问题
I'm writing a simple program in Java
that receives connection requests from a browser (like Firefox), parses the request for statistical info, then forwards the request to the original destination. The program then reads the response from the destination, parses the response for statistical info, then forwards the response to the browser.
The pseudo code of this operation is as follows:
// Accept connection from browser and read request
1. Socket browserConnection = serverSocket.accept();
2. browserConnection.getInputStream().read(buffer);
3. SocketInetAddress destInetAddress = parseHttpRequest(buffer);
// Connect to destination and forward request
4. Socket destConnection = new Socket(destInetAddress);
5. destConnection.getOutputStream().write(buffer);
// Read response from destination
6. destConnection.getInputStream().read(buffer);
7. parseHttpResponse(buffer);
// Forward response to browser
8. browserConnection.getOutputStream().write(buffer);
This works well with HTTP connections, but I'm getting connection reset
for HTTPS connections.
NOTE : I know the difference between HTTP and HTTPS connections, that unlike HTTP, it's NOT just a one-time send
and then some receives
. My code for HTTPS reads
as much as needed, and also writes
as much as needed.
Why am I getting connection resets from any HTTPS server (e.g. https://www.google.com, https://www.comodo.com, etc.) I try to connect ?!
回答1:
HTTPS is secured to keep man-in-the-middle attacks from happening. What you're talking about, whether it's legitimate or not, is what a man-in-the-middle attack looks like. With HTTPS you can't just intercept packets meant for another destination and read them. You can, however, have the packets directed at you, provide the client with your security certificate, decode the packets, do whatever you want with them, re-encode them, and pass them on to another destination. The difference is, the client has to know you exist and who you are. Otherwise, it won't be able to communicate with you using HTTPS.
回答2:
With a HTTPS proxy, the browser will send a CONNECT
command for the proxy to establish a TCP connection to the destination server (e.g. https://www.google.com). After the proxy establishes the connection, it returns a OK
message to the browser. Then the browser will start the SSL handshake with the destination server to initiate encrypted data transfer. The proxy must not interfere with the data. All that the proxy needs to do is to relay the flow of bytes between the browser and the destination server, that's it.
来源:https://stackoverflow.com/questions/14153662/java-https-connection-forwarding