HTTPs代理服务器仅在SwitchOmega中工作 [英] HTTPs proxy server only works in SwitchOmega
问题描述
在问这个问题之前,我做了很多搜索和实用试验.
I did quite a lot search and pratical trials before asking this question.
我找到了一个有关如何使用Node.js编写http代理的(非英语)教程.
I found a (non-English)tutorial about how to write a http proxy with Node.js.
到目前为止,我已经知道并尝试过:
So far what I've known and tried:
- HTTP代理可以处理HTTP请求和HTTPS请求,但方式不同.它通过读取客户端的请求并向目标发出新请求,并将响应返回给客户端来处理HTTP请求.对于HTTPS请求,它使用HTTP 隧道处理.
- A HTTP proxy can handle both HTTP request and HTTPS request, but in different ways. It handles HTTP request by reading the client's request and make a new request to the target and return the response to the client. As for HTTPS request, it's dealt with a HTTP Tunnel.
-
Firefox代理设置中的
-
SSL proxy字段和IE代理设置(Windows)中的Secure字段都是关于设置HTTP隧道的.如果设置了SSL proxy或Secure proxy,则当浏览器想要连接到https站点时,它将发送CONNECT请求而不是普通请求.
- The
SSL proxyfield in Firefox proxy settings and theSecurefield in IE proxy settings (Windows) are all about setting the HTTP Tunnel. If aSSL proxyorSecure proxyis set, when a brower wants to connect to a https site, it sends aCONNECTrequest instead of an ordinary request.
CONNECT请求为纯文本,因此防火墙可以查看我要连接到的主机并断开连接. 因此,我一直在考虑是否可以从一开始就使用https与代理服务器进行通讯.我阅读了所有相关文章,但找不到直接谈论此内容的答案.并且一些答案还说没有https代理服务器之类的东西" .
The CONNECT request is plain text, so firewalls can see what host I want to connect to and cut the connection. So I was thinking whether I can use https to talk to the proxy server from the very beginning. I read all related posts, but couldn't find an answer directly talking about this. And some answers also say "There's no such thing as a https proxy server".
但是该教程说可以做到这一点(客户端和代理服务器之间的HTTPS,没有其他更改).因此,我尝试一下.我使用网站的证书将服务器更改为https ,但最终只能与Chrome中的 Proxy SwitchOmega 一起使用.不适用于Firefox代理或IE代理设置等传统设置.
But the tutorial says this can be done (HTTPS between client and proxy server and nothing else changes). So I give it try. I changed the server into https with my website's certificate. But eventually it only works with Proxy SwitchOmega in Chrome. It doesn't work in traditional settings like in Firefox proxy or IE proxy settings.
代理交换机的欧米茄设置:
Proxy SwitchOmega setting:
Scheme|Protocol|Server|Port
.... | https | .... |...
如果我启动https服务器,则必须在此处选择https协议.同样,如果启动http服务器,则必须选择http协议.我也不知道这个protocol字段代表什么.
I have to select https protocol here, if I starts the https server. similarly, I have to select http protocol, if I starts the http server. Also I don't know what this protocol field stands for.
总结一下:
proxy server | Firefox proxy setting |work? | SwitchOmega setting |work?|
http | http + ssl setting | yes | protocol http |yes |
https | http + ssl setting | no | protocol https |yes |
https | - | - | protocal http |no |
所以我的问题是:
So my questions are:
- 我可以通过普通方式(不带扩展名)连接到https代理服务器吗?如果可能的话,怎么办?
- 为什么我可以通过 SwitchOmega 连接到https代理服务器?
- 我想我建立了一个https代理服务器.但是,为什么其他人会说没有像https代理服务器这样的东西?
- Can I connect to the https proxy server through the ordinary way(without an extension)? If possible, how?
- Why can I connect to the https proxy server through SwitchOmega?
- I think I build a https proxy server. But why others are saying that "There's no such thing as a https proxy server?
