cURL作为代理,处理HTTPS / CONNECT方法 [英] cURL as proxy, deal with HTTPS/CONNECT method
问题描述
此脚本监听IP /端口并打算充当HTTP(S)代理。
This script listens on an IP/port and intends to act as a HTTP(S) proxy.
对HTTP URL的请求工作正常,但我很抱歉关于如何处理HTTPS请求,更具体地说,在客户端向代理发送CONNECT请求之后的SSLv3握手。
Requests to HTTP URLs work fine, but I'm stumbling on how to deal with HTTPS requests and more specifically, an SSLv3 handshake after the client sends a CONNECT request to the proxy.
最近我来到了什么 >看起来像一个答案是:
- CURLOPT_HTTPPROXYTUNNEL libcurl选项用于在客户端和目标服务器之间隧道数据
- stream_socket_enable_crypto()可能会对加密数据执行do stuff
我真的不知道,
这里是一个示例请求: http://pastebin.com/xkWhGyjW
Here is a sample request: http://pastebin.com/xkWhGyjW
<?php
class proxy {
static $server;
static $client;
static function headers($str) { // Parses HTTP headers into an array
$tmp = preg_split("'\r?\n'",$str);
$output = array();
$output[] = explode(' ',array_shift($tmp));
$post = ($output[0][0] == 'POST' ? true : false);
foreach($tmp as $i => $header) {
if($post && !trim($header)) {
$output['POST'] = $tmp[$i+1];
break;
}
else {
$l = explode(':',$header,2);
$output[$l[0]] = $l[0].': '.ltrim($l[1]);
}
}
return $output;
}
public function output($curl,$data) {
socket_write(proxy::$client,$data);
return strlen($data);
}
}
$ip = "127.0.0.1";
$port = 50000;
proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP);
socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1);
socket_bind(proxy::$server,$ip,50000);
socket_getsockname(proxy::$server,$ip,$port);
socket_listen(proxy::$server);
while(proxy::$client = socket_accept(proxy::$server)) {
$input = socket_read(proxy::$client,4096);
preg_match("'^([^\s]+)\s([^\s]+)\s([^\r\n]+)'ims",$input,$request);
$headers = proxy::headers($input);
echo $input,"\n\n";
if(preg_match("'^CONNECT '",$input)) { // HTTPS
// Tell the client we can deal with this
socket_write(proxy::$client,"HTTP/1.1 200 Connection Established\r\n\r\n");
// Client sends binary data here (SSLv3, TLS handshake, Client hello?)
// socket_read(proxy::$client,4096);
// ?
}
else { // HTTP
$input = preg_replace("'^([^\s]+)\s([a-z]+://)?[a-z0-9\.\-]+'","\\1 ",$input);
$curl = curl_init($request[2]);
curl_setopt($curl,CURLOPT_HEADER,1);
curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
curl_setopt($curl,CURLOPT_TIMEOUT,15);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_NOPROGRESS,1);
curl_setopt($curl,CURLOPT_VERBOSE,1);
curl_setopt($curl,CURLOPT_AUTOREFERER,true);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output"));
curl_exec($curl);
curl_close($curl);
}
socket_close(proxy::$client);
}
socket_close(proxy::$server);
?>
推荐答案
如果我理解正确,代理服务器在PHP。当您要使用PHP cURL库连接到代理服务器并使用 CONNECT
而不是使用 CURLOPT_HTTPPROXYTUNNEL
GET
。
If I understand correctly, you're writing a HTTP proxy server in PHP. The CURLOPT_HTTPPROXYTUNNEL
option is used when you want to connect to a proxy server using the PHP cURL library and use CONNECT
instead of GET
. In this case it's not relevant.
