在 Twisted 中将 HTTP 代理转换为 HTTPS 代理 [英] Convert HTTP Proxy to HTTPS Proxy in Twisted

问题描述

最近我一直在玩弄 HTTP 代理.经过多次反复试验，我想我终于有了一些工作.不过，我想知道的是，如果可能的话，我如何扩展此代理以也能够处理 HTTPS 页面?这是我到目前为止所得到的:

Recently I have been playing around with the HTTP Proxy in twisted. After much trial and error I think I finally I have something working. What I want to know though, is how, if it is possible, do I expand this proxy to also be able to handle HTTPS pages? Here is what I've got so far:

from twisted.internet import reactor
from twisted.web import http
from twisted.web.proxy import Proxy, ProxyRequest, ProxyClientFactory, ProxyClient



class HTTPProxyClient(ProxyClient):
    def handleHeader(self, key, value):
        print "%s : %s" % (key, value)
        ProxyClient.handleHeader(self, key, value)

    def handleResponsePart(self, buffer):
        print buffer
        ProxyClient.handleResponsePart(self, buffer)

class HTTPProxyFactory(ProxyClientFactory):
    protocol = HTTPProxyClient

class HTTPProxyRequest(ProxyRequest):
    protocols = {'http' : HTTPProxyFactory}

    def process(self):
        print self.method
        for k,v in self.requestHeaders.getAllRawHeaders():
            print "%s : %s" % (k,v)
        print "
 
"

        ProxyRequest.process(self)

class HTTPProxy(Proxy):

    requestFactory = HTTPProxyRequest


factory = http.HTTPFactory()
factory.protocol = HTTPProxy

reactor.listenSSL(8001, factory)
reactor.run()

正如这段代码所展示的，为了举例，我现在只是打印出通过连接的任何内容.是否可以使用相同的类处理 HTTPS?如果没有，我应该如何实施这样的事情?

As this code demonstrates, for the sake of example for now I am just printing out whatever is going through the connection. Is it possible to handle HTTPS with the same classes? If not, how should I go about implementing such a thing?

推荐答案

如果您想通过 HTTP 代理连接到 HTTPS 网站，您需要使用 CONNECT HTTP 动词(因为那是代理适用于 HTTPS).在这种情况下，代理服务器简单地连接到目标服务器并将服务器发送的任何内容中继回客户端的套接字(反之亦然).在这种情况下不涉及缓存(但您可能能够记录您正在连接的主机).

If you want to connect to an HTTPS website via an HTTP proxy, you need to use the CONNECT HTTP verb (because that's how a proxy works for HTTPS). In this case, the proxy server simply connects to the target server and relays whatever is sent by the server back to the client's socket (and vice versa). There's no caching involved in this case (but you might be able to log the hosts you're connecting to).

交换看起来像这样(客户端到代理):

The exchange will look like this (client to proxy):

C->P: CONNECT target.host:443 HTTP/1.0
C->P:

P->C: 200 OK
P->C: 

此后，代理简单地向目标服务器打开一个普通套接字(还没有 HTTP 或 SSL/TLS)，并在初始客户端和目标服务器之间中继所有内容(包括客户端发起的 TLS 握手).客户端将它拥有的现有套接字升级到代理以使用 TLS/SSL(通过启动 SSL/TLS 握手).一旦客户端读取了200"状态行，对客户端而言，就好像直接连接到目标服务器一样.

After this, the proxy simply opens a plain socket to the target server (no HTTP or SSL/TLS yet) and relays everything between the initial client and the target server (including the TLS handshake that the client initiates). The client upgrades the existing socket it has to the proxy to use TLS/SSL (by starting the SSL/TLS handshake). Once the client has read the '200' status line, as far as the client is concerned, it's as if it had made the connection to the target server directly.

这篇关于在 Twisted 中将 HTTP 代理转换为 HTTPS 代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！