Chromium Embedded Framework Forum

[krum]

Hello,

I am looking to do a bit of trickery, my goal is to trick the browser (and the plugins/js and content on the site) into thinking that it is on the real site, but it is really looking in a local folder.

for example, I map "www.google.com/index.html" to "C:/www.google.com/index.html", but the browser (for all intents and purposes) thinks it is still at "www.google.com/index.html" and if you run JS to get the url, it will return "www.google.com/index.html"

I am not 100% which handler I should use, ResourceHandler has a OnResourceRedirect and OnResourceResponse, but the latter says I cannot alter the response.

I have no code (yet) I just need a bit of direction.

[magreenblatt]

See CefResourceManager. There’s an example here.

[krum]

You are fast as always! I got it working!! Thanks!

[krum]

I have a quick follow up question around this.

I am looking to have the browser hit a custom proxy server I built which I want to work like this:

1) Something Requests a resource https://www.example.com/with/resource.ext
2) I use OnBeforeRequest to translate the host to https://localhost:port/with/resource.ext and puts the original path in the header.
3) My server gets the request, if it has the header, it will reach out to the other server and pull the document using the cookies/info from the request
4) My server responds as itself back the the browser with the header in tact (should be a valid https connection because the client is expecting the host to be localhost
5) The browser finds the special header and translates it BACK to the original URL.

Here is my question, at what point is the certificate verified what is the earliest point I can convert the URL BACK to what it was before it is returned back for the "website/JS/Plugin" to verify/use.

I looked for a request life cycle, but I didn't have luck finding that. I can make my proxy pretend to be the original server, but I want a valid chain of certs on BOTH ends, so I can return errors from the proxy to be more secure and I don't have to install a root certificate/change chrome settings to disable security. I am using golang for the server, so I expect the certificate validation to be similar to chromes (I am hoping).

[magreenblatt]

If you're proxying all requests you can just configure a proxy server.

If you're only proxying certain requests, what is the reason? Are you looking to change some portion of the request or response?

[krum]

Hmmm, I am proxying all of the requests, but right now it is using "CONNECT" to the actual server, but it requires a self-signed, self-installed certificate for it to be valid. As I am caching and sending back items when I have it locally.

If I set up the Proxy code without using the "CONNECT" forwarding and validate the request on the other end with HTTPS, I suppose I could disable the certificate validation on the CEF side and it would still be "secure". I couldn't make chrome happy with CONNECT forwarding without signing and installing my cert as a Trusted Root.

I am already using --proxy-server, but I was hoping to avoid trusted roots installed or disabling the cert checks, but I suppose I have to self-sign the proxy cert anyway, which means chrome would still not be happy...

Edit
If it sounds like I am fumbling around trying to get HTTPS working, it is because I am. Since I can't properly cache files with HTTPS (it was specifically designed to prevent man in the middle "attacks" like that) I was planning on doing the method I describe to use the proxy ""server" which is actually just a local server.

Sorry for possibly wasting your time, I am trying my best to figure out how I can achieve this, I will play around with not using the HTTP CONNECT and maybe I can disable the Security on chrome and handle it that way. All I know is that I can't

A) Can't require a trusted root, if I HAVE to disable certificate verification no matter what, then this is how I will handle it. I even thought about buying a real cerificate, BUT it wouldn't match the host name of the request, which will still not allow me to do this without some sort of browser modification.
B) I can't use my original plan of the manual proxy built into cef by hooking the Resource handle because my solution has to handle other browsers, so it kind of forced my hand.