当您的代理服务器(PROXY)收到 CONNECT
请求时,使用 socket_create
和 socket_connect
将指定的主机(ENDPOINT)一旦建立连接,让客户端(CLIENT)知道发送 HTTP / 1.1 200 Connection Established
。之后,您需要将ENDPOINT发送给PROXY的所有数据复制到CLIENT,并将CLIENT发送到PROXY的所有数据复制到ENDPOINT。
When your proxy server (PROXY) receives the CONNECT
request, it should connect to the specified host (ENDPOINT) using socket_create
and socket_connect
. Once the connection is established, let the client (CLIENT) know by sending HTTP/1.1 200 Connection Established
. After that, you'll want to copy all data that the ENDPOINT sends to PROXY to the CLIENT and all data that the CLIENT sends to PROXY to the ENDPOINT.
使用cURL像在你的示例中将创建多个连接。为了处理多个连接,我使用了 pcntl_fork
,它在每个 CONNECT
请求上分配一个新进程。
Using cURL like in your example will create multiple connections. To handle multiple connections, I've used pcntl_fork
, which forks a new process on every CONNECT
request.
这是一个工作示例:
<?php
class proxy {
static $server;
static $client;
static function headers($str) { // Parses HTTP headers into an array
$tmp = preg_split("'\r?\n'",$str);
$output = array();
$output[] = explode(' ',array_shift($tmp));
$post = ($output[0][0] == 'POST' ? true : false);
foreach($tmp as $i => $header) {
if($post && !trim($header)) {
$output['POST'] = $tmp[$i+1];
break;
}
else {
$l = explode(':',$header,2);
$output[$l[0]] = $l[0].': '.ltrim($l[1]);
}
}
return $output;
}
public function output($curl,$data) {
socket_write(proxy::$client,$data);
return strlen($data);
}
}
$ip = "127.0.0.1";
$port = 50000;
proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP);
socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1);
socket_bind(proxy::$server,$ip,50000);
socket_getsockname(proxy::$server,$ip,$port);
socket_listen(proxy::$server);
while(proxy::$client = socket_accept(proxy::$server)) {
$input = socket_read(proxy::$client,4096);
preg_match("'^([^\s]+)\s([^\s]+)\s([^\r\n]+)'ims",$input,$request);
$headers = proxy::headers($input);
echo $input,"\n\n";
if(preg_match("'^CONNECT ([^ ]+):(\d+) '",$input,$match)) { // HTTPS
// fork to allow multiple connections
if(pcntl_fork())
continue;
$connect_host = $match[1];
$connect_port = $match[2];
// connect to endpoint
$connection = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!socket_connect($connection, gethostbyname($connect_host), $connect_port))
exit;
// let the client know that we're connected
socket_write(proxy::$client,"HTTP/1.1 200 Connection Established\r\n\r\n");
// proxy data
$all_sockets = array($connection, proxy::$client);
$null = null;
while(($sockets = $all_sockets)
&& false !== socket_select($sockets, $null, $null, 10)
) {
// can we read from the client without blocking?
if(in_array(proxy::$client, $sockets)) {
$buf = null;
socket_recv(proxy::$client, $buf, 8192, MSG_DONTWAIT);
echo "CLIENT => ENDPOINT (" . strlen($buf) . " bytes)\n";
if($buf === null)
exit;
socket_send($connection, $buf, strlen($buf), 0);
}
// can we read from the endpoint without blocking?
if(in_array($connection, $sockets)) {
$buf = null;
socket_recv($connection, $buf, 8192, MSG_DONTWAIT);
echo "ENDPOINT => CLIENT (" . strlen($buf) . " bytes)\n";
if($buf === null)
exit;
socket_send(proxy::$client, $buf, strlen($buf), 0);
}
}
exit;
}
else { // HTTP
$input = preg_replace("'^([^\s]+)\s([a-z]+://)?[a-z0-9\.\-]+'","\\1 ",$input);
$curl = curl_init($request[2]);
curl_setopt($curl,CURLOPT_HEADER,1);
curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
curl_setopt($curl,CURLOPT_TIMEOUT,15);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_NOPROGRESS,1);
curl_setopt($curl,CURLOPT_VERBOSE,1);
curl_setopt($curl,CURLOPT_AUTOREFERER,true);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output"));
curl_exec($curl);
curl_close($curl);
}
socket_close(proxy::$client);
}
socket_close(proxy::$server);
这篇关于cURL作为代理,处理HTTPS / CONNECT方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!