Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Proxy HTTPS never receives data from either client or server
18 views
Skip to first unread message
elmazzun
Apr 3, 2016, 4:00:42 PM4/3/16
to
My proxy HTTPS, dealing with `CONNECT` HTTP requests from client, manages to connect immediately to the requested remote server after:
1. opening a socket to remote server;
2. setting the socket to non blocking mode;
3. attempting `connect()` checking for `if ((connect_res == -1) && (errno != EINPROGRESS))`;
4. looping with `select()` checking if server socket is ready to send or receive data in the following way:
if ((conn_res == -1) && (errno != EINPROGRESS)) {
do {
FD_ZERO(&rdset);
FD_SET(sockfd_server, &rdset);
wrset = rdset;
tv.tv_sec = 0;
tv.tv_usec = 0;
select_res = select(sockfd_server+1, &rdset, &wrset, NULL, &tv);
} while ((select_res == -1) && (errno == EINTR));
printf("connection OK\n");
} else {
printf("connected immediately\n");
}
5. setting socket back to blocking mode;
6. sending `"HTTP/1.1 200 Connection established\r\n"`to the client after successfull `connect()`.
Now I should be ready to forward data from client to server and from server to client when data are available from one of the two sides of connection, but it never succeeds.
Here's the code that should forward data from both sides of connection:
void proxyHTTPS(int new_sockfd_client, int sockfd_server) {
printf("starting proxyHTTPS\n");
fd_set fdset;
int maxp1 = sockfd_server > new_sockfd_client ? sockfd_server+1 : new_sockfd_client+1;
int r;
int read_from_client = 0;
int read_from_server = 0;
int send_to_client = 0;
int send_to_server = 0;
struct timeval timeout;
char https_buf[4096];
int https_buf_size = sizeof(https_buf);
memset(https_buf, 0, https_buf_size);
// tried 0, 5, 10, 20, 30, 60 seconds timeout,
// still got this problem
timeout.tv_sec = 10;
timeout.tv_usec = 0;
while (true) {
FD_ZERO(&fdset);
FD_SET(new_sockfd_client, &fdset);
FD_SET(sockfd_server, &fdset);
timeout.tv_sec = 10;
timeout.tv_usec = 0;
r = select(maxp1, &fdset, NULL, NULL, &timeout);
if (r == -1) {
perror("select()");
break;
}
if (r == 0) { // select timed out
printf("proxyHTTPS: select() request timeout 408\n");
break;
}
if ((!FD_ISSET(new_sockfd_client, &fdset)) && ((!FD_ISSET(sockfd_server, &fdset)))) {
printf("proxyHTTPS: SELECT sockfd not responding\n");
break;
}
else if (FD_ISSET(new_sockfd_client, &fdset)) {
printf("proxyHTTPS: reading from client and sending to server\n");
do {
read_from_client = recv(new_sockfd_client, https_buf, https_buf_size, 0);
if (read_from_client > 0) {
send_to_server = send(sockfd_server, https_buf, read_from_client, 0);
if (send_to_server <= 0) {
printf("proxyHTTPS: failed sending to server\n");
perror("proxyHTTPS send to server:");
break;
}
} else if (read_from_client == 0) {
printf("proxyHTTPS client sent 0 bytes\n");
} else {
perror("proxyHTTPS read from client:");
}
} while (read_from_client > 0);
break;
}
else if (FD_ISSET(sockfd_server, &fdset)) {
printf("proxyHTTPS: reading from server and sending to client\n");
do {
read_from_server = recv(sockfd_server, https_buf, https_buf_size, 0);
if (read_from_server > 0) {
send_to_client = send(new_sockfd_client, https_buf, read_from_server, 0);
if (send_to_client <= 0) {
printf("proxyHTTPS: failed sending to client\n");
perror("proxyHTTPS send to client:");
break;
}
} else if (read_from_server == 0) {
printf("proxyHTTPS server sent 0 bytes\n");
} else {
perror("proxyHTTPS read from server:");
}
} while (read_from_server > 0);
break;
}
}
printf("quitting proxyHTTPS\n");
}
This is, e.g., a `CONNECT` request the proxy gets from client:
CONNECT www.youtube.com:443 HTTP/1.1
Host: www.youtube.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
/r/n
If client sends `CONNECT www.netflix.com:443 HTTP/1.1`, my proxy fails and on terminal prints:
setting non block socket
connected immediately
setting block socket
54.228.227.144:443 OK
CONNECT: send to client HTTP/1.1 200 Connection established
starting proxyHTTPS
proxyHTTPS: reading from server and sending to client
proxyHTTPS read from server: Connection refused
quitting proxyHTTPS
If clients sends `CONNECT www.youtube.com:443 HTTP/1.1`, my proxy fails again and shows:
setting non block socket
connected immediately
setting block socket
216.58.201.238:443 OK
CONNECT: send to client HTTP/1.1 200 Connection established
starting proxyHTTPS
select(): Operation now in progress
proxyHTTPS: select() request timeout 408
quitting proxyHTTPS
I think i did all the steps I was told to do in order to establish a tunnel between client and server, `connect()` is always ok, so mistakes must be in my `proxyHTTPS`. I have no clue!