源代码
https服务器
Source code
https server
var http = require('http');
var https = require('https');
var fs = require('fs');
var net = require('net');
var url = require('url');
console.log("qqqqq2");
function request(cReq, cRes) {
console.log("request=====start");
console.log(cReq.headers);
console.log(cReq.url);
console.log(cReq.method);
console.log("request=====end");
var u = url.parse(cReq.url);
var options = {
hostname : u.hostname,
port : u.port || 80,
path : u.path,
method : cReq.method,
headers : cReq.headers
};
var pReq = http.request(options, function(pRes) {
cRes.writeHead(pRes.statusCode, pRes.headers);
pRes.pipe(cRes);
}).on('error', function(e) {
cRes.end();
});
cReq.pipe(pReq);
// console.log(cReq.headers);
// console.log(cReq.method);
// console.log(cReq.url);
// console.log("^_^^_^^_^^_^^_^^_^");
// cRes.writeHead('200');
// cRes.end('hello world2222\n');
}
function connect(cReq, cSock) {
console.log("connect=====start");
console.log(cReq.headers);
console.log(cReq.url);
console.log(cReq.method);
console.log("connect=====end");
var u = url.parse('http://' + cReq.url);
var pSock = net.connect(u.port, u.hostname, function() {
cSock.write('HTTP/1.1 200 Connection Established\r\n\r\n');
pSock.pipe(cSock);
}).on('error', function(e) {
cSock.end();
});
cSock.pipe(pSock);
}
var options = {
key: fs.readFileSync('./privkey1.pem'),
cert: fs.readFileSync('./fullchain1.pem')
};
https.createServer(options)
.on('request', request)
.on('connect', connect)
.listen(9999, '0.0.0.0');
http服务器
var http = require('http');
var net = require('net');
var url = require('url');
console.log('qqqqq2');
function request(cReq, cRes) {
console.log("request=====start");
console.log(cReq.headers);
console.log(cReq.url);
console.log(cReq.method);
console.log("request=====end");
var u = url.parse(cReq.url);
var options = {
hostname : u.hostname,
port : u.port || 80,
path : u.path,
method : cReq.method,
headers : cReq.headers
};
var pReq = http.request(options, function(pRes) {
cRes.writeHead(pRes.statusCode, pRes.headers);
pRes.pipe(cRes);
}).on('error', function(e) {
cRes.end();
});
cReq.pipe(pReq);
}
function connect(cReq, cSock) {
console.log("connect=====start");
console.log(cReq.headers);
console.log(cReq.url);
console.log(cReq.method);
console.log("connect=====end");
var u = url.parse('http://' + cReq.url);
var pSock = net.connect(u.port, u.hostname, function() {
cSock.write('HTTP/1.1 200 Connection Established\r\n\r\n');
pSock.pipe(cSock);
}).on('error', function(e) {
cSock.end();
});
cSock.pipe(pSock);
}
http.createServer()
.on('request', request)
.on('connect', connect)
.listen(9999, '0.0.0.0');
测试服务器
您可以轻松构建http代理服务器并对其进行测试.但是构建https代理服务器可能很麻烦,因为您需要部署证书.因此,根据上面的代码,提供了一个https代理测试服务器.
Test Server
You can easily build a http proxy server and test it. But it may be cumbersome to build a https proxy server, because you need to deploy certificates. So a https proxy test server is provided, based on the code above.
找到答案后,测试服务器即被删除.
Test server is deleted since I've found the answer.
推荐答案
我在Security StackExchange中找到了答案. 是否可以通过ssl(或其他加密方式)连接连接到代理?
I found the answer in Security StackExchange. Is it possible to connect to a proxy with an ssl (or otherwise encrypted) connection?
来自 https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection :
加密的浏览器-鱿鱼连接
尽管HTTPS的设计工作集中在端到端通信上,但是能够加密浏览器到代理的连接也很不错(无需创建阻止Squid的CONNECT隧道)访问和缓存内容).例如,这将允许安全使用位于可能存在敌对网络中的远程代理.
