SSL的代理隧道 [英] Proxy tunnel for SSL

问题描述

我正在编写一个代理服务器并且在使用HTTP时没有任何问题，但是当涉及到HTTPS和SSL时，我无法使隧道工作。



所有我想要做的是打开通往服务器的隧道，这样我就不必参与证书或使用 SslStream 。



代码使用 TcpListener 来监听localhost端口444上的请求。

I am writing a proxy server and have no trouble with HTTP, but when it comes to HTTPS and SSL, I cannot get a tunnel working.

All I want to do is open a tunnel to the server so I don't have to get involved with certificates or use the SslStream.

The code uses a TcpListener to listen for requests on localhost port 444.

SSLtcplistener = new TcpListener(Local, 444);

从浏览器运行SSL请求时如下所示：

When running the SSL request from the browser looks like:

CONNECT www.google.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE.........................
Host: www.google.com
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache

接下来我接受连接。

Next I accept the connection.

Socket socket = SSLtcplistener.AcceptSocket();

然后提取主机strin来自SSL请求的g和端口号，并在端口433上向Google打开一个新套接字，如下所示：

and then extract the host string and port number from the SSL request and open a new socket to Google on port 433 like this:

IPEndPoint IPE = new IPEndPoint(Dns.Resolve(this.Connect).AddressList[0], this.Port);//443

this.Send = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
this.Send.Connect(IPE);

如果'发送'套接字打开，那么我发送此消息返回浏览器：

If the 'Send' socket is open, then I send this message back to the browsers:

HTTP/1.0 200 Connection Established\r\n
Proxy-agent: Netscape-Proxy/1.1\r\n\r\n

并关闭浏览器连接，期望浏览器打开另一个连接，发送加密数据，我只需要转发回打开的发送套接字，但是浏览器的下一个请求与之前的请求完全相同，当我将其转发给Google服务器时，我什么也得不回来。



我看了几个例子，但它们是Java并使用不同类型的套接字，所以我有点迷失，但我希望SSL能够通过代理是这样的，一些网站可以被禁止。



任何帮助都会受到赞赏，因为我花了一天时间无处可去。

and close the browser connection expecting the browser to open another connection and to send encrypted data that I just need to relay back to the open send socket but the next request from the browsers is simply the same as the previous request and when I relay this to the Google server, I get nothing back.

I've looked at a few examples but they are in Java and use a different type of socket, so I'm a bit lost but the reason I want SSL to pass through the proxy is so that some sites can be banned.

Any help would be appreciated because I have spent a day getting nowhere.

推荐答案

我发了答案是保持请求和响应套接字都打开，您需要做的就是在标头的CONNECT部分​​中的地址和端口名称上打开请求套接字，然后简单地将套接字中的任何数据从一个套接到另一个。



刚才我的标题中没有内容长度的响应有问题，我不得不使用循环计数器来猜测是否所有数据都已被收回，由于请求中使用了Keep-Alive，因此在保持操作服务器的某些连接时不容易。



一我用来加快速度的技巧是检查从服务器收到的最后几个字节，然后查看请求文件类型以确定是否所有数据都已发送。

I found the answer was to keep both the request and responce sockets open and all you need to do is open the request socket on the address and port names in the CONNECT part of the header and then to simply relay any data in the sockets from one to another.

Just now i'm having trouble with responces that don't have a content-length in the header and i'm having to use a loop counter to guess if all the data has been recived which is not easy when some connections to the server are being kept oped due to Keep-Alive being used in the request.

One trick i am using to speed things us is to check the last few bytes recived from the servers and then looking at the request file type to decide if all the data has been sent.

public string GetEndOfData(byte[] ReceiveBuffer,int Rec)
      {
          byte[] Test = new byte[10];
          Test[0] = ReceiveBuffer[Rec - 10];
          Test[1] = ReceiveBuffer[Rec - 9];
          Test[2] = ReceiveBuffer[Rec - 8];
          Test[3] = ReceiveBuffer[Rec - 7];
          Test[4] = ReceiveBuffer[Rec - 6];
          Test[5] = ReceiveBuffer[Rec - 5];
          Test[6] = ReceiveBuffer[Rec - 4];
          Test[7] = ReceiveBuffer[Rec - 3];
          Test[8] = ReceiveBuffer[Rec - 2];
          Test[9] = ReceiveBuffer[Rec - 1];
          return ASCIIEncoding.ASCII.GetString(Test);
      }


public bool IsComplete(byte[] ReceiveBuffer,int Rec, string FileName)
       {
           string EndOfData = GetEndOfData(ReceiveBuffer, Rec).ToUpper();
           if (FileName.ToUpper().Trim().EndsWith(".GIF"))
           {
               if (ReceiveBuffer[Rec - 2] == 0 && ReceiveBuffer[Rec - 1] == 59)
                   return true;
           }

           else if (FileName.ToUpper().Trim().EndsWith(".JPG"))
           {
               if (ReceiveBuffer[Rec - 2] == 255 && ReceiveBuffer[Rec - 1] == 217)
                   return true;
           }
           else if (FileName.ToUpper().Trim().EndsWith(".PNG"))
           {
               if (ReceiveBuffer[Rec - 3] == 66 && ReceiveBuffer[Rec - 2] == 96 && ReceiveBuffer[Rec - 1] == 130)
                   return true;
           }
           else if (FileName.ToUpper().Trim().EndsWith(".HTM") || FileName.ToUpper().Trim().EndsWith(".HTML") || FileName.ToUpper().Trim().EndsWith(".ASP") || FileName.ToUpper().Trim().EndsWith(".ASPX"))
           {
               if (EndOfData.IndexOf("</HTML>") > -1)
                   return true;
           }
           return false;

       }

简单地关闭每个请求套接字而不管标头中的内容在某种程度上有效但流式传输来自Youtube变得非常慢，并且还注意到YouTube添加了自定义标题。



我的下一步是制作假饼干，因为我已经厌倦了Google知道我的一举一动是的我知道这已经完成了十次，但是有没有人为每个人面对的内联div做了一个弹出窗口拦截器？

Simply closing each request socket regardless of what is in the headers works to some degree but streaming from Youtube becomes real slow and also note that YouTube adds custom headers.

my next step is to make fake cookies because i have become tired of Google knowing my every move and yes i know this has alreay been done ten times before but has any one ever made a pop up blocker for the in-line divs that gets in everyone face ?

最后得到解决方案，需要实现远程隧道。

Finally get the solution ,need to implement Remote Tunnel.

这篇关于SSL的代理隧道的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！