1. opening a socket to remote server;
2. setting the socket to non blocking mode;
3. attempting `connect()` checking for `if ((connect_res == -1) && (errno != EINPROGRESS))`;
4. looping with `select()` checking if server socket is ready to send or receive data in the following way:
if ((conn_res == -1) && (errno != EINPROGRESS)) {
do {
FD_ZERO(&rdset);
FD_SET(sockfd_server, &rdset);
wrset = rdset;
tv.tv_sec = 0;
tv.tv_usec = 0;
select_res = select(sockfd_server+1, &rdset, &wrset, NULL, &tv);
} while ((select_res == -1) && (errno == EINTR));
printf("connection OK\n");
} else {
printf("connected immediately\n");
}
5. setting socket back to blocking mode;
6. sending `"HTTP/1.1 200 Connection established\r\n"`to the client after successfull `connect()`.
Now I should be ready to forward data from client to server and from server to client when data are available from one of the two sides of connection, but it never succeeds.
Here's the code that should forward data from both sides of connection:
void proxyHTTPS(int new_sockfd_client, int sockfd_server) {
printf("starting proxyHTTPS\n");
fd_set fdset;
int maxp1 = sockfd_server > new_sockfd_client ? sockfd_server+1 : new_sockfd_client+1;
int r;
int read_from_client = 0;
int read_from_server = 0;
int send_to_client = 0;
int send_to_server = 0;
struct timeval timeout;
char https_buf[4096];
int https_buf_size = sizeof(https_buf);
memset(https_buf, 0, https_buf_size);
// tried 0, 5, 10, 20, 30, 60 seconds timeout,
// still got this problem
timeout.tv_sec = 10;
timeout.tv_usec = 0;
while (true) {
FD_ZERO(&fdset);
FD_SET(new_sockfd_client, &fdset);
FD_SET(sockfd_server, &fdset);
timeout.tv_sec = 10;
timeout.tv_usec = 0;
r = select(maxp1, &fdset, NULL, NULL, &timeout);
if (r == -1) {
perror("select()");
break;
}
if (r == 0) { // select timed out
printf("proxyHTTPS: select() request timeout 408\n");
break;
}
if ((!FD_ISSET(new_sockfd_client, &fdset)) && ((!FD_ISSET(sockfd_server, &fdset)))) {
printf("proxyHTTPS: SELECT sockfd not responding\n");
break;
}
else if (FD_ISSET(new_sockfd_client, &fdset)) {
printf("proxyHTTPS: reading from client and sending to server\n");
do {
read_from_client = recv(new_sockfd_client, https_buf, https_buf_size, 0);
if (read_from_client > 0) {
send_to_server = send(sockfd_server, https_buf, read_from_client, 0);
if (send_to_server <= 0) {
printf("proxyHTTPS: failed sending to server\n");
perror("proxyHTTPS send to server:");
break;
}
} else if (read_from_client == 0) {
printf("proxyHTTPS client sent 0 bytes\n");
} else {
perror("proxyHTTPS read from client:");
}
} while (read_from_client > 0);
break;
}
else if (FD_ISSET(sockfd_server, &fdset)) {
printf("proxyHTTPS: reading from server and sending to client\n");
do {
read_from_server = recv(sockfd_server, https_buf, https_buf_size, 0);
if (read_from_server > 0) {
send_to_client = send(new_sockfd_client, https_buf, read_from_server, 0);
if (send_to_client <= 0) {
printf("proxyHTTPS: failed sending to client\n");
perror("proxyHTTPS send to client:");
break;
}
} else if (read_from_server == 0) {
printf("proxyHTTPS server sent 0 bytes\n");
} else {
perror("proxyHTTPS read from server:");
}