Encrypted browser-Squid connection
While HTTPS design efforts were focused on end-to-end communication, it would also be nice to be able to encrypt the browser-to-proxy connection (without creating a CONNECT tunnel that blocks Squid from accessing and caching content). This would allow, for example, a secure use of remote proxies located across a possibly hostile network.
Squid可以使用https_port接受常规的代理流量,就像Squid使用http_port指令进行接收一样. 不幸的是,流行的现代浏览器不允许配置TLS/SSL加密的代理连接.现在,大多数此类浏览器都存在公开的错误报告,等待支持的出现.如果您有兴趣,请协助浏览器团队实现这一目标.
Squid can accept regular proxy traffic using https_port in the same way Squid does it using an http_port directive. Unfortunately, popular modern browsers do not permit configuration of TLS/SSL encrypted proxy connections. There are open bug reports against most of those browsers now, waiting for support to appear. If you have any interest, please assist browser teams with getting that to happen.
...
如果将Chrome浏览器配置为在PAC文件或命令行开关中使用一个代理,则可以通过SSL连接连接到代理. 尚未(可能)进行GUI配置.
The Chrome browser is able to connect to proxies over SSL connections if configured to use one in a PAC file or command line switch. GUI configuration appears not to be possible (yet).
如果Firefox 33.0浏览器配置为在PAC文件中使用TLS,则可以通过TLS连接连接到代理. GUI配置似乎还没有实现,尽管存在用于嵌入PAC逻辑的配置黑客.
The Firefox 33.0 browser is able to connect to proxies over TLS connections if configured to use one in a PAC file. GUI configuration appears not to be possible (yet), though there is a config hack for embedding PAC logic.
有关Chrome的更多信息,请参见 http://dev.chromium.org/developers/design-documents/secure-web-proxy .
More information related to Chrome can be found in http://dev.chromium.org/developers/design-documents/secure-web-proxy.
回答问题:
- 我可以通过普通方式(不带扩展名)连接到https代理服务器吗?如果可能的话,怎么办?
设置HTTP代理服务器的传统方式(例如Firefox中的Manual proxy configuration字段)仅适用于HTTP代理服务器.只能通过pac文件(例如Firefox中的Automatic proxy configuration URL字段)设置https代理.
The traditional way(e.g. Manual proxy configuration field in Firefox) to set a http proxy server is for HTTP proxy server only. One can only set a https proxy via pac files (e.g. Automatic proxy configuration URL field in Firefox).
- 为什么我可以通过SwitchOmega连接到https代理服务器?
事实上,SwitchOmega扩展会生成一个供Chrome使用的pac文件,尽管到目前为止我还不知道它如何与Chrome交互.
The SwitchOmega extension in fact generates a pac file for Chrome to use, though how it interacts with Chrome is so far unknown to me.
通过单击SwitchOmega中的Export PAC按钮,我得到一个包含以下内容的文件:
By clicking the Export PAC button in SwitchOmega, I get a file contains:
var FindProxyForURL = function(init, profiles) {
return function(url, host) {
"use strict";
var result = init, scheme = url.substr(0, url.indexOf(":"));
do {
result = profiles[result];
if (typeof result === "function") result = result(url, host, scheme);
} while (typeof result !== "string" || result.charCodeAt(0) === 43);
return result;
};
}("+test", {
"+test": function(url, host, scheme) {
"use strict";
if (/^127\.0\.0\.1$/.test(host) || /^::1$/.test(host) || /^localhost$/.test(host)) return "DIRECT";
return "HTTPS myHttpsProxyServer.com:9999"; // This line matters
}
});
HTTP host:port
The specified proxy should be used
HTTPS host:port
The specified HTTPS proxy should be used
- 我想我建立了一个https代理服务器.但是为什么其他人会说没有像https代理服务器这样的东西?
是的,我通过tls连接构建了一个https代理服务器/一个http代理服务器.那些说没有https代理服务器之类的东西"的人是错误的.
Yes I build a https proxy server/a http proxy server over tls connection. Those who says "There's no such thing as a https proxy server" are wrong.
这篇关于HTTPs代理服务器仅在SwitchOmega中工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
