I have set proxy for my browser to my application hosted on localhost
this is a short snippet of the program
boost::asio::io_service ios;
ip::tcp::acceptor acceptor(io_service_,ip::tcp::endpoint("127.0.0.1", 12345))
ip::tcp::socket socket(ios);
acceptor_.async_accept(socket,
boost::bind(&acceptor::handle_accept,
this,
boost::asio::placeholders::error));
where this is my acceptor object.
How could I get origin request destination host and port of request redirected to my application?
Full code is here https://github.com/ArashPartow/proxy/blob/master/tcpproxy_server.cpp
You're pointing the "full code" link to a github repository from someone else. This code example accepts connections on a local port and will forward them to a remote machine. E.g. a connection on localhost to a remote webserver or a connection on your local port 8080 to a remote webserver.
On its command line, you provide the information where to listen for a connection (local) and where to connect to (remote).
I have a strong feeling you want something else: the inbound connection to tell you where to connect to (instead of a fixed remote). That's beyond this simple piece of C++ code.
Related
I am trying to write a c++ websocket server and have browser/chrome clients connect over websockets, for a multiplayer game. The websocket c++ library I'm using atm is websocketpp or websocket++. I wrote an app that allows clients to connect over ws and localhost, but when I add an ip for the address, connections don't occur at all. Now I think I have to use ssl and wss for ip connection? I tried it and there is some connection activity, but then the handshake times out. Could I be experiencing cross-orgin issues, or what, do i need ssl? I am new to websockets. Could the problem be my ssl certs I made with openssl? I can post code, or if you are familiar with a c++ library to do websockets, what is it? Is this even a possible thing to do?
There could be multiple reasons why it won't connect over ip.
The first is port forwarding. On a local network it's not necessary but running a server over a remote network, portforwarding has to be done. You can just run your server then use a simple port checker (there's many websites for them) to see if a connection can be established.
The other reason could be as you said ssl. If you are running your client on a web host, the host may require a connection to be made over ssl/wss for websockets. If your server isn't running a valid ssl certificate then this could prevent the client from connecting to your server. I know for exampe Github pages requires the server to be running wss or valid ssl certificates on the server side in order for a client connection to be established; however, if you use a custom domain name for Github pages then you can disable the need for ssl.
In order to get valid ssl certificates you would need to register a domain for your ip address then either buy certificates or use free certificates from zerossl or other distributors.
Here is a game I have written which connects to a c++ server which I'm running on my own machine with its own domain with valid ssl certificates and the client is running on github pages with a custom domain I have registered.
It's basically multiplayer minesweeper where the objective is to locate the flags rather than avoid them.
Recently i started to write a proxy(web debugging) software.
and handled the GET request well.
sometimes i get CONNECT messages from the client, so i connect to the target server and reply the client by "200 Connection Established".
is that it all??
because after it i don't get any messages
from the server or the client.
so i got confused.
I want to know all the steps of https CONNECT message request and responses until an https site(like https://google.com) gets loaded.
Thank you.
The CONNECT request is used to set up a connection tunnel. This is used mainly to allow access to https sites through an http proxy.
The web proxy is expected to set up a proxy connection to the indicated host, and then proxy the traffic between the two connections, until one or the other terminates.
After establishing the connection, you expect to see either the client or the server start sending something to the other. Your proxy code should be prepared, at any time, to receive more data from either the client or the server, to be forwarded to the other party. If not, your proxy is not doing something correctly. It is not your proxy's job to handle https negotiation. Once the connection is established, your proxy must transparently proxy all the data, and it is the client's and the server's task to talk https with each other.
So far, my proxy only deals HTTP connections on port 80: I'd like to improve it and make it manage HTTPS requests. Here's how it works:
the proxy is listening on a given port; Chrome can "see" the proxy thanks to SwitchyOmega plugin and connect the traffic on that given port.
The proxy reads the packet's header, gets the request (I parse only GET requests until now), e.g. GET http://www.google.it HTTP/1.1, gets the hostname parsing www.google.it, finds the IP address by resolving the hostname with gethostbyname and assumes the server port is number 80.
