ExplodingBottle
diff --git a/‎custom_files/wuproxy_release/jmagicproxy.cfg‎
Lines changed: 4 additions & 1 deletion b/‎custom_files/wuproxy_release/jmagicproxy.cfg‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎custom_files/wuproxy_release/mu_optin.reg‎
Lines changed: 0 additions & 6 deletions b/‎custom_files/wuproxy_release/mu_optin.reg‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎custom_files/wuproxy_release/mu_optin.vbs‎
Lines changed: 0 additions & 5 deletions b/‎custom_files/wuproxy_release/mu_optin.vbs‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎custom_files/wuproxy_release/note.txt‎
Lines changed: 0 additions & 2 deletions b/‎custom_files/wuproxy_release/note.txt‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎readme.md‎
Lines changed: 17 additions & 19 deletions b/‎readme.md‎
Lines changed: 17 additions & 19 deletions
diff --git a/‎src/io/github/explodingbottle/jmagicproxy/ProxyMain.java‎
Lines changed: 21 additions & 1 deletion b/‎src/io/github/explodingbottle/jmagicproxy/ProxyMain.java‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎src/io/github/explodingbottle/jmagicproxy/api/ConnectionDirective.java‎
Lines changed: 38 additions & 2 deletions b/‎src/io/github/explodingbottle/jmagicproxy/api/ConnectionDirective.java‎
Lines changed: 38 additions & 2 deletions
diff --git a/‎src/io/github/explodingbottle/jmagicproxy/api/HttpRequestHeader.java‎
Lines changed: 3 additions & 0 deletions b/‎src/io/github/explodingbottle/jmagicproxy/api/HttpRequestHeader.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/io/github/explodingbottle/jmagicproxy/api/HttpResponse.java‎
Lines changed: 3 additions & 0 deletions b/‎src/io/github/explodingbottle/jmagicproxy/api/HttpResponse.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/io/github/explodingbottle/jmagicproxy/implementation/BasicProxy.java‎
Lines changed: 12 additions & 3 deletions b/‎src/io/github/explodingbottle/jmagicproxy/implementation/BasicProxy.java‎
Lines changed: 12 additions & 3 deletions
@@ -1,12 +1,15 @@
 #JMagicProxy Configuration File
-#Sun Feb 12 16:36:19 CET 2023
+#Sun Feb 19 19:20:41 CET 2023
 proxy.ssl.keystoretype=pkcs12
 proxy.plugins=io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy
 proxy.ssl.keystorepass=WindowsUpdate
 proxy.ssl.warn.algorithms=true
 proxy.ssl.keystorepath=certs/updks.p12
 proxy.server.port=8087
 proxy.logging.logfile=log&$LNUM$.txt
+proxy.ssl.sortmode=INCLUDE
+proxy.plugins.wuproxy.redirwuclient=true
+proxy.ssl.sortlist=windowsupdate.microsoft.com;*.windowsupdate.microsoft.com;*.update.microsoft.com;*.windowsupdate.com;download.windowsupdate.com;download.microsoft.com;*.download.windowsupdate.com;go.microsoft.com;*.one.microsoft.com
 proxy.plugin.wuproxy.redirectjs=content/redirect.js
 proxy.ssl.scan.startingport=9784
 proxy.logging.logsfolder=logs
 
@@ -5,5 +5,3 @@ Files/Folders Index:
 	certs: Contains all the tools required to produce a certificate in use with WUProxy.
 	content: Contains content that is replaced by the proxy.
 	jmagicproxy.cfg: The configuration file which is ready to use with WUProxy.
-	mu_optin.reg: A registry file to attempt to Opt-In for Microsoft Update ( it didn't work on Windows XP, and still untested on Windows 2000 )
-	mu_optin.vbs: A VisualBasic script which will Opt-In for Microsoft Update ( tested on Windows XP, it works )
@@ -14,17 +14,20 @@ This proxy consists in a system which allows HTTP and HTTPS requests to be modif
 2) **Configuration file**
    | Options                    | Description                                                                       |
    | ---------------------------- | --------------------------------------------------------------------------------- |
-   | *-proxy.ssl.keystoretype*					| Represents the type of the keystore ( pkcs12 by default ) |
-   | *-proxy.plugins*							| Represents the list of plugins to modify requests. Multiple plugins can be used with a semicolon. Example: io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy. The plugin which is at the left will be the most priority, and the one at the right will be the less priority one. |
-   | *-proxy.ssl.keystorepass*					| Represents the password to access the keystore.
-   | *-proxy.ssl.warn.algorithms*				| Choose whether or not you must be warned if the java.security file disables some algorithms.
-   | *-proxy.ssl.keystorepath*					| Where to find the keystore file.
-   | *-proxy.server.port*						| Represents the proxy port for both HTTP and HTTPS.
-   | *-proxy.logging.logfile*					| Represents the naming of log files. **&\$LNUM\$** is a placeholder that can be used and denotes the current milliseconds. |
-   | *-proxy.plugin.wuproxy.redirectjs*			| A setting specific for WUProxy: Where can we find a replaced version of redirect.js
-   | *-proxy.ssl.scan.startingport*				| Represents what is the first port to scan to find where a SSL Server Socket can be created on the local machine.
-   | *-proxy.logging.logsfolder*				| Represents the folder in which you will find log files.
-   | *-proxy.ssl.enabled*						| Choose whether or not if SSL will be supported.
+   | *proxy.ssl.keystoretype*					| Represents the type of the keystore ( pkcs12 by default ) |
+   | *proxy.plugins*							| Represents the list of plugins to modify requests. Multiple plugins can be used with a semicolon. Example: io.github.explodingbottle.jmagicproxy.implementation.WUProxy;io.github.explodingbottle.jmagicproxy.implementation.BasicProxy. The plugin which is at the left will be the most priority, and the one at the right will be the less priority one. |
+   | *proxy.ssl.keystorepass*					| Represents the password to access the keystore. |
+   | *proxy.ssl.warn.algorithms*				| Choose whether or not you must be warned if the java.security file disables some algorithms. |
+   | *proxy.ssl.keystorepath*					| Where to find the keystore file. |
+   | *proxy.server.port*						| Represents the proxy port for both HTTP and HTTPS. |
+   | *proxy.logging.logfile*					| Represents the naming of log files. **&\$LNUM\$** is a placeholder that can be used and denotes the current milliseconds. |
+   | *proxy.plugin.wuproxy.redirectjs*			| A setting specific for WUProxy: Where can we find a replaced version of redirect.js |
+   | *proxy.ssl.scan.startingport*				| Represents what is the first port to scan to find where a SSL Server Socket can be created on the local machine. |
+   | *proxy.logging.logsfolder*				| Represents the folder in which you will find log files. |
+   | *proxy.ssl.enabled*						| Choose whether or not if SSL will be supported. |
+   | *proxy.ssl.sortmode*				| Represents the sorting mode used to determine if a direct SSL connection must be established or instead if the Proxy must handle it. **NONE** means that every SSL requests will be handled by the proxy. **INCLUDE** means that only listed requests will be handled by the proxy and **EXCLUDE** means that only listed requests will be sent through a tunel directly. |
+   | *proxy.ssl.sortlist*						| A list of requests splited with semi-colons that will be used with the sort mode. * can be used to mean everything. An example could be *.google.com;*.microsoft.com |
+   | *proxy.plugin.wuproxy.redirwuclient*			| A setting specific for WUProxy: Defines if we must simulate an older version of the Windows Update client in order to allow Windows XP to update |
 3) **Known issues**
 
    - A lot of exceptions can be thrown in the console.
@@ -39,12 +42,7 @@ in order to allow the WUProxy plugin impact requests.
 Next, you must set proxy.plugin.wuproxy.redirectjs to where you can find a replaced redirect.js ( very important as it allows you to access the Windows Update website )
 Be sure to generate a certificate using the tools available in the certs folder and to install it as computer account.
 
-Operating System Status:
+**Operating System Status**:
 
-Windows 2000: If you install the proxy certificate as well as the Microsoft Root Certificate Authority
-(it can be extracted from https://fe2.update.microsoft.com/v8/windowsupdate/redir/muv3wuredir.cab), if you
-also configure Internet Explorer Proxy AND the System Proxy to point to this proxy, everything will work fine with no modifications.
-
-Windows XP: You need to install this proxy certificate, configure Internet Explorer Proxy AND the System Proxy to point to this proxy
-and then configure the WSUS Server location as https://fe2.update.microsoft.com/v6 and the status server location as http://statsfe2.update.microsoft.com
-The website won't work.
+Windows 2000, Windows XP, Windows Server 2003, Windows POSReady 2009 and all the Windows NT 5 operating systems are supported. Please check out the wiki\
+for configuration instructions.
@@ -27,6 +27,8 @@
 import io.github.explodingbottle.jmagicproxy.properties.PropertiesProvider;
 import io.github.explodingbottle.jmagicproxy.properties.PropertyKey;
 import io.github.explodingbottle.jmagicproxy.proxy.ssl.SSLObjectsProvider;
+import io.github.explodingbottle.jmagicproxy.proxy.ssl.SSLSortEngine;
+import io.github.explodingbottle.jmagicproxy.proxy.ssl.SSLSortMode;
 import io.github.explodingbottle.jmagicproxy.server.SocketAcceptorThread;
 
 /**
@@ -39,6 +41,16 @@ public class ProxyMain {
 	private static LoggerProvider lgp;
 	private static PropertiesProvider propsProvider;
 	private static PluginsManager pluginsManager;
+	private static SSLSortEngine sslSortEngine;
+
+	/**
+	 * Returns the SSL sort engine.
+	 * 
+	 * @return The SSL sort engine.
+	 */
+	public static SSLSortEngine getSSLSortEngine() {
+		return sslSortEngine;
+	}
 
 	/**
 	 * Returns the logger provider.
@@ -124,7 +136,8 @@ public static void main(String[] args) {
 		if (ovc != null) {
 			config = ovc;
 		}
-		System.out.println("Please report any bugs to https://github.com/ExplodingBottle/JMagicProxy/issues so a fix can be found.");
+		System.out.println(
+				"Please report any bugs to https://github.com/ExplodingBottle/JMagicProxy/issues so a fix can be found.");
 		System.out.println();
 		lgp = new LoggerProvider(true);
 		shutdownThread = new ShutdownThread();
@@ -141,6 +154,13 @@ public static void main(String[] args) {
 						"Failed to create the logs folder, this may cause issues afterwards.");
 			}
 		}
+		SSLSortMode sortMode = SSLSortMode.NONE;
+		try {
+			sortMode = SSLSortMode.valueOf(propsProvider.getAsString(PropertyKey.PROXY_SSL_SORT_MODE));
+		} catch (IllegalArgumentException e) {
+			mainLogger.log(LoggingLevel.WARN, "Failed to parse sort mode. Default NONE will be used.", e);
+		}
+		sslSortEngine = new SSLSortEngine(sortMode, propsProvider.getAsString(PropertyKey.PROXY_SSL_SORT_LIST));
 		lgp.openLogStream(new File(logsFolder, logPath));
 		pluginsManager = new PluginsManager(propsProvider.getAsString(PropertyKey.PROXY_PLUGINS));
 		pluginsManager.loadPlugins();
 
@@ -33,6 +33,8 @@ public class ConnectionDirective {
 	private boolean isSSL;
 	private HttpRequestHeader outcomingRequest;
 
+	private boolean isDirect;
+
 	private File fileInput;
 
 	private boolean isUsingFile;
@@ -46,13 +48,18 @@ public class ConnectionDirective {
 	 *                         Server Socket.
 	 * @param outcomingRequest Represents the out-coming first line sent to the
 	 *                         server. Ignored if isSSL is true.
+	 * @param isDirect         Represents if the SSL connection must be through our
+	 *                         custom pipe or else direct ( with no modifications ).
+	 *                         Only works with HTTPS, isSSL must be true.
 	 */
-	public ConnectionDirective(String host, int port, boolean isSSL, HttpRequestHeader outcomingRequest) {
+	public ConnectionDirective(String host, int port, boolean isSSL, HttpRequestHeader outcomingRequest,
+			boolean isDirect) {
 		this.host = host;
 		this.port = port;
 		this.isSSL = isSSL;
 		this.outcomingRequest = outcomingRequest;
 		isUsingFile = false;
+		this.isDirect = isDirect;
 	}
 
 	/**
@@ -68,7 +75,7 @@ public ConnectionDirective(File fileInput) {
 	public String toString() {
 		if (!isUsingFile)
 			return "{Host=" + host + ";Port=" + port + ";IsSSL=" + isSSL + ";OutcomingRequest=" + outcomingRequest
-					+ "}";
+					+ ";IsDirect=" + isDirect + "}";
 		else
 			return "{UsingFile=true}";
 	}
@@ -82,6 +89,17 @@ public File getFileInput() {
 		return fileInput;
 	}
 
