带有本地设备服务器的 iOS 数据包隧道提供程序

Question

我正在使用 Apple 提供的网络扩展框架来构建类似于 iOS 的 Charles Proxy 和 Surge 4 的数据包嗅探/监控应用程序。
到目前为止，我已经启动并运行了项目的基本结构，主应用程序触发了 PacketTunnelProvider 扩展，在那里我可以看到通过 packetFlow.readPackets(completionHandler:) 方法转发的数据包。我的背景不是网络，所以我对这些应用程序的基本结构感到困惑。他们是否在设备上托管了一个服务器，作为拦截网络请求的代理？任何人都可以提供网络请求的一般流程图吗？ IE。 Packet Tunnel Provider、Proxy Server、Virtual Interface 和 Tunnel 之间的关系是什么？
如果这些应用确实使用本地设备服务器，您如何配置 NEPacketTunnelNetworkSettings 以允许连接？我曾尝试合并本地设备上的服务器，例如 GCDWebServer，但没有成功在两者之间建立链接。
例如，如果 GCDWebServer 可在 192.168.1.231:8080 访问，我将如何更改下面的代码以便客户端与服务器通信？
主应用程序:

    let proxyServer = NEProxyServer(address: "192.168.1.231", port: 8080)
    
    let proxySettings = NEProxySettings()
    proxySettings.exceptionList = []
    proxySettings.httpEnabled = true
    proxySettings.httpServer = proxyServer
    
    let providerProtocol = NETunnelProviderProtocol()
    providerProtocol.providerBundleIdentifier = self.tunnelBundleId
    providerProtocol.serverAddress = "My Server"
    providerProtocol.providerConfiguration = [:]
    providerProtocol.proxySettings = proxySettings
    
    let newManager = NETunnelProviderManager()
    newManager.localizedDescription = "Custom VPN"
    newManager.protocolConfiguration = providerProtocol
    newManager.isEnabled = true
    saveLoadManager()
    self.vpnManager = newManager

PacketTunnelProviderExtension:

func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
  ...
        let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.143")
        settings.ipv4Settings = NEIPv4Settings(addresses: ["198.17.203.2"], subnetMasks: ["255.255.255.255"])
        settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
        settings.ipv4Settings?.excludedRoutes = []
        settings.dnsSettings = NEDNSSettings(servers: ["8.8.8.8", "8.8.4.4"])

        settings.dnsSettings?.matchDomains = [""]
        self.setTunnelNetworkSettings(settings) { error in
            if let e = error {
                NSLog("Settings error %@", e.localizedDescription)
            } else {
                completionHandler(error)
                self.readPackets()
            }
        }
  ...
}

Answer 1

我正在开发 Proxyman 的 iOS 版本，我的经验可以帮助您:

Do they host a server on the device that acts as the proxy which intercepts network requests?

是的，您必须在网络扩展(不是主应用程序)上启动监听器才能充当代理服务器。您可以使用 Swift NIO 或 CocoaAsyncSocket 编写一个简单的代理服务器。
拦截HTTPS流量，是一个相当大的挑战，这里就不多说了，超出了范围。

Could anyone provide a diagram of the general flow of the network requests?

由于网络扩展和主应用程序是两个不同的进程，因此它们不能像普通应用程序一样直接通信。
因此，流程可能如下所示:
Internet -> iPhone -> 您的网络扩展 (VPN) -> 转发到您的本地代理服务器 -> 拦截或监控 -> 保存到本地数据库(在共享容器组中) -> 再次转发到目标服务器。
从主应用程序中，您可以通过读取本地数据库来接收数据。

how do you configure the NEPacketTunnelNetworkSettings to allow for a connection?

在 Network 扩展中，让我们在 Host:Port 处启动一个代理服务器，然后初始化 NetworkSetting，就像示例一样:

    private func initTunnelSettings(proxyHost: String, proxyPort: Int) -> NEPacketTunnelNetworkSettings {
    let settings: NEPacketTunnelNetworkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1")

    /* proxy settings */
    let proxySettings: NEProxySettings = NEProxySettings()
    proxySettings.httpServer = NEProxyServer(
        address: proxyHost,
        port: proxyPort
    )
    proxySettings.httpsServer = NEProxyServer(
        address: proxyHost,
        port: proxyPort
    )
    proxySettings.autoProxyConfigurationEnabled = false
    proxySettings.httpEnabled = true
    proxySettings.httpsEnabled = true
    proxySettings.excludeSimpleHostnames = true
    proxySettings.exceptionList = [
        "192.168.0.0/16",
        "10.0.0.0/8",
        "172.16.0.0/12",
        "127.0.0.1",
        "localhost",
        "*.local"
    ]
    settings.proxySettings = proxySettings

    /* ipv4 settings */
    let ipv4Settings: NEIPv4Settings = NEIPv4Settings(
        addresses: [settings.tunnelRemoteAddress],
        subnetMasks: ["255.255.255.255"]
    )
    ipv4Settings.includedRoutes = [NEIPv4Route.default()]
    ipv4Settings.excludedRoutes = [
        NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
        NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
        NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0")
    ]
    settings.ipv4Settings = ipv4Settings

    /* MTU */
    settings.mtu = 1500

    return settings
}

然后启动VPN，

let networkSettings = initTunnelSettings(proxyHost: ip, proxyPort: port)

// Start
setTunnelNetworkSettings(networkSettings) { // Handle success }

然后将包转发到您的本地代理服务器:

let endpoint = NWHostEndpoint(hostname: proxyIP, port: proxyPort)
self.connection = self.createTCPConnection(to: endpoint, enableTLS: false, tlsParameters: nil, delegate: nil)

    packetFlow.readPackets {[weak self] (packets, protocols) in
        guard let strongSelf = self else { return }
        for packet in packets {
            strongSelf.connection.write(packet, completionHandler: { (error) in
            })
        }

        // Repeat
        strongSelf.readPackets()
    }

从那里，您的本地服务器可以接收包然后转发到目标服务器。