问题描述
此脚本侦听 IP/端口并打算充当 HTTP(S) 代理.
This script listens on an IP/port and intends to act as a HTTP(S) proxy.
对 HTTP URL 的请求工作正常,但我在如何处理 HTTPS 请求方面遇到了困难,更具体地说,在客户端向代理发送 CONNECT 请求后的 SSLv3 握手.
Requests to HTTP URLs work fine, but I'm stumbling on how to deal with HTTPS requests and more specifically, an SSLv3 handshake after the client sends a CONNECT request to the proxy.
我最接近看起来的答案是:
- CURLOPT_HTTPPROXYTUNNEL libcurl 选项用于在客户端和目标服务器之间建立隧道数据
- stream_socket_enable_crypto() 可能对加密数据进行处理"
我真的不确定,因此非常感谢您提供有关如何处理此问题的指示.
I'm really not sure, so a pointer as to how to deal with this would be greatly appreciated.
这是一个示例请求:http://pastebin.com/xkWhGyjW
<?php
class proxy {
static $server;
static $client;
static function headers($str) { // Parses HTTP headers into an array
$tmp = preg_split("'
?
'",$str);
$output = array();
$output[] = explode(' ',array_shift($tmp));
$post = ($output[0][0] == 'POST' ? true : false);
foreach($tmp as $i => $header) {
if($post && !trim($header)) {
$output['POST'] = $tmp[$i+1];
break;
}
else {
$l = explode(':',$header,2);
$output[$l[0]] = $l[0].': '.ltrim($l[1]);
}
}
return $output;
}
public function output($curl,$data) {
socket_write(proxy::$client,$data);
return strlen($data);
}
}
$ip = "127.0.0.1";
$port = 50000;
proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP);
socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1);
socket_bind(proxy::$server,$ip,50000);
socket_getsockname(proxy::$server,$ip,$port);
socket_listen(proxy::$server);
while(proxy::$client = socket_accept(proxy::$server)) {
$input = socket_read(proxy::$client,4096);
preg_match("'^([^s]+)s([^s]+)s([^
]+)'ims",$input,$request);
$headers = proxy::headers($input);
echo $input,"
";
if(preg_match("'^CONNECT '",$input)) { // HTTPS
// Tell the client we can deal with this
socket_write(proxy::$client,"HTTP/1.1 200 Connection Established
");
// Client sends binary data here (SSLv3, TLS handshake, Client hello?)
// socket_read(proxy::$client,4096);
// ?
}
else { // HTTP
$input = preg_replace("'^([^s]+)s([a-z]+://)?[a-z0-9.-]+'","\1 ",$input);
$curl = curl_init($request[2]);
curl_setopt($curl,CURLOPT_HEADER,1);
curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
curl_setopt($curl,CURLOPT_TIMEOUT,15);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_NOPROGRESS,1);
curl_setopt($curl,CURLOPT_VERBOSE,1);
curl_setopt($curl,CURLOPT_AUTOREFERER,true);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output"));
curl_exec($curl);
curl_close($curl);
}
socket_close(proxy::$client);
}
socket_close(proxy::$server);
?>
推荐答案
如果我理解正确,您正在用 PHP 编写 HTTP 代理服务器.CURLOPT_HTTPPROXYTUNNEL 选项用于连接到使用 PHP cURL 库的代理服务器并使用 CONNECT 而不是 GET.在这种情况下,它不相关.
If I understand correctly, you're writing a HTTP proxy server in PHP. The CURLOPT_HTTPPROXYTUNNEL option is used when you want to connect to a proxy server using the PHP cURL library and use CONNECT instead of GET. In this case it's not relevant.
当您的代理服务器 (PROXY) 收到 CONNECT 请求时,它应该使用 socket_create 和 socket_connect 连接到指定的主机 (ENDPOINT).建立连接后,通过发送 HTTP/1.1 200 Connection Used 让客户端(CLIENT)知道.之后,您需要将 ENDPOINT 发送到 PROXY 的所有数据复制到 CLIENT,并将 CLIENT 发送到 PROXY 的所有数据复制到 ENDPOINT.
