我正在尝试通过鱿鱼代理使用 Curl 发出 HTTPS 请求。我知道鱿鱼代理可以工作,因为我已经为我的浏览器设置了它并且工作正常。我已经尝试使用这里的几乎所有答案并搜索了其他几个网站,但没有任何结果。
一些示例搜索和结果:1) 使用内联基本身份验证: curl -x https://user:pass@host:port https://www.google.com -v
结果:
Establish HTTP proxy tunnel to www.google.com:443
Proxy auth using Basic with user 'username'
CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com:443
Proxy-Authorization: Basic abaskldfja1fiopweifj=
User-Agent: curl/7.47.0
Proxy-Connection: Keep-Alive
Recv failure: Connection reset by peer
Received HTTP code 0 from proxy after CONNECT
Closing connection 0
curl: (56) Recv failure: Connection reset by peer
2)使用环境变量(https_proxy和http_proxy):相同的结果
3)将凭据放入参数curl -x https://host:port https://www.google.com -v --proxy-user user:pass::相同的结果
关于我可能做错了什么的任何猜测?
您没有提供足够的信息来确定您遇到问题的原因。
\n例如:
\n你的鱿鱼https代理是如何配置的?代理是在拼接模式还是凹凸模式下运行?
\n您绝对确定您的代理正在工作吗?
\n您是否尝试通过 http 或 https 连接到任何其他网站?
\n他们是否设置了其他代理身份验证选项?可以使用代理的 IP 地址有限制吗?您配置了什么身份验证选项?在没有启用身份验证的情况下它可以工作吗?
\n不管怎样,出于我自己的原因,我也需要这样做。我首先在“拼接所有”模式下配置代理,这是仅显示标头的结果:
\n$ curl -x 10.10.1.1:3128 -I https://www.google.com/\nHTTP/1.1 200 Connection established\n\nHTTP/2 200\ncontent-type: text/html; charset=ISO-8859-1\np3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."\ndate: Mon, 04 Apr 2022 12:14:56 GMT\nserver: gws\nx-xss-protection: 0\nx-frame-options: SAMEORIGIN\nexpires: Mon, 04 Apr 2022 12:14:56 GMT\ncache-control: private\n[snip]\n接下来,我将代理配置为“拼接白名单,否则碰撞”模式,然后再次尝试:
\n# curl -x 10.10.1.1:3128 -I https://www.google.com/\nHTTP/1.1 200 Connection established\n\ncurl: (60) SSL certificate problem: self signed certificate in certificate chain\nMore details here: https://curl.se/docs/sslcerts.html\n\ncurl failed to verify the legitimacy of the server and therefore could not\nestablish a secure connection to it. To learn more about this situation and\nhow to fix it, please visit the web page mentioned above.\n这是预料之中的。
\n使用 -k 选项可以让它工作(忽略证书错误):
\n# curl -x 10.10.1.1:3128 -I https://www.google.com/ -k\nHTTP/1.1 200 Connection established\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=ISO-8859-1\nP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."\nDate: Mon, 04 Apr 2022 12:34:21 GMT\nServer: gws\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nExpires: Mon, 04 Apr 2022 12:34:21 GMT\nCache-Control: private\n[snip]\n或使用 https 代理设置中定义的证书:
\n$ curl -x 10.10.1.1:3128 --cacert ~/test/my-MITM.crt -I https://www.google.com/\nHTTP/1.1 200 Connection established\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=ISO-8859-1\nP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."\nDate: Mon, 04 Apr 2022 12:35:06 GMT\nServer: gws\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nExpires: Mon, 04 Apr 2022 12:35:06 GMT\nCache-Control: private\n[snip]\n接下来,我启用了身份验证(仍处于碰撞模式,忽略证书错误),但它并不像预期的那样
\n$ curl -x 10.10.1.1:3128 -k -I https://www.google.com/\nHTTP/1.1 407 Proxy Authentication Required\nServer: squid/4.15\nMime-Version: 1.0\nDate: Mon, 04 Apr 2022 12:40:46 GMT\nContent-Type: text/html;charset=utf-8\nContent-Length: 3532\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\nVary: Accept-Language\nContent-Language: en\nProxy-Authenticate: Basic realm="Please enter your credentials to access the proxy"\nX-Cache: MISS from pfsense\nX-Cache-Lookup: NONE from pfsense:3128\nVia: 1.1 pfsense (squid/4.15)\nConnection: keep-alive\n\ncurl: (56) Received HTTP code 407 from proxy after CONNECT\n那么让我们尝试一下身份验证:
\n$ curl -x hello:world@10.10.1.1:3128 -k -I https://www.google.com/\nHTTP/1.1 200 Connection established\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=ISO-8859-1\nP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."\nDate: Mon, 04 Apr 2022 12:43:09 GMT\nServer: gws\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nExpires: Mon, 04 Apr 2022 12:43:09 GMT\nCache-Control: private\n[snip]\n我们很好。
\n由于您的错误与我所看到的任何内容都不相符,我想我应该再尝试一项练习。我没有将协议指定为代理服务器定义的一部分,而是将其添加到:
\n$ curl -x https://hello:world@10.10.1.1:3128 -k -I https://www.google.com/\ncurl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number\n啊。有趣的。让我们了解一些细节:
\n$ curl -x https://hello:world@10.10.1.1:3128 -k -I https://www.google.com/ -v\n* Trying 10.10.1.1...\n* TCP_NODELAY set\n* Connected to 10.10.1.1 (10.10.1.1) port 3128 (#0)\n* ALPN, offering http/1.1\n* successfully set certificate verify locations:\n* CAfile: /etc/ssl/cert.pem\n CApath: none\n* TLSv1.2 (OUT), TLS handshake, Client hello (1):\n* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number\n* Closing connection 0\ncurl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number\n这看起来更接近你的错误。
\n最终测试,为代理服务器指定http而不是https
\n$ curl -x http://hello:world@10.10.1.1:3128 -k -I https://www.google.com/\nHTTP/1.1 200 Connection established\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=ISO-8859-1\nP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."\nDate: Mon, 04 Apr 2022 12:51:27 GMT\nServer: gws\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nExpires: Mon, 04 Apr 2022 12:51:27 GMT\nCache-Control: private\n[snip]\n就这样,这对我来说已经足够了。
\n我在这里猜测,但看起来如果您指定一个协议作为代理字符串的一部分,它将尝试使用该协议与代理服务器进行通信。因此,使用 http://,或者像我原来那样不指定它就可以了,但是一旦我说 https: ... \xe2\x98\xa0\xef\xb8\x8f\xe2\x98\xa0\xef \xb8\x8f\xe2\x98\xa0\xef\xb8\x8f
\n我希望这对那些对这些琐事感兴趣的人有所帮助。
\n