-
-
Save avoidik/220df5c737216539aefff9b174855a3f to your computer and use it in GitHub Desktop.
Fiddler client certificate picker extension
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Security.Cryptography; | |
using System.Security.Cryptography.X509Certificates; | |
using Fiddler; | |
[assembly: Fiddler.RequiredVersion("2.5.0.0")] | |
namespace ClientCertPicker | |
{ | |
public class ClientCertPicker: IFiddlerExtension | |
{ | |
private X509Certificate ProvideCertificate( | |
object sender, // <------------ This points to the Session | |
string targetHost, // <------------ Target hostname | |
X509CertificateCollection localCertificates, // <------------ Local certificates we made available via oSession["https-Client-Certificate"] | |
X509Certificate remoteCertificate, // <------------ Remote site's certificate | |
string[] acceptableIssuers) | |
{ | |
X509Store store = new X509Store("My", StoreLocation.CurrentUser); | |
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); | |
X509Certificate2Collection oAllCerts = (X509Certificate2Collection)store.Certificates; | |
X509Certificate2Collection oFilteredCerts = (X509Certificate2Collection)oAllCerts.Find(X509FindType.FindByTimeValid, DateTime.Now, false); | |
X509Certificate2Collection oClientCerts = new X509Certificate2Collection(); | |
foreach (X509Certificate2 oCandidate in oFilteredCerts) | |
{ | |
if (!oCandidate.HasPrivateKey || (null == oCandidate.Extensions)) | |
{ | |
continue; | |
} | |
foreach (X509Extension oCE in oCandidate.Extensions) | |
{ | |
if (oCE.Oid.Value == "2.5.29.37" /* aka "Enhanced Key Usage" */) | |
{ | |
if (HasClientAuthenticationFlag(oCandidate, oCE)) | |
{ | |
oClientCerts.Add(oCandidate); | |
continue; | |
} | |
} | |
} | |
} | |
X509Certificate2Collection oPickedCerts = X509Certificate2UI.SelectFromCollection(oClientCerts, | |
"Client Certificate", String.Format("Select a certificate to send to '{0}'", targetHost), X509SelectionFlag.SingleSelection); | |
if ((oPickedCerts != null) && (oPickedCerts.Count > 0)) | |
{ | |
return oPickedCerts[0]; | |
} | |
return null; | |
} | |
private static bool HasClientAuthenticationFlag(X509Certificate2 oCandidate, X509Extension oCE) | |
{ | |
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)oCE; | |
OidCollection oids = ext.EnhancedKeyUsages; | |
foreach (Oid oid in oids) | |
{ | |
if (oid.Value == "1.3.6.1.5.5.7.3.2" /* aka "Client Authentication" */) | |
{ | |
return true; | |
} | |
} | |
return false; | |
} | |
public void OnBeforeUnload() {} | |
public void OnLoad() | |
{ | |
FiddlerApplication.ClientCertificateProvider = new System.Net.Security.LocalCertificateSelectionCallback(ProvideCertificate); | |
FiddlerApplication.Log.LogString("Overriding Client Certificate Selection"); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment