# Testing FireProxy This document provides instructions for testing the FireProxy server. ## Building the Proxy First, build the proxy server: ```bash make clean make ``` ## Running the Proxy Start the proxy server on port 8080 (or another port of your choice): ```bash ./fireproxy 8080 ``` ## Testing with a Web Browser ### Firefox Configuration 1. Open Firefox and go to Settings 2. Search for "proxy" and click on "Settings" in the Network Settings section 3. Select "Manual proxy configuration" 4. Set HTTP Proxy to "localhost" and Port to "8080" 5. Leave other proxy fields empty 6. Check "Also use this proxy for HTTPS" 7. Click "OK" ### Chrome Configuration 1. Open Chrome and go to Settings 2. Search for "proxy" and click on "Open your computer's proxy settings" 3. Enable proxy settings according to your operating system: - **Windows**: Set the HTTP proxy to "localhost:8080" - **macOS**: Set the Web Proxy (HTTP) to "localhost" with port "8080" - **Linux**: Set the HTTP proxy to "localhost" with port "8080" ## Testing with cURL You can use cURL to test your proxy: ```bash # Test HTTP request through proxy curl -v --proxy http://localhost:8080 http://example.com/ # Test HTTPS request through proxy (if supported) curl -v --proxy http://localhost:8080 https://example.com/ ``` ### HTTPS Support The proxy now correctly supports HTTPS connections through the HTTP CONNECT method. When using HTTPS: 1. The browser establishes a tunnel through the proxy to the destination server 2. The proxy resolves the hostname using DoH 3. All traffic is forwarded between the client and server without modification For secure browsing, you must: - Configure your browser to trust the connection (you may see certificate warnings) - Make sure your proxy settings are applied to both HTTP and HTTPS traffic ### Verifying HTTPS Support To verify HTTPS support is working: 1. Configure your browser to use the proxy 2. Visit an HTTPS site like https://example.com 3. Check the proxy logs for CONNECT requests 4. You should see messages like: ``` Proxying request to: example.com (port 443) DoH response received, size: XXX bytes Resolved example.com to XXX.XXX.XXX.XXX ``` If you see certificate warnings, this is normal - your browser is correctly verifying the security of the connection. ## Verifying DoH Functionality To verify that your proxy is using the DoH server for DNS resolution: 1. Run the proxy with increased verbosity (if available) 2. In another terminal, monitor the proxy output while making requests 3. You should see messages indicating DoH lookups to hnsdoh.com 4. The proxy should log the resolved IP addresses ## Testing DANE Support FireProxy now includes DANE (DNS-based Authentication of Named Entities) support for enhanced security. When a valid DANE record is found for a domain, the proxy will: 1. Verify the server's certificate against the DANE record 2. If valid, generate a new trusted certificate signed by the FireProxy CA 3. Present this certificate to the client, avoiding certificate warnings ### Setting Up Your Browser to Trust the FireProxy CA Before testing DANE support, you need to import the FireProxy CA certificate into your browser: 1. Start the proxy server once to generate the CA certificate 2. Import the generated CA certificate (located in `ca/ca_cert.pem`) into your browser: - **Firefox**: Go to Settings → Privacy & Security → Certificates → View Certificates → Import - **Chrome**: Go to Settings → Privacy and security → Security → Manage certificates → Import ### Verifying DANE Operation 1. Configure your browser to use the proxy 2. Visit a website that has valid DANE records (e.g., https://dane.example.com) 3. Check the proxy logs to see DANE verification messages 4. Examine the certificate presented to your browser - it should be issued by "FireProxy CA" ### Simulating DANE for Testing For testing purposes, FireProxy simulates DANE records for all domains. In a production environment, you would modify the code to properly query and validate actual DANE records. ## Troubleshooting ### Common Issues 1. **Connection refused**: Make sure the proxy is running and listening on the configured port 2. **DNS resolution failures**: Check your internet connection and access to hnsdoh.com 3. **Memory leaks**: For long-running tests, monitor memory usage to ensure proper cleanup ## HTTP and HTTPS Troubleshooting If only HTTPS or only HTTP is working: ### HTTP Issues - Ensure correct Host header extraction in HTTP requests - Try a simple curl command: `curl -v --proxy http://localhost:8080 http://example.com/` - Check proxy logs for any HTTP-specific errors - Verify that the proxy correctly forwards the entire HTTP request, including all headers ### HTTPS Issues - HTTPS uses the CONNECT method which creates a tunnel without modifying content - Try a simple curl command: `curl -v --proxy http://localhost:8080 https://example.com/` - Certificate warnings are expected and don't indicate proxy failure - Ensure your browser's security settings allow connecting through the proxy ### Common Fix for Both If either HTTP or HTTPS isn't working, you can restart the proxy server and try again with verbose logging enabled. ### Using Network Monitoring Tools You can use tools like Wireshark to monitor the traffic: ```bash # Capture traffic on loopback interface sudo tcpdump -i lo port 8080 -vv ``` ## Performance Testing For load testing the proxy: ```bash # Install Apache Bench (ab) if not already installed # Then test with multiple concurrent connections ab -n 1000 -c 10 -X localhost:8080 http://example.com/ ``` ## Security Testing Since your proxy handles web traffic, consider testing for: 1. Buffer overflow vulnerabilities using oversized requests 2. Handling of malformed HTTP requests 3. Proper handling of connection termination