+	/**
+	 * Used to set the file used to change content.
+	 * 
+	 * @return The file to replace with.
+	 */
+	public void setFileInput(File input) {
+		fileInput = input;
+		if (fileInput != null)
+			isUsingFile = true;
+	}
+
 	/**
 	 * Used to see if the directive is using a file or an URL.
 	 * 
@@ -154,6 +172,24 @@ public boolean isSSL() {
 		return isSSL;
 	}
 
+	/**
+	 * Gets if the connection will be direct.
+	 * 
+	 * @return True if the connection be direct.
+	 */
+	public boolean isDirect() {
+		return isDirect;
+	}
+
+	/**
+	 * Sets if the connection will be direct.
+	 * 
+	 * @param isDirect corresponds to if the connection will be direct.
+	 */
+	public void setDirect(boolean isDirect) {
+		this.isDirect = isDirect;
+	}
+
 	/**
 	 * Sets if the connection will be in SSL.
 	 * 
 
@@ -155,6 +155,9 @@ public static HttpRequestHeader createFromHeaderBlock(StringBuilder builder) thr
 						throw new MalformedParsableContent("First line is not a correct method.");
 					host = splitedFL[1];
 					httpVersion = splitedFL[2];
+					if (!httpVersion.startsWith("HTTP/")) {
+						throw new MalformedParsableContent("Request version doesn't starts with HTTP.");
+					}
 				} else {
 					throw new MalformedParsableContent("First line doesn't have 3 chunks.");
 				}
 
@@ -90,6 +90,9 @@ public static HttpResponse createFromHeaderBlock(StringBuilder builder) throws M
 				String[] splitedFL = line.split(" ");
 				if (splitedFL.length >= 3) {
 					httpVersion = splitedFL[0];
+					if (!httpVersion.startsWith("HTTP/")) {
+						throw new MalformedParsableContent("Response version doesn't starts with HTTP.");
+					}
 					try {
 						responseCode = new Integer(Integer.parseInt(splitedFL[1]));
 					} catch (Exception e) {
 
@@ -31,6 +31,7 @@
 import io.github.explodingbottle.jmagicproxy.api.SSLControlInformations;
 import io.github.explodingbottle.jmagicproxy.logging.LoggingLevel;
 import io.github.explodingbottle.jmagicproxy.logging.ProxyLogger;
+import io.github.explodingbottle.jmagicproxy.proxy.ssl.SSLSortEngine;
 
 /**
  * This is a required basic implementation of the proxy, else it won't work.
@@ -66,6 +67,8 @@ public ConnectionDirective onReceiveProxyRequest(HttpRequestHeader request) {
 		String realHost = null;
 		int realPort = 80;
 
+		boolean isDirect = false;
+
 		if (method == HttpMethod.CONNECT) {
 			String[] splitedHostURL = host.split(":");
 			if (splitedHostURL.length == 2) {
@@ -81,7 +84,12 @@ public ConnectionDirective onReceiveProxyRequest(HttpRequestHeader request) {
 				realHost = host;
 				realPort = 443;
 			}
-			isSSL = true;
+			SSLSortEngine engine = ProxyMain.getSSLSortEngine();
+			isDirect = !engine.shouldUseCustomPipe(realHost);
+			if (isDirect) {
+				logger.log(LoggingLevel.INFO, "SSLSortEngine decided that " + realHost + ":" + realPort
+						+ " will be using direct connection.");
+			}
 		} else {
 			String[] splitedHost = host.split("/");
 			if (splitedHost.length >= 3) {
@@ -111,7 +119,7 @@ public ConnectionDirective onReceiveProxyRequest(HttpRequestHeader request) {
 				return null;
 			}
 		}
-		return new ConnectionDirective(realHost, realPort, isSSL, httpReq);
+		return new ConnectionDirective(realHost, realPort, isSSL, httpReq, isDirect);
 	}
 
 	@Override
@@ -132,8 +140,9 @@ public IncomingTransferDirective onReceiveServerAnswer(HttpResponse response) {
 			logger.log(LoggingLevel.INFO, "Detected a Connection header with " + headers.get("Connection"));
 			if ("Close".equalsIgnoreCase(headers.get("Connection")))
 				defaultConType = ConnectionType.CLOSE;
-			if ("Keep-Alive".equalsIgnoreCase(headers.get("Connection")))
+			if ("Keep-Alive".equalsIgnoreCase(headers.get("Connection"))) {
 				defaultConType = ConnectionType.KEEPALIVE;
+			}
 		}
 		return new IncomingTransferDirective(response, defaultConType);
 	}