Java HTTPS Connection Forwarding

本秂侑毒 提交于 2020-01-05 07:42:08

问题


I'm writing a simple program in Java that receives connection requests from a browser (like Firefox), parses the request for statistical info, then forwards the request to the original destination. The program then reads the response from the destination, parses the response for statistical info, then forwards the response to the browser.

The pseudo code of this operation is as follows:

// Accept connection from browser and read request
1. Socket browserConnection = serverSocket.accept();
2. browserConnection.getInputStream().read(buffer);
3. SocketInetAddress destInetAddress = parseHttpRequest(buffer);

// Connect to destination and forward request
4. Socket destConnection = new Socket(destInetAddress);
5. destConnection.getOutputStream().write(buffer);

// Read response from destination
6. destConnection.getInputStream().read(buffer);
7. parseHttpResponse(buffer);

// Forward response to browser
8. browserConnection.getOutputStream().write(buffer);

This works well with HTTP connections, but I'm getting connection reset for HTTPS connections.

NOTE : I know the difference between HTTP and HTTPS connections, that unlike HTTP, it's NOT just a one-time send and then some receives. My code for HTTPS reads as much as needed, and also writes as much as needed.

Why am I getting connection resets from any HTTPS server (e.g. https://www.google.com, https://www.comodo.com, etc.) I try to connect ?!


回答1:


HTTPS is secured to keep man-in-the-middle attacks from happening. What you're talking about, whether it's legitimate or not, is what a man-in-the-middle attack looks like. With HTTPS you can't just intercept packets meant for another destination and read them. You can, however, have the packets directed at you, provide the client with your security certificate, decode the packets, do whatever you want with them, re-encode them, and pass them on to another destination. The difference is, the client has to know you exist and who you are. Otherwise, it won't be able to communicate with you using HTTPS.




回答2:


With a HTTPS proxy, the browser will send a CONNECT command for the proxy to establish a TCP connection to the destination server (e.g. https://www.google.com). After the proxy establishes the connection, it returns a OK message to the browser. Then the browser will start the SSL handshake with the destination server to initiate encrypted data transfer. The proxy must not interfere with the data. All that the proxy needs to do is to relay the flow of bytes between the browser and the destination server, that's it.



来源:https://stackoverflow.com/questions/14153662/java-https-connection-forwarding

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!