如何通过透明代理实现SSL隧道？(How to implement an SSL tunnel through a transparent proxy?)

如何通过透明代理实现SSL隧道？(How to implement an SSL tunnel through a transparent proxy?)

我已阅读1995年12月的SSL TUNNELING INTERNET-DRAFT并设置了一个HTTP透明代理，可以完美地处理未加密的流量。

阅读了上述内容，以及用脑子搜索我的大脑，通过代理创建隧道以实现安全流量的可接受方法似乎是：

连接到请求的主机，然后让代理向客户端发送“HTTP 200 ...”确认消息，然后从该点开始简单地传递客户端和服务器之间的所有其他数据流量。

但是，当我尝试此操作时，客户端（Chrome浏览器）会响应“HTTP 200 ...”消息，其中包含三个翼形字符，我将其转发到远程主机。 此时没有响应，连接失败。

在连接到主机后，这是我正在使用的代码：

if((*request=='C')&&(*(request+1)=='O')&&(*(request+2)=='N')&&(*(request+3)=='N')) { int recvLen; send(output,htok,strlen(htok),0); //htok looks like "HTTP/1.0 200 Connection Established\nProxy-Agent: this_proxy\r\n\r\n" std::memset(buff,0,bSize); int total; int bytes; int n; char cdata[MAXDATA]; while ((recvLen = recv(output, buff, bSize-1,0)) > 0) //recving from client - here we get wingdings { memset(cdata,0, MAXDATA); strcat(cdata, buff); while(recvLen>=bSize-1)//just in case buff is too small { std::memset(buff,0,bSize); recvLen=recv(output,buff,bSize-1,0); strcat(cdata, buff); } total = 0; bytes = strlen(cdata); cout << cdata << endl;//how I see the wingdings while (total < strlen(cdata)) { n = send(requestSock, cdata + total, bytes,0);//forwarding to remote host if(n == SOCKET_ERROR) { cout << "secure sending error" << endl; break; } total += n; bytes -= n; } std::memset(buff,0,bSize); recvLen=recv(requestSock, buff, bSize,0);//get reply from remote host if (recvLen > 0) { do { cout<<"Thread "<<threadid<<" [Connection:Secure]: "<<recvLen<<endl; send(output, buff, recvLen,0);//forward all to client recvLen= recv(requestSock, buff, bSize,0); if(0==recvLen || SOCKET_ERROR==recvLen) { cout<<"finished secure receiving or socket error"<<endl; break; } }while(true); } }//end while, loop checks again for client data

谁能发现我的方式错误？

I have read the SSL TUNNELING INTERNET-DRAFT of December 1995 and set up an HTTP transparent proxy that works perfectly with unencrypted traffic.

Having read the above, as well as googled my brains out, the accepted method to create a tunnel for secure traffic through a proxy seems to be:

connect to the requested host, then have the proxy send an "HTTP 200..." confirmation message back to the client, then from that point on simply pass all further data traffic between client and server.

When I try this, however, the client (Chrome browser) responds to the "HTTP 200..." message with three wingdings characters which I forward to the remote host. At this point there is no response back and the connection fails.

Here is the code I am using for this, after having connected to the host:

if((*request=='C')&&(*(request+1)=='O')&&(*(request+2)=='N')&&(*(request+3)=='N')) { int recvLen; send(output,htok,strlen(htok),0); //htok looks like "HTTP/1.0 200 Connection Established\nProxy-Agent: this_proxy\r\n\r\n" std::memset(buff,0,bSize); int total; int bytes; int n; char cdata[MAXDATA]; while ((recvLen = recv(output, buff, bSize-1,0)) > 0) //recving from client - here we get wingdings { memset(cdata,0, MAXDATA); strcat(cdata, buff); while(recvLen>=bSize-1)//just in case buff is too small { std::memset(buff,0,bSize); recvLen=recv(output,buff,bSize-1,0); strcat(cdata, buff); } total = 0; bytes = strlen(cdata); cout << cdata << endl;//how I see the wingdings while (total < strlen(cdata)) { n = send(requestSock, cdata + total, bytes,0);//forwarding to remote host if(n == SOCKET_ERROR) { cout << "secure sending error" << endl; break; } total += n; bytes -= n; } std::memset(buff,0,bSize); recvLen=recv(requestSock, buff, bSize,0);//get reply from remote host if (recvLen > 0) { do { cout<<"Thread "<<threadid<<" [Connection:Secure]: "<<recvLen<<endl; send(output, buff, recvLen,0);//forward all to client recvLen= recv(requestSock, buff, bSize,0); if(0==recvLen || SOCKET_ERROR==recvLen) { cout<<"finished secure receiving or socket error"<<endl; break; } }while(true); } }//end while, loop checks again for client data

Can anyone spot the error of my ways?

最满意答案

您的代码比必要的复杂得多。 只需读入一个char数组，保存返回的长度，并在循环中从同一个数组中写入多个字节，直到recv（）返回零。 4行代码，包括两个用于括号。 不要尝试汇总整个收到的消息，只是转发任何进来的消息。 否则，您只是添加延迟和编程错误。 完全摆脱所有strXXX（）调用。

Your code is much more complicated than necessary. Just read into a char array, save the length returned, and write that many bytes from the same array, in a loop until recv() returns zero. 4 lines of code including two for the braces. Don't try to assemble the entire incoming message, just relay whatever comes in as it comes. Otherwise you are just adding latency, and programming errors. Get rid of all the strXXX() calls altogether.