将Fiddler作为HTTPS服务器的反向代理运行 [英] Running Fiddler as a Reverse Proxy for HTTPS server
问题描述
我有以下情况:2台主机,一台是客户端,另一台是HTTPS服务器.
I have the following situation: 2 hosts, one is a client and the other an HTTPS server.
Client (:<brwsr-port>) <=============> Web server (:443)
我在服务器上安装了 Fiddler ,这样我现在就可以在端口8888的服务器上运行Fiddler了.
I installed Fiddler on the server so that I now have Fiddler running on my server on port 8888.
我想遇到的情况如下:
|Client (:<brwsr-port>)| <===> |Fiddler (:8888) <===> Web server (:443)|
|-Me-------------------| |-Server--------------------------------|
我想从我的计算机联系Fiddler,它将流量重定向到Web服务器.但是,Web服务器使用HTTPS.
From my computer I want to contact Fiddler which will redirect traffic to the web server. The web server however uses HTTPS.
在服务器上,我设置了Fiddler来处理HTTPS会话并对其解密.我被要求在服务器上安装Fiddler的假CA证书,而我做到了!我还插入了Fiddler Wiki页面建议的脚本来重定向HTTPS流量
On The server I set up Fiddler to handle HTTPS sessions and decrypt them. I was asked to install on the server Fiddler's fake CA's certificate and I did it! I also inserted the script suggested by the Fiddler wiki page to redirect HTTPS traffic
// HTTPS redirect -----------------------
FiddlerObject.log("Connect received...");
if (oSession.HTTPMethodIs("CONNECT") && (oSession.PathAndQuery == "<server-addr>:8888")) {
oSession.PathAndQuery = "<server-addr>:443";
}
// --------------------------------------
但是,当我尝试https://myserver:8888/index.html时,我会失败!
However when I try https://myserver:8888/index.html I fail!
在客户端上使用Fiddler时,我可以看到CONNECT请求启动,但是会话失败,因为响应是HTTP错误502.似乎没有人在侦听端口8888.实际上,如果我在服务器上停止Fiddler,我会发现遇到相同的情况:502错误的网关.
When using Fiddler on the client, I can see that the CONNECT request starts but the session fails because response is HTTP error 502. Looks like no one is listening on port 8888. In fact, If I stop Fiddler on the server I get the same situation: 502 bad gateway.
请注意,当我尝试https://myserver/index.html和https://myserver:443/index.html时,一切正常!
Please note that when I try https://myserver/index.html and https://myserver:443/index.html everything works!
我在做什么错了?
我认为,因为TLS/SSL可能在端口443上工作,所以我应该让Fiddler在那里侦听并将Web服务器移至另一个端口,例如444(然后我应该在IIS上在端口444上设置https绑定).正确吗?
I thought that since maybe TLS/SSL works on port 443, I should have Fiddler listen there and move my web server to another port, like 444 (I should probably set on IIS an https binding on port 444 then). Is it correct?
推荐答案
如果未将Fiddler配置为客户端的代理,而是在服务器上作为反向代理运行,则情况会变得更加复杂.
If Fiddler isn't configured as the client's proxy and is instead running as a reverse proxy on the Server, then things get a bit more complicated.
- 将现有的HTTPS服务器移动到新端口(例如444)
- 内部工具>提琴手选项>连接中,勾选
Allow Remote Clients to Connect.重新启动Fiddler. - 在Fiddler的QuickExec框中,键入
!listen 443 ServerName,其中ServerName是服务器的主机名.例如,对于https://Fuzzle/,您将使用fuzzle作为服务器名称. -
在您的OnBeforeRequest方法中,添加:
- Move your existing HTTPS server to a new port (e.g. 444)
- Inside Tools > Fiddler Options > Connections, tick
Allow Remote Clients to Connect. Restart Fiddler. - Inside Fiddler's QuickExec box, type
!listen 443 ServerNamewhere ServerName is whatever the server's hostname is; for instance, forhttps://Fuzzle/you would usefuzzlefor the server name. Inside your OnBeforeRequest method, add:
if ((oSession.HostnameIs("fuzzle")) &&
(oSession.oRequest.pipeClient.LocalPort == 443) )
{
oSession.host = "fuzzle:444";
}
为什么需要这种方式?
!listen命令指示Fiddler创建一个新端点,该端点将在连接时与客户端执行HTTPS握手;默认的代理端点不会这样做,因为当代理接收到HTTPS流量的连接时,它将获得HTTP CONNECT请求而不是握手.
The !listen command instructs Fiddler to create a new endpoint that will perform a HTTPS handshake with the client upon connection; the default proxy endpoint doesn't do that because when a proxy receives a connection for HTTPS traffic it gets a HTTP CONNECT request instead of a handshake.
这篇关于将Fiddler作为HTTPS服务器的反向代理运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
