happens to load the file.
+	 */
+	public DisabledAlgorithmsWarner() throws IOException {
+		javaSecurity = new Properties();
+		FileInputStream is = new FileInputStream(
+				new File(new File(new File(System.getProperty("java.home"), "lib"), "security"), "java.security"));
+		javaSecurity.load(is);
+		is.close();
+	}
+
+	public boolean mustWarn() {
+		String found = javaSecurity.getProperty("jdk.tls.disabledAlgorithms");
+		if (found != null && !found.trim().isEmpty())
+			return true;
+		return false;
+	}
+
+}

src/io/github/explodingbottle/jmagicproxy/HardcodedConfig.java

@@ -0,0 +1,45 @@
+/*
+ *   JMagic Proxy - A HTTP and HTTPS Proxy
+ *   Copyright (C) 2023  ExplodingBottle
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package io.github.explodingbottle.jmagicproxy;
+
+/**
+ * This class is here to store some hard-coded values, such as config file name.
+ * 
+ * @author ExplodingBottle
+ */
+public class HardcodedConfig {
+
+	/**
+	 * Returns the path to the config file.
+	 * 
+	 * @return The config file name or path.
+	 */
+	public static String getConfigFileName() {
+		return "jmagicproxy.cfg";
+	}
+
+	/**
+	 * Returns the buffer size that will be used everywhere.
+	 * 
+	 * @return The buffer size.
+	 */
+	public static int returnBufferSize() {
+		return 16384; // Note: I tried before allowing to change the buffer size but, for example, a
+						// buffer size of 16 makes cURL not getting the whole content.
+	}
+}