我想創建一個本地窗口MITM代理與C#來處理現在不存在的公司不支持的應用程序。直接SSL/TLS(沒有CONNECT消息)MITM代理使用C#SslStream
代理服務器只能通過創建監聽本地地址的代理服務器來服務一個HTTPS域:端口127.0.0.1:443。
然後創建主機文件中的條目,即127.0.0.1 my.single.domain.com。
在爲我的hosts文件直接添加一個條目時,我沒有得到正常的「CONNECT」類型的HTTP請求,而是在套接字上我收到一個直接的客戶端hello,我可以看到下一步正在開始握手。
但是,我不確定如何處理這個使用C#SslStream。包括MSDN在內的大多數示例都是針對「CONNECT」類型的代理。
我是否需要創建兩個SslStreams來處理這個問題。
回答我自己的問題,但也許它會給別人一些方向。這不是生產標準代碼,但它的工作原理。
public sealed class SslTcpProxy
{
static void Main(String[] args)
{
// Create a TCP/IP (IPv4) socket and listen for incoming connections.
TcpListener tcpListener = new TcpListener(IPAddress.Parse("127.0.0.1"), 443);
tcpListener.Start();
Console.WriteLine("Server listening on 127.0.0.1:433 Press enter to exit.");
Console.WriteLine();
Console.WriteLine("Waiting for a client to connect...");
Console.WriteLine();
// Application blocks while waiting for an incoming connection.
TcpClient tcpClient = tcpListener.AcceptTcpClient();
AcceptConnection(tcpClient);
Console.ReadLine();
tcpListener.Stop();
}
private static void AcceptConnection(TcpClient client)
{
try
{
// Using a pre-created certificate.
String certFilePath = Environment.CurrentDirectory + @"\certificates\server-cert.pfx";
X509Certificate2 certificate;
try
{
certificate = new X509Certificate2(certFilePath, "[CER_PASSWORD]");
}
catch (Exception ex)
{
throw new Exception($"Could not create the certificate from file from {certFilePath}", ex);
}
SslStream clientSslStream = new SslStream(client.GetStream(), false);
clientSslStream.AuthenticateAsServer(certificate, false, SslProtocols.Default, false);
// Display the properties and settings for the authenticated as server stream.
Console.WriteLine("clientSslStream.AuthenticateAsServer");
Console.WriteLine("------------------------------------");
DisplaySecurityLevel(clientSslStream);
DisplaySecurityServices(clientSslStream);
DisplayCertificateInformation(clientSslStream);
DisplayStreamProperties(clientSslStream);
Console.WriteLine();
// The Ip address of the server we are trying to connect to.
// Dont use the URI as it will resolve from the host file.
TcpClient server = new TcpClient("[SERVER_IP]", 443);
SslStream serverSslStream = new SslStream(server.GetStream(), false, SslValidationCallback, null);
serverSslStream.AuthenticateAsClient("[SERVER_NAME]");
// Display the properties and settings for the authenticated as server stream.
Console.WriteLine("serverSslStream.AuthenticateAsClient");
Console.WriteLine("------------------------------------");
DisplaySecurityLevel(serverSslStream);
DisplaySecurityServices(serverSslStream);
DisplayCertificateInformation(serverSslStream);
DisplayStreamProperties(serverSslStream);
new Task(() => ReadFromClient(client, clientSslStream, serverSslStream)).Start();
new Task(() => ReadFromServer(serverSslStream, clientSslStream)).Start();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw;
}
}
private static Boolean SslValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
return true;
}
private static void ReadFromServer(Stream serverStream, Stream clientStream)
{
Byte[] message = new Byte[4096];
while (true)
{
Int32 serverBytes;
try
{
serverBytes = serverStream.Read(message, 0, BufferSize);
clientStream.Write(message, 0, serverBytes);
}
catch
{
break;
}
if (serverBytes == 0)
{
break;
}
}
}
private static void ReadFromClient(TcpClient client, Stream clientStream, Stream serverStream)
{
Byte[] message = new Byte[4096];
FileInfo fileInfo = new FileInfo("client");
if (!fileInfo.Exists)
{
fileInfo.Create().Dispose();
}
using (FileStream stream = fileInfo.OpenWrite())
{
while (true)
{
Int32 clientBytes;
try
{
clientBytes = clientStream.Read(message, 0, BufferSize);
}
catch
{
break;
}
if (clientBytes == 0)
{
break;
}
serverStream.Write(message, 0, clientBytes);
stream.Write(message, 0, clientBytes);
}
client.Close();
}
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}
static void DisplaySecurityServices(SslStream stream)
{
Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
Console.WriteLine("IsSigned: {0}", stream.IsSigned);
Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);
}
static void DisplayStreamProperties(SslStream stream)
{
Console.WriteLine($"Can read: {stream.CanRead}, write {stream.CanWrite}");
Console.WriteLine($"Can timeout: {stream.CanTimeout}");
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine($"Certificate revocation list checked: {stream.CheckCertRevocationStatus}");
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}
// Display the properties of the client's certificate.
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
if (remoteCertificate != null)
{
Console.WriteLine(
$"Remote cert was issued to {remoteCertificate.Subject} and is valid from {remoteCertificate.GetEffectiveDateString()} until {remoteCertificate.GetExpirationDateString()}.");
}
}
else
{
Console.WriteLine("Remote certificate is null.");
}
}
}
您應該從您的答案中刪除抱怨並添加一些實際的評論。發佈代碼塊沒有太大的作用。此外,我已經寫了多個本地MITM程序,我想到了你的問題。我花了2年時間寫了我寫的最後一本地方MITM軟件,你在投訴前5個小時給了人們。我不會告訴你這是爲了開始一場戰鬥,我告訴你,因爲如果我敢說自己是一個人,那麼你就是一個專家,你完全不感興趣回答。這是需要考慮的事情。 –
會建議編輯你的問題,以減少問題的例子,並直接與有效的技術問題,否則人們會關閉它。 –
我已經大量編輯您的問題,嘗試使其有效和可回答。我不確定我是否成功,但只是一個參考,如果您不同意編輯,可以隨時回滾。 –
根據我的理解,您只需要Proxy Server能夠處理Client Hello而不是CONNECT。可能的是,您應該向我們提供有關代理服務器的更多信息,因此我們對它如何處理請求有一個想法,就像使用MVC一樣?等 – JOW