When your proxy server (PROXY) receives the CONNECT request, it should connect to the specified host (ENDPOINT) using socket_create and socket_connect. Once the connection is established, let the client (CLIENT) know by sending HTTP/1.1 200 Connection Established. After that, you'll want to copy all data that the ENDPOINT sends to PROXY to the CLIENT and all data that the CLIENT sends to PROXY to the ENDPOINT.
像在您的示例中一样使用 cURL 将创建多个连接.为了处理多个连接,我使用了 pcntl_fork,它在每个 CONNECT 请求上派生一个新进程.
Using cURL like in your example will create multiple connections. To handle multiple connections, I've used pcntl_fork, which forks a new process on every CONNECT request.
这是一个工作示例:
<?php
class proxy {
static $server;
static $client;
static function headers($str) { // Parses HTTP headers into an array
$tmp = preg_split("'
?
'",$str);
$output = array();
$output[] = explode(' ',array_shift($tmp));
$post = ($output[0][0] == 'POST' ? true : false);
foreach($tmp as $i => $header) {
if($post && !trim($header)) {
$output['POST'] = $tmp[$i+1];
break;
}
else {
$l = explode(':',$header,2);
$output[$l[0]] = $l[0].': '.ltrim($l[1]);
}
}
return $output;
}
public function output($curl,$data) {
socket_write(proxy::$client,$data);
return strlen($data);
}
}
$ip = "127.0.0.1";
$port = 50000;
proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP);
socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1);
socket_bind(proxy::$server,$ip,50000);
socket_getsockname(proxy::$server,$ip,$port);
socket_listen(proxy::$server);
while(proxy::$client = socket_accept(proxy::$server)) {
$input = socket_read(proxy::$client,4096);
preg_match("'^([^s]+)s([^s]+)s([^
]+)'ims",$input,$request);
$headers = proxy::headers($input);
echo $input,"
";
if(preg_match("'^CONNECT ([^ ]+):(d+) '",$input,$match)) { // HTTPS
// fork to allow multiple connections
if(pcntl_fork())
continue;
$connect_host = $match[1];
$connect_port = $match[2];
// connect to endpoint
$connection = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!socket_connect($connection, gethostbyname($connect_host), $connect_port))
exit;
// let the client know that we're connected
socket_write(proxy::$client,"HTTP/1.1 200 Connection Established
");
// proxy data
$all_sockets = array($connection, proxy::$client);
$null = null;
while(($sockets = $all_sockets)
&& false !== socket_select($sockets, $null, $null, 10)
) {
// can we read from the client without blocking?
if(in_array(proxy::$client, $sockets)) {
$buf = null;
socket_recv(proxy::$client, $buf, 8192, MSG_DONTWAIT);
echo "CLIENT => ENDPOINT (" . strlen($buf) . " bytes)
";
if($buf === null)
exit;
socket_send($connection, $buf, strlen($buf), 0);
}
// can we read from the endpoint without blocking?
if(in_array($connection, $sockets)) {
$buf = null;
socket_recv($connection, $buf, 8192, MSG_DONTWAIT);
echo "ENDPOINT => CLIENT (" . strlen($buf) . " bytes)
";
if($buf === null)
exit;
socket_send(proxy::$client, $buf, strlen($buf), 0);
}
}
exit;
}
else { // HTTP
$input = preg_replace("'^([^s]+)s([a-z]+://)?[a-z0-9.-]+'","\1 ",$input);
$curl = curl_init($request[2]);
curl_setopt($curl,CURLOPT_HEADER,1);
curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
curl_setopt($curl,CURLOPT_TIMEOUT,15);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_NOPROGRESS,1);
curl_setopt($curl,CURLOPT_VERBOSE,1);
curl_setopt($curl,CURLOPT_AUTOREFERER,true);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output"));
curl_exec($curl);
curl_close($curl);
}
socket_close(proxy::$client);
}
socket_close(proxy::$server);
这篇关于cURL 作为代理,处理 HTTPS/CONNECT 方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
大气响应式网络建站服务公司织梦模板
高端大气html5设计公司网站源码
织梦dede网页模板下载素材销售下载站平台(带会员中心带筛选)
财税代理公司注册代理记账网站织梦模板(带手机端)
成人高考自考在职研究生教育机构网站源码(带手机端)
高端HTML5响应式企业集团通用类网站织梦模板(自适应手机端)