gpt4 book ai didi

c# - 使用 c# SslStream 的直接 SSL/TLS(无 CONNECT 消息)MITM 代理

转载 作者:行者123 更新时间:2023-11-30 21:50:41 25 4
gpt4 key购买 nike

我正在尝试使用 C# 创建一个本地 Windows MITM 代理,以处理来自一家已不存在的公司的现在不受支持的应用程序。

代理必须只服务一个 HTTPS 域,这是通过创建一个监听本地地址的代理来完成的:端口 127.0.0.1:443。

然后在主机文件中创建一个条目,即 127.0.0.1 my.single.domain.com。

当直接将域的条目添加到我的主机文件中时,我没有收到正常的“CONNECT”类型的 HTTP 请求,而是在套接字上收到直接的客户端问候,我可以看到下一步是发起握手。

但是,我不确定如何使用 C# SslStream 来处理这个问题。可以找到的大多数示例,包括在 MSDN 等地方,都是针对“CONNECT”类型代理的。

我是否需要创建两个 SslStreams 来处理这个问题。

最佳答案

回答我自己的问题,但也许会给其他人一些指导。这不是生产标准代码,但它可以工作。

public sealed class SslTcpProxy
{
static void Main(String[] args)
{
// Create a TCP/IP (IPv4) socket and listen for incoming connections.
TcpListener tcpListener = new TcpListener(IPAddress.Parse("127.0.0.1"), 443);
tcpListener.Start();

Console.WriteLine("Server listening on 127.0.0.1:433 Press enter to exit.");
Console.WriteLine();
Console.WriteLine("Waiting for a client to connect...");
Console.WriteLine();

// Application blocks while waiting for an incoming connection.
TcpClient tcpClient = tcpListener.AcceptTcpClient();
AcceptConnection(tcpClient);

Console.ReadLine();
tcpListener.Stop();
}

private static void AcceptConnection(TcpClient client)
{
try
{
// Using a pre-created certificate.
String certFilePath = Environment.CurrentDirectory + @"\certificates\server-cert.pfx";

X509Certificate2 certificate;

try
{
certificate = new X509Certificate2(certFilePath, "[CER_PASSWORD]");
}
catch (Exception ex)
{
throw new Exception($"Could not create the certificate from file from {certFilePath}", ex);
}

SslStream clientSslStream = new SslStream(client.GetStream(), false);
clientSslStream.AuthenticateAsServer(certificate, false, SslProtocols.Default, false);

// Display the properties and settings for the authenticated as server stream.
Console.WriteLine("clientSslStream.AuthenticateAsServer");
Console.WriteLine("------------------------------------");
DisplaySecurityLevel(clientSslStream);
DisplaySecurityServices(clientSslStream);
DisplayCertificateInformation(clientSslStream);
DisplayStreamProperties(clientSslStream);

Console.WriteLine();

// The Ip address of the server we are trying to connect to.
// Dont use the URI as it will resolve from the host file.
TcpClient server = new TcpClient("[SERVER_IP]", 443);
SslStream serverSslStream = new SslStream(server.GetStream(), false, SslValidationCallback, null);
serverSslStream.AuthenticateAsClient("[SERVER_NAME]");

// Display the properties and settings for the authenticated as server stream.
Console.WriteLine("serverSslStream.AuthenticateAsClient");
Console.WriteLine("------------------------------------");
DisplaySecurityLevel(serverSslStream);
DisplaySecurityServices(serverSslStream);
DisplayCertificateInformation(serverSslStream);
DisplayStreamProperties(serverSslStream);

new Task(() => ReadFromClient(client, clientSslStream, serverSslStream)).Start();
new Task(() => ReadFromServer(serverSslStream, clientSslStream)).Start();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw;
}

}

private static Boolean SslValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
return true;
}

private static void ReadFromServer(Stream serverStream, Stream clientStream)
{
Byte[] message = new Byte[4096];

Int32 serverBytes;

try
{
while ((serverBytes = serverStream.Read(message, 0, message.Length)) > 0)
{
clientStream.Write(message, 0, serverBytes);
}
}
catch
{
// Whatever
}
}

private static void ReadFromClient(TcpClient client, Stream clientStream, Stream serverStream)
{
Byte[] message = new Byte[4096];

FileInfo fileInfo = new FileInfo("client");

if (!fileInfo.Exists)
{
fileInfo.Create().Dispose();
}

using (FileStream stream = fileInfo.OpenWrite())
{
while (true)
{
Int32 clientBytes;

try
{
clientBytes = clientStream.Read(message, 0, message.Length);
}
catch
{
break;
}

if (clientBytes == 0)
{
break;
}

serverStream.Write(message, 0, clientBytes);
stream.Write(message, 0, clientBytes);
}

client.Close();
}
}

static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}

static void DisplaySecurityServices(SslStream stream)
{
Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
Console.WriteLine("IsSigned: {0}", stream.IsSigned);
Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);
}

static void DisplayStreamProperties(SslStream stream)
{
Console.WriteLine($"Can read: {stream.CanRead}, write {stream.CanWrite}");
Console.WriteLine($"Can timeout: {stream.CanTimeout}");
}

static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine($"Certificate revocation list checked: {stream.CheckCertRevocationStatus}");

X509Certificate localCertificate = stream.LocalCertificate;

if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}

// Display the properties of the client's certificate.
X509Certificate remoteCertificate = stream.RemoteCertificate;

if (stream.RemoteCertificate != null)
{
if (remoteCertificate != null)
{
Console.WriteLine(
$"Remote cert was issued to {remoteCertificate.Subject} and is valid from {remoteCertificate.GetEffectiveDateString()} until {remoteCertificate.GetExpirationDateString()}.");
}
}
else
{
Console.WriteLine("Remote certificate is null.");
}

}
}

关于c# - 使用 c# SslStream 的直接 SSL/TLS(无 CONNECT 消息)MITM 代理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36198931/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com