How to send Client Hello through http proxy tunnel-Golang-php.cn

How to send Client Hello through http proxy tunnel

王林

Release： 2024-02-12 18:06:15

forward

529 people have browsed it

如何通过 http 代理隧道发送 Client Hello

Question content

I have a client that will establish a tls connection to a backend service.

There are two situations I encountered.

Direct network: client--->server
In this environment, the client connects directly to the server, as shown in the following code.

var d tls.dialer
   //...
   d.config = &tls.config{
        //...
   }
   //...
   c1 := d.dial("tcp", addr)

Copy after login

Proxy network: client--->proxy--->server

In this environment, the client is behind an http proxy and the client needs to utilize the proxy http tunnel to forward traffic between the client and the server.

I use golang.org/x/net/proxy on the client side to connect to the proxy, because the proxy is an http proxy, the client should use net.dialer to connect to the proxy through tcp.

dailer, err := proxy.FromURL(proxy, &net.Dialer{
        Timeout:   TCP_CONNECT_TIMEOUT,
        KeepAlive: TCP_KEEPALIVE_TIMEOUT,
    })
   c2 := dailer.Dial("tcp", addr)

Copy after login

Case 1, the client starts the tls connection. In the network traffic packet, the client triggers the tcp connection. After 3 handshakes, the client sends client hello to the server.

In case 2, the client first uses tcp to connect to the http proxy (for example 10.0.0.1:8080), next, sends connect to the proxy, and then the proxy returns connectionestablished, But the client does not send client hello to the server.

For case2, I don't know how and where to implement sending client hello on the client side?

Thanks in advance.

Solution

After searching go doc, I found the solution. I hope it will be useful to people who encounter similar problems later.

In tls, there is a function client that can be built from an existing network. Conn, then use Handshake

tlsConn := tls.Client(conn, &tls.Config{
    Certificates:       []tls.Certificate{*cert},
    InsecureSkipVerify: true,
    ServerName:         sni,
    ClientAuth:         tls.RequestClientCert,
})
err = tlsConn.Handshake()

Copy after login

The above is the detailed content of How to send Client Hello through http proxy tunnel. For more information, please follow other related articles on the PHP Chinese website!