} while (read_from_server > 0);
break;
}
}
printf("quitting proxyHTTPS\n");
}
This is, e.g., a `CONNECT` request the proxy gets from client:
CONNECT www.youtube.com:443 HTTP/1.1
Host: www.youtube.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
/r/n
If client sends `CONNECT www.netflix.com:443 HTTP/1.1`, my proxy fails and on terminal prints:
setting non block socket
connected immediately
setting block socket
54.228.227.144:443 OK
CONNECT: send to client HTTP/1.1 200 Connection established
starting proxyHTTPS
proxyHTTPS: reading from server and sending to client
proxyHTTPS read from server: Connection refused
quitting proxyHTTPS
If clients sends `CONNECT www.youtube.com:443 HTTP/1.1`, my proxy fails again and shows:
setting non block socket
connected immediately
setting block socket
216.58.201.238:443 OK
CONNECT: send to client HTTP/1.1 200 Connection established
starting proxyHTTPS
select(): Operation now in progress
proxyHTTPS: select() request timeout 408
quitting proxyHTTPS
I think i did all the steps I was told to do in order to establish a tunnel between client and server, `connect()` is always ok, so mistakes must be in my `proxyHTTPS`. I have no clue!
Paavo Helde
Apr 3, 2016, 5:42:45 PM4/3/16
to
group? Maybe you wanted a C group, or more probably a networking or
encryption related group (as it seems the problems appear at the
protocol level).
If you want to just do some port forwarding, why don't you just use ssh
or some similar tools? And if you want to carry out some
man-in-the-middle attacks in an encrypted channel then it is a good
thing if you do not succeed.
Cheers
Paavo
elmazzun
Apr 3, 2016, 5:49:24 PM4/3/16
to
I did not want to perform any MITM attack, my proxy would just connect the client to the requested remote server, HTTP or HTTPS.
What would be the right thing to do, apart posting this question in the right group?
Should I cancel this question?
Paavo Helde
Apr 3, 2016, 6:15:16 PM4/3/16
to
to say why "ssh -D ..." is not sufficient for your needs. But this has
really nothing to do with C++, so you might get better answers from some
other group with 'networking' or 'socket' in their names.
Cheers
Paavo
PS. Cancelling something in Usenet is next to impossible.
elmazzun
Apr 3, 2016, 6:19:58 PM4/3/16
to
Sorry, this is the foundation of my thesis, I have to write my own code to implement an HTTP proxy.
Thanks for your advices!
Thanks for your advices!
Paavo Helde
Apr 3, 2016, 6:48:05 PM4/3/16
to
On 4.04.2016 0:19, elmazzun wrote:
> Sorry, this is the foundation of my thesis, I have to write my own code to implement an HTTP proxy.
> Thanks for your advices!
>
If you intend to do this in C++, then I suggest using the Boost.asio
> Sorry, this is the foundation of my thesis, I have to write my own code to implement an HTTP proxy.
> Thanks for your advices!
>
library. This would take care of some platform-specific low-level socket
manipulation and (optionally) multi-threading scalable server
capabilities while leaving the (presumably important for the thesis)
HTTP protocol level programming to you.
Of course, if the thesis also involves low-level socket twiddling then
using a library is not an option.
0 new messages