卡住编程 https 代理 - 下一步该怎么做？

Question

我目前正在制作一个位于浏览器和网络之间的代理。一切正常，除了 https。我在理解它的某些段落时遇到了麻烦，并且在网络上没有找到很多资源。所以我被困住了。

我使用的代码是：

conn, addr = server.accept()
request = conn.recv(9999) #get a CONNECT request
conn.send(b'HTTP/1.1 200 Connection estabilished\n\n')
enc_req = conn.recv(9999) #this gets an encrypted request
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #plaintext client 
client.connect((host, 443)) #connect to chosen host 
client.send(enc_req)
resp1 = client.recv(9999) #this gets something unreadable (encrypted?)
#could it be the certificate?

#now what?

resp1 我得到证书了吗？在那之后我需要做什么？ （或者，同理，https接下来通常会发生什么？）

附：我知道这个问题有点笼统，但请不要太严厉地评判我。我曾尝试在网上进行研究，但我一直在寻找的只是用于 ssl 的加密方法。我真的不知道该怎么做。

Answer 1

我还没有测试过这段代码（它主要是伪代码），但这应该让你知道你需要做什么。

conn, addr = server.accept()
request = conn.recv(9999) #get a CONNECT request
# Here, parse the CONNECT string and get the host and port (not sure if you were doing that already.

# Then, try to connect *before* you tell the client the connection was established (in case it fails)
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #plaintext client 
client.connect((host, 443)) #connect to chosen host 

conn.send(b'HTTP/1.1 200 Connection estabilished\n\n')

# Then loop until the connections are closed.
while True:
    # Read from the client, send the data to the server.
    enc_req = conn.recv(9999) #this gets an encrypted request
    client.send(enc_req)

    # Read from the server, send the data to the client.
    resp1 = client.recv(9999) #this gets something unreadable (encrypted?)
    #could it be the certificate?
    #now what?
    # The first time it's certainly the Client Hello message, not encrypted, but in a binary format indeed.
    # Just send everything you've just read to the server.
    conn.send(resp1)

这只是对您需要编写的循环概念的快速概述。实际上，您可能能够同时处理两者。您还希望在关闭连接时更加小心（允许它以任何顺序发生，同时仍中继任何一方发送的最后数据）。

Answer 2

如 cmets 中所述，处理加密的端到端流量的代理只能将其传递。

这是一个使用 circuits 编写的完全工作的代理，它已经通过传递和代理 SSH 流量进行了全面测试，因此即使涉及 SSL，它也应该与传递 TCP 代理一样工作：

#!/usr/bin/env python

from uuid import uuid4 as uuid

from circuits import Component
from circuits.net.events import close, connect, write
from circuits.net.sockets import TCPClient, TCPServer


class Client(Component):

    channel = "client"

    def init(self, sock, host, port, channel=channel):
        self.sock = sock
        self.host = host
        self.port = port

        TCPClient(channel=self.channel).register(self)

    def ready(self, *args):
        self.fire(connect(self.host, self.port))

    def disconnect(self, *args):
        self.fire(close(self.sock), self.parent.channel)

    def read(self, data):
        self.fire(write(self.sock, data), self.parent.channel)


class Proxy(Component):

    channel = "server"

    def init(self, bind, host, port):
        self.bind = bind
        self.host = host
        self.port = port

        self.clients = dict()

        TCPServer(self.bind).register(self)

    def connect(self, sock, host, port):
        channel = uuid()

        client = Client(
            sock, self.host, self.port, channel=channel
        ).register(self)

        self.clients[sock] = client

    def disconnect(self, sock):
        client = self.clients.get(sock)
        if client is not None:
            client.unregister()
            del self.clients[sock]

    def read(self, sock, data):
        client = self.clients[sock]
        self.fire(write(data), client.channel)


app = Proxy(("0.0.0.0", 3333), "127.0.0.1", 22)

from circuits import Debugger
Debugger().register(app)

app.run()