Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local http proxy doesn't work #17

Closed
nutinshell opened this issue Jun 20, 2019 · 4 comments
Closed

local http proxy doesn't work #17

nutinshell opened this issue Jun 20, 2019 · 4 comments

Comments

@nutinshell
Copy link

Hi dev, thanks for this great app, it seems promising and real performance focus, that's good. I did a quick play with it, but in the local config, I changed socks to http, curl test failed. Any suggestion?

~ % curl -x 127.0.0.1:1080 example.com
curl: (52) Empty reply from server
 ~ % curl -x 127.0.0.1:1080 https://example.com
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to example.com:443

[0620/220004.704968:INFO:naive_proxy_bin.cc(131)] Proxying via https://myproxy.com:2015
[0620/220004.705350:INFO:naive_proxy_bin.cc(467)] Listening on 127.0.0.1:1080
[0620/220016.430001:INFO:naive_proxy.cc(162)] Connection 1 closed: ERR_INVALID_ARGUMENT
[0620/220031.058048:INFO:naive_connection.cc(197)] Connection 2 to example.com:443
[0620/220031.079902:ERROR:ssl_client_socket_impl.cc(946)] handshake failed; returned -1, SSL error code 1, net_error -100
[0620/220031.080009:INFO:naive_proxy.cc(162)] Connection 2 closed: ERR_PROXY_CONNECTION_FAILED
@klzgrad
Copy link
Owner

klzgrad commented Jun 22, 2019

The http proxy here is only implemented as far as to get the http/2 proxy channel up. It only supports CONNECT method so you can put Naive server behind a regular reverse proxy with Naive client. Putting Naive server behind a regular server defeats traffic fingerprinting.

Proxying regular non-https traffic is not implemented because I think http proxying is only less efficient than socks proxying. You wouldn't want to use it as a regular http proxy.

So curl -x 127.0.0.1:1080 example.com is expected to not work. But curl -x 127.0.0.1:1080 https://example.com should work and it just worked for me. You can try again.

@nutinshell
Copy link
Author

no luck for me, but it's not a big deal here since it can't be used for standard http proxy :)

* Rebuilt URL to: https://www.google.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.1 (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.58.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Padding: .....................................................
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

@klzgrad
Copy link
Owner

klzgrad commented Jun 22, 2019

Did you run Naive with padding? curl won't be able to handle that.

Run curl with --trace - to see what goes on.

@klzgrad
Copy link
Owner

klzgrad commented Jun 23, 2019

I'll consider the second issue as missing --padding option. The first issue is wontfix.

@klzgrad klzgrad closed this as completed Jun 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nutinshell @klzgrad