cURL 作为代理，处理 HTTPS/CONNECT 方法

2021-12-31 00:00:00 sockets proxy ssl curl php

此脚本侦听 IP/端口并打算充当 HTTP(S) 代理.

This script listens on an IP/port and intends to act as a HTTP(S) proxy.

对 HTTP URL 的请求工作正常，但我在如何处理 HTTPS 请求方面遇到了困难，更具体地说，在客户端向代理发送 CONNECT 请求后的 SSLv3 握手.

Requests to HTTP URLs work fine, but I'm stumbling on how to deal with HTTPS requests and more specifically, an SSLv3 handshake after the client sends a CONNECT request to the proxy.

我最接近看起来的答案是:

CURLOPT_HTTPPROXYTUNNEL libcurl 选项用于在客户端和目标服务器之间建立隧道数据
stream_socket_enable_crypto() 可能对加密数据进行处理"

我真的不确定，因此非常感谢您提供有关如何处理此问题的指示.

I'm really not sure, so a pointer as to how to deal with this would be greatly appreciated.

这是一个示例请求:http://pastebin.com/xkWhGyjW

<?php class proxy { static $server; static $client; static function headers($str) { // Parses HTTP headers into an array $tmp = preg_split("'? '",$str); $output = array(); $output[] = explode(' ',array_shift($tmp)); $post = ($output[0][0] == 'POST' ? true : false); foreach($tmp as $i => $header) { if($post && !trim($header)) { $output['POST'] = $tmp[$i+1]; break; } else { $l = explode(':',$header,2); $output[$l[0]] = $l[0].': '.ltrim($l[1]); } } return $output; } public function output($curl,$data) { socket_write(proxy::$client,$data); return strlen($data); } } $ip = "127.0.0.1"; $port = 50000; proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP); socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1); socket_bind(proxy::$server,$ip,50000); socket_getsockname(proxy::$server,$ip,$port); socket_listen(proxy::$server); while(proxy::$client = socket_accept(proxy::$server)) { $input = socket_read(proxy::$client,4096); preg_match("'^([^s]+)s([^s]+)s([^ ]+)'ims",$input,$request); $headers = proxy::headers($input); echo $input," "; if(preg_match("'^CONNECT '",$input)) { // HTTPS // Tell the client we can deal with this socket_write(proxy::$client,"HTTP/1.1 200 Connection Established "); // Client sends binary data here (SSLv3, TLS handshake, Client hello?) // socket_read(proxy::$client,4096); // ? } else { // HTTP $input = preg_replace("'^([^s]+)s([a-z]+://)?[a-z0-9.-]+'","\1 ",$input); $curl = curl_init($request[2]); curl_setopt($curl,CURLOPT_HEADER,1); curl_setopt($curl,CURLOPT_HTTPHEADER,$headers); curl_setopt($curl,CURLOPT_TIMEOUT,15); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_NOPROGRESS,1); curl_setopt($curl,CURLOPT_VERBOSE,1); curl_setopt($curl,CURLOPT_AUTOREFERER,true); curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output")); curl_exec($curl); curl_close($curl); } socket_close(proxy::$client); } socket_close(proxy::$server); ?>

推荐答案

如果我理解正确，您正在用 PHP 编写 HTTP 代理服务器.CURLOPT_HTTPPROXYTUNNEL 选项用于连接到使用 PHP cURL 库的代理服务器并使用 CONNECT 而不是 GET.在这种情况下，它不相关.

If I understand correctly, you're writing a HTTP proxy server in PHP. The CURLOPT_HTTPPROXYTUNNEL option is used when you want to connect to a proxy server using the PHP cURL library and use CONNECT instead of GET. In this case it's not relevant.

当您的代理服务器 (PROXY) 收到 CONNECT 请求时，它应该使用 socket_create 和 socket_connect 连接到指定的主机 (ENDPOINT).建立连接后，通过发送 HTTP/1.1 200 Connection Used 让客户端(CLIENT)知道.之后，您需要将 ENDPOINT 发送到 PROXY 的所有数据复制到 CLIENT，并将 CLIENT 发送到 PROXY 的所有数据复制到 ENDPOINT.

