From 79b5e6a3dd210c01ab8558a430579dc9cdb61ca0 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sat, 9 Jan 2021 19:05:53 +0100 Subject: [PATCH] Add tests for client-header-order with https-inspection enabled Sponsored by: Privoxy project funds collected at SPI --- .../cts/ca-directory/privoxy-test-cacert.crt | 20 ++++++ tests/cts/ca-directory/privoxy-test-cakey.pem | 30 +++++++++ tests/cts/certs/.gitignore | 3 + .../client-header-order-https/data/test332 | 66 +++++++++++++++++++ .../client-header-order-https/data/test333 | 64 ++++++++++++++++++ .../client-header-order-https/data/test334 | 56 ++++++++++++++++ .../client-header-order-https/data/test335 | 66 +++++++++++++++++++ .../https-inspection.action | 2 + .../client-header-order-https/privoxy.conf | 31 +++++++++ 9 files changed, 338 insertions(+) create mode 100644 tests/cts/ca-directory/privoxy-test-cacert.crt create mode 100644 tests/cts/ca-directory/privoxy-test-cakey.pem create mode 100644 tests/cts/certs/.gitignore create mode 100644 tests/cts/client-header-order-https/data/test332 create mode 100644 tests/cts/client-header-order-https/data/test333 create mode 100644 tests/cts/client-header-order-https/data/test334 create mode 100644 tests/cts/client-header-order-https/data/test335 create mode 100644 tests/cts/client-header-order-https/https-inspection.action create mode 100644 tests/cts/client-header-order-https/privoxy.conf diff --git a/tests/cts/ca-directory/privoxy-test-cacert.crt b/tests/cts/ca-directory/privoxy-test-cacert.crt new file mode 100644 index 00000000..49d29636 --- /dev/null +++ b/tests/cts/ca-directory/privoxy-test-cacert.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIJAMn580TY7tn4MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +BAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRQcml2b3h5IFRl +c3QgQ29tcGFueTAeFw0yMTAxMDkxNjQxMzNaFw0zMTAxMDcxNjQxMzNaMEExCzAJ +BgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRQcml2b3h5 +IFRlc3QgQ29tcGFueTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCG +dyCmLX+UmlP0eN+4kWQsP0bVATlmfycSjgXwhdMfQ7pHrP5RUM+Mzy60vYfXVLCn +O6evxqx2XcZnEk6QxXRaUZfmd4Zw9F1n39x9ERFXgDNseRyoebqfmgl05STxe3Co +NSSvYRz6iX4grzx+LWikwxvMHvPZyntPXgFhwuo6j9mBm6XfN8zIghwlQQbcgb9m +WDC/XbFDCQcrEnGaQNJ5T2406EZptm2MZ4xU4P5M7LmQws8p7VgLiYdPyouZ2YN7 +PkCcVGzVY3YiCg7W2ETZHHurn4XsRWXdr7tgH2RzzC1Eok8QtEyn9C3XtUNWQv3J +LeRn5LAiF7CxJKUtI3sCAwEAAaNQME4wHQYDVR0OBBYEFB7YVII5luGzJXJKgYZh +fVH8D7CXMB8GA1UdIwQYMBaAFB7YVII5luGzJXJKgYZhfVH8D7CXMAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoEtgyL3paPULfconAkzRRk74XDjsz8 +sz+eSsbf0pVS4CNEWa1jrgv5PfKMqquYkDJ7IY8dD9Kqmzd/82KNZSlYACwOSbPV +1t98wNWvvVg7eMJD3IdKcSR3HAvR75eQFI7JVy0EG62o5fGplfAZxauBa5cPhgGd +I1DJrp/XFTOvv/SfNBMXgLZq8b6SMwyqomflNSFEfiC8IO7gEcE7CBbkHN+Hd15W +YvAbJraAeP0YR+r2HKCqUbIVxbBWZlkjS1alvwsgDgamTVyQvNiAPzVsNY0G7lWJ +f10kaB7Gd8NoER7jKBs6nbQTvb5UapQa0G4i3RHlYBUyg8+znz2OXK0= +-----END CERTIFICATE----- diff --git a/tests/cts/ca-directory/privoxy-test-cakey.pem b/tests/cts/ca-directory/privoxy-test-cakey.pem new file mode 100644 index 00000000..612e9ed8 --- /dev/null +++ b/tests/cts/ca-directory/privoxy-test-cakey.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI3FrXU0ecRrECAggA +MBQGCCqGSIb3DQMHBAhSvq1gGYC2RQSCBMihUnjghKpYieBD+F25LE8xbT+hJn1D +n91Ax+q/0zpGCiX8CCLVbfK9i6rCmnO1qEa7YNzKSUdEmWoMrpH7wdJG5AHgRv4g +9IiFG8HOCNFit75cQX8Fu2XrkfCSzKa0vjKZLylSrjf3UPPD+Oiifq/FD6zZtKIv +hDM9tq0+JXQBrM2YME6yyKhueg6g1LFs6Spk2EoOW5er6ztzuM5Tv0g7P2BtPnS5 +Gi/xIGUCA0Nm8UyzjumDNtmet2xq2viKs49Ditlubu6gAJq/wHiyY/SpyBnNVbKT +jO4VJVlXLBc0qracLLPIvL894Sc3mTe4RGDpZ2qGLgkGISzvWK9BHJjK/C37KAbQ +/0zJFkRqJ4MOgiVlYzsTqixsw0T5qbGbtZkjV/iLwoeGKR+pVezqmlt6PvYgrRBg +rlVnDLHuR3UKXstww0/Iyy8yON0jQYfzvSTFhsMEwv9eph/M9vwbND2oxrHY4SgY +3Dm/alM3Bg/ZT4i7zwTMFTBC9SsJZvhAZ09Jvp1sStCmdKh1OQzeKDXZwjfbQKBC +QYFJkXsTZkCANoHNHVVWH31KUGMc4YAR+JMYSMJFre1IG1zxGITZ3T3oULwd/Ym7 +1cWifrLWqXvZnm+xJFuvKR+pZxkPPeCmRcFA6K9U6CFEBpDHNFxYQv7Dbsv8GBpn +PqYDegtB8v2ZLr50u2p4sdQxsqKwiTvO8Ok9DU7cKx0JqGti/owi+1e2kJAj6b++ +dwwrfExrfy50BiAQeTtDx/5Urq7N+U1gfGNkVvXLO7UBCgy4irkOZtTy+akETrkG +gZiZz+d/4n/B5x6PP6JxWSX/FhRA4BCywTKV2WQqFNjVEx9QTe6dZPvJ+f1qUEUY +yavQZTisiOnyCTFb/oDRAOcRBcUKhZYlDhfujAoiMQi9YHPmwywNiLcEJgVZcM/j +OJmAzlGR1RA/9IjcJAp63OyfqwIUwMGx61shGv0yuApiKib/tBhQdc6MGZ/kqKMd +qMy2/YK0IeAtq+E5yuHwh5XcoU8zff2+WWKdiygA6fiBHAp7ct5HD8HvpvM5cuyz +yBkZKrd2vxrADEw14cCKeZ++8MoHGgAENtnwOEzZZzH0QLNgB2FiNsBCF/YFIQAZ +RXPp/ltox/fQcT2XNiZK7B818Dsu2JD7TIXdI/cQPCToYwCKOvSGWsh7lLml86wE +cXj07Rn8asWJUan/UlTHJLydHjMa0eQm9pCBwhpZLOOmvxXrBRlPAQdcly9uNCso +SwjyY4hb8F6L2BY61mmC84F5wShFdxEtyhF+icYjj2wdiA6PWAHacHpuDN/pivEX +oWM4m9NQTHqO+vujLuLOIyZ4Kz8uK5QkMveSdYP8Hitc8DfCGwatpbDbrZ/dh/jC +8znnrmkglkNb/C7DMyJLFRWU4QAjAa6HCGCzzH2QEU7DgTYPB+q+/umr5/WcVu5N +av2mfyRwTWvMiYQvbG7R9lOd8pHMP6NEaeeKJvjuDfdDv/7klu/wMEngns+JNlS+ +uqhLYlvDVkOph9423radHtirk97fdzn1fQuWAt0AphQKtvExNEmVs3dQEKcwHJmh +KGKprXEq1xVAkhv+MA7H5XuYAXsJ+MOc7V2SlA/ccavWRFjPUuHQu08ksc7rcJUa +vGw= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cts/certs/.gitignore b/tests/cts/certs/.gitignore new file mode 100644 index 00000000..b9913c10 --- /dev/null +++ b/tests/cts/certs/.gitignore @@ -0,0 +1,3 @@ +# Ignore the certificates and keys in this directory +*.crt +*.pem diff --git a/tests/cts/client-header-order-https/data/test332 b/tests/cts/client-header-order-https/data/test332 new file mode 100644 index 00000000..2e0287f9 --- /dev/null +++ b/tests/cts/client-header-order-https/data/test332 @@ -0,0 +1,66 @@ + + + +HTTPS +HTTP GET + + + + + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 +Connection: close + +Blafasel + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 +Connection: close + +Blafasel + + + + + + +https + + + +HTTP client header order through https + + +--insecure -H "Origin: https://www.privoxy.org/" -H "Cache-Control: max-age=315576000" -H "If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT" -H "Upgrade-Insecure-Requests: 1" -H "Pragma: no-cache" -H "DNT: 1" -H "Cookie: yolo=123" -H "Referer: https://www.example.org/" -H "Proxy-Connection: keep-alive" -H "Accept-Encoding: gzip" -H "Accept: */*" -H "Host: %HOSTIP:%HTTPSPORT" -H "Accept-Language: en-CA" --user-agent "Client with unsorted headers" https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: Client with unsorted headers +Accept: */* +Accept-Language: en-CA +Accept-Encoding: gzip +Referer: https://www.example.org/ +Cookie: yolo=123 +DNT: 1 +Pragma: no-cache +Upgrade-Insecure-Requests: 1 +If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT +Cache-Control: max-age=315576000 +Origin: https://www.privoxy.org/ + + + + diff --git a/tests/cts/client-header-order-https/data/test333 b/tests/cts/client-header-order-https/data/test333 new file mode 100644 index 00000000..38d4ea82 --- /dev/null +++ b/tests/cts/client-header-order-https/data/test333 @@ -0,0 +1,64 @@ + + + +HTTPS +HTTP GET + + + + + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 + +Blafasel + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 +Connection: close + +Blafasel + + + + + + +https + + +HTTP client header order through https 2 + + +--insecure -H "Origin: https://www.privoxy.org/" -H "Cache-Control: max-age=315576000" -H "If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Pragma: no-cache" -H "Cookie: yolo=123" -H "Referer: https://www.example.org/" -H "Accept-Encoding: gzip" -H "Proxy-Connection: keep-alive" -H "Accept: */*" -H "Accept-Language: en-CA" -H "Host: %HOSTIP:%HTTPSPORT" --user-agent "Client with unsorted headers" https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: Client with unsorted headers +Accept: */* +Accept-Language: en-CA +Accept-Encoding: gzip +Referer: https://www.example.org/ +Cookie: yolo=123 +DNT: 