将HTTP代理转换为Twisted中的HTTPS代理

本文介绍了将HTTP代理转换为Twisted中的HTTPS代理的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

最近我一直在使用扭曲的HTTP代理。经过多次试验和错误，我想我终于有了一些工作。我想知道的是，如果可能的话，我是否可以扩展此代理以便能够处理HTTPS页面？以下是我到目前为止：

Recently I have been playing around with the HTTP Proxy in twisted. After much trial and error I think I finally I have something working. What I want to know though, is how, if it is possible, do I expand this proxy to also be able to handle HTTPS pages? Here is what I've got so far:

from twisted.internet import reactor from twisted.web import http from twisted.web.proxy import Proxy, ProxyRequest, ProxyClientFactory, ProxyClient class HTTPProxyClient(ProxyClient): def handleHeader(self, key, value): print "%s : %s" % (key, value) ProxyClient.handleHeader(self, key, value) def handleResponsePart(self, buffer): print buffer ProxyClient.handleResponsePart(self, buffer) class HTTPProxyFactory(ProxyClientFactory): protocol = HTTPProxyClient class HTTPProxyRequest(ProxyRequest): protocols = {'http' : HTTPProxyFactory} def process(self): print self.method for k,v in self.requestHeaders.getAllRawHeaders(): print "%s : %s" % (k,v) print "\n \n" ProxyRequest.process(self) class HTTPProxy(Proxy): requestFactory = HTTPProxyRequest factory = http.HTTPFactory() factory.protocol = HTTPProxy reactor.listenSSL(8001, factory) reactor.run()

正如此代码所示，为了现在的例子，我只是打印出通过连接的任何内容。是否可以使用相同的类处理HTTPS？如果没有，我该如何实现这样的事情？

As this code demonstrates, for the sake of example for now I am just printing out whatever is going through the connection. Is it possible to handle HTTPS with the same classes? If not, how should I go about implementing such a thing?

推荐答案

如果你想通过HTTP连接到HTTPS网站代理，你需要使用 CONNECT HTTP动词（因为这是代理如何为HTTPS工作）。在这种情况下，代理服务器只需连接到目标服务器，并将服务器发送的任何内容中继回客户端的套接字（反之亦然）。在这种情况下不涉及缓存（但您可能能够记录您正在连接的主机）。

If you want to connect to an HTTPS website via an HTTP proxy, you need to use the CONNECT HTTP verb (because that's how a proxy works for HTTPS). In this case, the proxy server simply connects to the target server and relays whatever is sent by the server back to the client's socket (and vice versa). There's no caching involved in this case (but you might be able to log the hosts you're connecting to).

交换将如下所示（客户端代理） ：

The exchange will look like this (client to proxy):

C->P: CONNECT target.host:443 HTTP/1.0 C->P: P->C: 200 OK P->C:

在此之后，代理只是打开一个到目标服务器的普通套接字（还没有HTTP或SSL / TLS），并在初始客户端和目标服务器之间中继所有内容（包括客户端启动的TLS握手）。客户端将其拥有的现有套接字升级到代理以使用TLS / SSL（通过启动SSL / TLS握手）。一旦客户端读取了'200'状态行，就客户端而言，就好像它已直接连接到目标服务器。

After this, the proxy simply opens a plain socket to the target server (no HTTP or SSL/TLS yet) and relays everything between the initial client and the target server (including the TLS handshake that the client initiates). The client upgrades the existing socket it has to the proxy to use TLS/SSL (by starting the SSL/TLS handshake). Once the client has read the '200' status line, as far as the client is concerned, it's as if it had made the connection to the target server directly.