在 Twisted 中将 HTTP 代理转换为 HTTPS 代理
最近我一直在尝试使用twisted 中的HTTP 代理。经过多次尝试和错误,我想我终于有了一些工作。但我想知道的是,如果可能的话,如何扩展此代理以使其也能够处理 HTTPS 页面?这是我到目前为止所得到的:
from twisted.internet import reactor
from twisted.web import http
from twisted.web.proxy import Proxy, ProxyRequest, ProxyClientFactory, ProxyClient
class HTTPProxyClient(ProxyClient):
def handleHeader(self, key, value):
print "%s : %s" % (key, value)
ProxyClient.handleHeader(self, key, value)
def handleResponsePart(self, buffer):
print buffer
ProxyClient.handleResponsePart(self, buffer)
class HTTPProxyFactory(ProxyClientFactory):
protocol = HTTPProxyClient
class HTTPProxyRequest(ProxyRequest):
protocols = {'http' : HTTPProxyFactory}
def process(self):
print self.method
for k,v in self.requestHeaders.getAllRawHeaders():
print "%s : %s" % (k,v)
print "\n \n"
ProxyRequest.process(self)
class HTTPProxy(Proxy):
requestFactory = HTTPProxyRequest
factory = http.HTTPFactory()
factory.protocol = HTTPProxy
reactor.listenSSL(8001, factory)
reactor.run()
正如这段代码所示,为了举例,现在我只是打印出通过连接的任何内容。是否可以使用相同的类处理 HTTPS?如果没有,我应该如何实施这样的事情?
Recently I have been playing around with the HTTP Proxy in twisted. After much trial and error I think I finally I have something working. What I want to know though, is how, if it is possible, do I expand this proxy to also be able to handle HTTPS pages? Here is what I've got so far:
from twisted.internet import reactor
from twisted.web import http
from twisted.web.proxy import Proxy, ProxyRequest, ProxyClientFactory, ProxyClient
class HTTPProxyClient(ProxyClient):
def handleHeader(self, key, value):
print "%s : %s" % (key, value)
ProxyClient.handleHeader(self, key, value)
def handleResponsePart(self, buffer):
print buffer
ProxyClient.handleResponsePart(self, buffer)
class HTTPProxyFactory(ProxyClientFactory):
protocol = HTTPProxyClient
class HTTPProxyRequest(ProxyRequest):
protocols = {'http' : HTTPProxyFactory}
def process(self):
print self.method
for k,v in self.requestHeaders.getAllRawHeaders():
print "%s : %s" % (k,v)
print "\n \n"
ProxyRequest.process(self)
class HTTPProxy(Proxy):
requestFactory = HTTPProxyRequest
factory = http.HTTPFactory()
factory.protocol = HTTPProxy
reactor.listenSSL(8001, factory)
reactor.run()
As this code demonstrates, for the sake of example for now I am just printing out whatever is going through the connection. Is it possible to handle HTTPS with the same classes? If not, how should I go about implementing such a thing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您想通过 HTTP 代理连接到 HTTPS 网站,则需要使用
CONNECTHTTP 动词(因为这就是 HTTPS 代理的工作原理)。在这种情况下,代理服务器只是连接到目标服务器并将服务器发送的任何内容中继回客户端的套接字(反之亦然)。在这种情况下不涉及缓存(但您也许能够记录您正在连接的主机)。交换将如下所示(客户端到代理):
此后,代理只需打开一个到目标服务器的普通套接字(还没有 HTTP 或 SSL/TLS),并中继初始客户端和目标服务器之间的所有内容(包括 TLS)客户端发起的握手)。客户端将其现有的套接字升级到代理以使用 TLS/SSL(通过启动 SSL/TLS 握手)。一旦客户端读取到“200”状态行,就客户端而言,就好像直接与目标服务器建立了连接。
If you want to connect to an HTTPS website via an HTTP proxy, you need to use the
CONNECTHTTP verb (because that's how a proxy works for HTTPS). In this case, the proxy server simply connects to the target server and relays whatever is sent by the server back to the client's socket (and vice versa). There's no caching involved in this case (but you might be able to log the hosts you're connecting to).The exchange will look like this (client to proxy):
After this, the proxy simply opens a plain socket to the target server (no HTTP or SSL/TLS yet) and relays everything between the initial client and the target server (including the TLS handshake that the client initiates). The client upgrades the existing socket it has to the proxy to use TLS/SSL (by starting the SSL/TLS handshake). Once the client has read the '200' status line, as far as the client is concerned, it's as if it had made the connection to the target server directly.
我不确定扭曲,但我想警告您,如果您实现 HTTPS 代理,Web 浏览器将期望服务器的 SSL 证书与 URL(地址栏)中的域名相匹配。否则网络浏览器将发出安全警告。
有多种方法可以解决此问题,例如动态生成证书,但您需要浏览器信任根证书。
I'm not sure about twisted, but I want to warn you that if you implement a HTTPS proxy, a web browser will expect the server's SSL certificate to match the domain name in the URL (address bar). The web browser will issue security warnings otherwise.
There are ways around this, such as generating certificates on the fly, but you'd need the root certificate to be trusted on the browser.