Now the proxy send to the server what it received from client by opening a socket: this socket is opened, binded, and then connected to the IP address I resolved before from the hostname.
I read here how to turn a socket into an SSL socket: after socket, bind, listen and accept syscalls, set what you need and pass the socket's file descriptor to SSL_set_fd so I can read and write data through the new SSL file descriptor.
What (most above all) bothers me is the creation of SSL context: if SSLv23_server_method is for servers and SSLv23_client_method is for clients, what should I use for my proxy?
I found no particular proxies configuration in OpenSSL documentation.
Thanks in advance for your help.
Edit: more detailed info about how the proxy works.
SSL/TLS has no concept of proxies, only point-to-point connections. Your proxy has a connection to the client, and a separate connection to the target server, and it is simply passing data between the two connections as needed. So the proxy has to secure (or not) those connections independently of each other, and how it must do that depends on how the client is asking the proxy to relay HTTP.
If the client sends a GET/POST/etc request to your proxy requesting an absolute HTTP URL, your proxy needs to connect to the target server without using SSL/TLS, and then relay the client's HTTP request and server's response back and forth. The client may or may not connect to your proxy using SSL/TLS. If it does, that session is only between the client and your proxy, and the data read from, and sent to, the client is encrypted/decrypted accordingly.
If the client sends a GET/POST/etc request to your proxy requesting an absolute HTTPS URL, your proxy needs to connect to the target server and establish its own SSL/TLS session with the server, and then relay the client's HTTP request and server's response back and forth. The proxy is acting as a client to the server, so use a client-based method (sslv23_client_method(), etc). The real client may or may not connect to your proxy using SSL/TLS. If it does, that session is only between the client and your proxy, and the data read from, and sent to, the client is encrypted/decrypted accordingly, separate from the encryption used on the server connection.
If the client sends a CONNECT request to your proxy, the proxy needs to connect to the requested host/port and then pass raw data back and forth as-is. No SSL/TLS is involved on the proxy's part. If the proxy handled the client's or server's SSL/TLS data, it would be acting as a MITM attacker, something SSL/TLS is designed to prevent. If the connection to the server is successful, the client and server (not the proxy) would secure their respective endpoints with SSL/TLS so they are talking to each other directly (needed for exchanging certificates and keys, and validating identities). The SSL/TLS handshake, and subsequent encrypted HTTP request/response data, would pass through the proxy as-is. The proxy would only be able to see the raw encrypted data, not the HTTP data, since only the client and server have the keys needed to decrypt the data.
I would like if it's possible to communicate with a port and send to it some information.
But , when trying to open:
http://localhost:8080
even with a browser : it gives me :
Oops! Google Chrome could not connect to localhost:8080
Can you help me with this?
The browser is attempting to read from port 8080 but there is no process listening to that port. You need to understand how to activate a process on that port so the browser has something to talk to. If you are using Visual Studio, try using their example of a simple console app to listen on that port. Take a look at: http://msdn.microsoft.com/en-us/library/system.net.httplistener.aspx Have fun...
According to the answer of Bitfiddler:
The browser is attempting to read from port 8080 but there is no process listening to that port. You need to understand how to activate a process on that port so the browser has something to talk to
I have a problem with deploying my web service in our Web server. In my
development machine (inside of our LAN), everything works fine. When I move
the application into our Web server (public addressed), I always get the
timeout exception. while i connecting the web service through my web browser it works fine with no issues, but through application am getting the timeout error. My app connects to our database server (inside of our LAN) to get statistical data in form of datasets. can i know the issue about this point.
That is most likely a firewall/port forwarding issue.
Did I understand you correctly: Your client application connects to the database server directly?
You should check which port you are using to connect to the database server.
Then check if the web server has an active firewall and if so, configure it properly to accept connections on that port.
You can always easily check if a port is open and reachable by using telnet:
On the command line type telnet MY_IP MY_PORT.
If a connection can be established the port is open.