如何重新排序HTTP标头？ [英] How to re-order HTTP headers?

问题描述

我想知道在发送回网络服务器之前是否有任何方式重新订购我们的浏览器发送的HTTP标头？

I was wondering if there was any way to re-order HTTP headers that are being sent by our browser, before getting sent back to the web server?

由于标题的顺序会留下某种指纹识别，请参阅这篇文章和这篇文章，我正在考虑使用 MITMProxy （我想使用Inline Scripting）来动态修改标题。这可能吗？

Since the order of the headers leaves some kind of "fingerprinting", see this post and this post, I was thinking about using MITMProxy (with Inline Scripting, I guess) to modify headers on-the-fly. Is this possible?

如何实现这一目标？

注意：我正在寻找可以编写脚本的方法，而不是使用方法像 Burp Suite 这样的图形工具（虽然已知Burp能够重新订购标题）

How would one achieve that?
Note: I'm looking for a method that could be scripted, not a method using a graphical tool like the Burp Suite (although Burp is known to be able to re-order headers)

我愿意接受建议。也许NGINX可能也会拯救？

I'm open to suggestions. Perhaps NGINX might come to the rescue as well?

编辑：我应该更具体一点，举个例子......

I should be more specific, by giving an example...

假设我正在使用Firefox。通过使用时髦的插件，我欺骗我的用户代理看起来像Chrome浏览器。但是如果我用 ip-check.info 测试我的浏览器，我的浏览器的签名仍然是一个Firefox，即使我的欺骗用户代理显示Chrome。

Let's say I'm using Firefox. With the use of a funky add-on, I'm spoofing my user-agent to "look" like a Chrome browser. But then if I test my browser with ip-check.info, the "signature" of my browser remains the one of Firefox, even though my spoofed user-agent shows "Chrome".

因此，在这种特定情况下，解决方案应该是重新排序HTTP标头与Chrome一样。

So the solution, in this specific case, should be to re-order the HTTP headers in the same manner as Chrome does.

如何做到这一点？

推荐答案

对于记录，根据的顺序根本不重要。 2rel =nofollow> RFC 7230 。但是现在您已经问过......这可以在mitmproxy中完成，如下所示：

For the record, the order of the HTTP headers should not matter at all according to RFC 7230. But now that you have asked... this can be done in mitmproxy as follows:

import random

def request(context, flow):
    # flow.request.headers.fields is a tuple of (name, value) header tuples.
    h = list(flow.request.headers.fields)
    random.shuffle(h)
    flow.request.headers.fields = tuple(h)

请参阅 netlib.http.Headers 了解更多详情。

有很多方法可以重新排序它们希望：

There are tons of way to reorder them as you wish:

def reorder(headers, header_order=["Host","User-Agent","Accept"]):
    lines = []
    for name in header_order:  # add existing headers in the specified order
        if name in headers:
            lines.extend(headers.get_all(name))
            del headers[name]
    lines.extend(headers.fields)  # all other headers
    return lines
request.headers.fields = reorder(request.headers)

这篇关于如何重新排序HTTP标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！