1 +Pragma: no-cache +Upgrade-Insecure-Requests: 1 +If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT +Cache-Control: max-age=315576000 +Origin: https://www.privoxy.org/ + + + + diff --git a/tests/cts/client-header-order-https/data/test334 b/tests/cts/client-header-order-https/data/test334 new file mode 100644 index 00000000..21e9fdee --- /dev/null +++ b/tests/cts/client-header-order-https/data/test334 @@ -0,0 +1,56 @@ + + + +HTTPS +HTTP GET + + + + + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 + +Blafasel + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 +Connection: close + +Blafasel + + + + + +SSL + + +https + + +HTTP client header order 3 through https. Only a few headers to sort. + + +--insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/cts/client-header-order-https/data/test335 b/tests/cts/client-header-order-https/data/test335 new file mode 100644 index 00000000..03315aa7 --- /dev/null +++ b/tests/cts/client-header-order-https/data/test335 @@ -0,0 +1,66 @@ + + + +HTTPS +HTTP GET + + + + + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 + +Blafasel + + + + + +HTTP/1.1 200 Connection established + +HTTP/1.1 200 OK +Date: Thu, 22 Jul 2010 11:22:33 GMT +Content-Length: 9 +Connection: close + +Blafasel + + + + + + +https + + +HTTP client header order 4. Left over headers. + + +--insecure -H "Bum: Tschaka" -H "Blafasel: Die da" -H "Origin: https://www.privoxy.org/" -H "Cache-Control: max-age=315576000" -H "If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Pragma: no-cache" -H "Cookie: yolo=123" -H "Referer: https://www.example.org/" -H "Accept-Encoding: gzip" -H "Proxy-Connection: keep-alive" -H "Accept: */*" -H "Accept-Language: en-CA" -H "Host: %HOSTIP:%HTTPSPORT" --user-agent "Client with unsorted headers" https://%HOSTIP:%HTTPSPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPSPORT +User-Agent: Client with unsorted headers +Accept: */* +Accept-Language: en-CA +Accept-Encoding: gzip +Referer: https://www.example.org/ +Cookie: yolo=123 +DNT: 1 +Pragma: no-cache +Upgrade-Insecure-Requests: 1 +If-Modified-Since: Thu, 07 Jan 2021 22:05:31 GMT +Cache-Control: max-age=315576000 +Origin: https://www.privoxy.org/ +Bum: Tschaka +Blafasel: Die da + + + + diff --git a/tests/cts/client-header-order-https/https-inspection.action b/tests/cts/client-header-order-https/https-inspection.action new file mode 100644 index 00000000..01b2181d --- /dev/null +++ b/tests/cts/client-header-order-https/https-inspection.action @@ -0,0 +1,2 @@ +{+https-inspection +ignore-certificate-errors} +/ diff --git a/tests/cts/client-header-order-https/privoxy.conf b/tests/cts/client-header-order-https/privoxy.conf new file mode 100644 index 00000000..2df6cceb --- /dev/null +++ b/tests/cts/client-header-order-https/privoxy.conf @@ -0,0 +1,31 @@ +listen-address 127.0.0.1:9119 + +ca-directory ../ca-directory +ca-cert-file privoxy-test-cacert.crt +ca-key-file privoxy-test-cakey.pem +ca-password blafasel +# We don't check certificate anyway +trusted-cas-file privoxy-test-cacert.crt + +certificate-directory ../certs + +client-header-order Host User-Agent Accept Accept-Language Accept-Encoding \ + Proxy-Connection Referer Cookie DNT Connection \ + Pragma Upgrade-Insecure-Requests If-Modified-Since \ + Cache-Control Content-Length Origin Content-Type + +actionsfile ./https-inspection.action + +debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +debug 2 # show each connection status +debug 4 # show tagging-related messages +debug 8 # show header parsing +debug 32 # debug force feature +debug 64 # debug regular expression filters +debug 128 # debug redirects +debug 256 # debug GIF de-animation +debug 512 # Common Log Format +debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. +debug 4096 # Startup banner and warnings. +debug 8192 # Non-fatal errors + -- 2.39.2