When your proxy server (PROXY) receives the CONNECT request, it should connect to the specified host (ENDPOINT) using socket_create and socket_connect. Once the connection is established, let the client (CLIENT) know by sending HTTP/1.1 200 Connection Established. After that, you'll want to copy all data that the ENDPOINT sends to PROXY to the CLIENT and all data that the CLIENT sends to PROXY to the ENDPOINT.

像在您的示例中一样使用 cURL 将创建多个连接.为了处理多个连接，我使用了 pcntl_fork，它在每个 CONNECT 请求上派生一个新进程.

Using cURL like in your example will create multiple connections. To handle multiple connections, I've used pcntl_fork, which forks a new process on every CONNECT request.

这是一个工作示例:

<?php class proxy { static $server; static $client; static function headers($str) { // Parses HTTP headers into an array $tmp = preg_split("'? '",$str); $output = array(); $output[] = explode(' ',array_shift($tmp)); $post = ($output[0][0] == 'POST' ? true : false); foreach($tmp as $i => $header) { if($post && !trim($header)) { $output['POST'] = $tmp[$i+1]; break; } else { $l = explode(':',$header,2); $output[$l[0]] = $l[0].': '.ltrim($l[1]); } } return $output; } public function output($curl,$data) { socket_write(proxy::$client,$data); return strlen($data); } } $ip = "127.0.0.1"; $port = 50000; proxy::$server = socket_create(AF_INET,SOCK_STREAM, SOL_TCP); socket_set_option(proxy::$server,SOL_SOCKET,SO_REUSEADDR,1); socket_bind(proxy::$server,$ip,50000); socket_getsockname(proxy::$server,$ip,$port); socket_listen(proxy::$server); while(proxy::$client = socket_accept(proxy::$server)) { $input = socket_read(proxy::$client,4096); preg_match("'^([^s]+)s([^s]+)s([^ ]+)'ims",$input,$request); $headers = proxy::headers($input); echo $input," "; if(preg_match("'^CONNECT ([^ ]+):(d+) '",$input,$match)) { // HTTPS // fork to allow multiple connections if(pcntl_fork()) continue; $connect_host = $match[1]; $connect_port = $match[2]; // connect to endpoint $connection = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if(!socket_connect($connection, gethostbyname($connect_host), $connect_port)) exit; // let the client know that we're connected socket_write(proxy::$client,"HTTP/1.1 200 Connection Established "); // proxy data $all_sockets = array($connection, proxy::$client); $null = null; while(($sockets = $all_sockets) && false !== socket_select($sockets, $null, $null, 10) ) { // can we read from the client without blocking? if(in_array(proxy::$client, $sockets)) { $buf = null; socket_recv(proxy::$client, $buf, 8192, MSG_DONTWAIT); echo "CLIENT => ENDPOINT (" . strlen($buf) . " bytes) "; if($buf === null) exit; socket_send($connection, $buf, strlen($buf), 0); } // can we read from the endpoint without blocking? if(in_array($connection, $sockets)) { $buf = null; socket_recv($connection, $buf, 8192, MSG_DONTWAIT); echo "ENDPOINT => CLIENT (" . strlen($buf) . " bytes) "; if($buf === null) exit; socket_send(proxy::$client, $buf, strlen($buf), 0); } } exit; } else { // HTTP $input = preg_replace("'^([^s]+)s([a-z]+://)?[a-z0-9.-]+'","\1 ",$input); $curl = curl_init($request[2]); curl_setopt($curl,CURLOPT_HEADER,1); curl_setopt($curl,CURLOPT_HTTPHEADER,$headers); curl_setopt($curl,CURLOPT_TIMEOUT,15); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_NOPROGRESS,1); curl_setopt($curl,CURLOPT_VERBOSE,1); curl_setopt($curl,CURLOPT_AUTOREFERER,true); curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_WRITEFUNCTION, array("proxy","output")); curl_exec($curl); curl_close($curl); } socket_close(proxy::$client); } socket_close(proxy::$server);

相关文章