HTTP Proxy principle and HTTP tunnel technology (Classic)

Establish a connection with the proxy server through the HTTP protocol. Protocol signaling contains the IP address and port number of the remote host to be connected. If authentication is required, the authorization information must be added, after the server receives the signaling, it first performs authentication and establishes a connection with the remote host. After the connection is successful, it returns 200 to the client, indicating that the verification is successful, the specific signaling format is as follows:

Connect 124. XXX. XXX. XX: 443 HTTP/1.1 // port 443 is required to establish an HTTP Tunnel
Proxy-connection: keep-alive // the connection from the client to the server is valid continuously.
Content-Length: 0
HOST: 124. XXX. XXX. XX // host address
Proxy-authorization: Basic ytph // authentication information
User-Agent: openfetion // identifies the information of the requester, such as the browser type and version, operating system, and language used.

Here, proxy-authorization is the authentication information, and the string after basic is the base64 encoded result after the combination of the user name and password, that is, the username: Password is base64-encoded.

In fact, encoding is meaningless to security. base64 cannot be regarded as encrypted in strict sense. Currently, encryption of keys is not required in the era of information security.AlgorithmThe encoding method is more appropriate. The user name and password can be obtained immediately after such a package is captured.

HTTP/1.0 200 connection established

After receiving the received signaling, the client successfully establishes a connection. The data sent to the remote host can be sent to the proxy server, after the proxy server establishes a connection, it will cache the connection based on the IP address and port number. After receiving the signaling, it will find the corresponding connection from the cache based on the IP address and port number, forward data through this connection.

Simply put, the HTTP tunnel technology encapsulates all the data to be transmitted to the HTTP protocol for transmission. The HTTP tunnel technology supports almost all Internet access methods, such: dial-up Internet access, ADSL, cable modem, Nat transparent proxy, http get and Connect Proxy, socks4 proxy, and SOCKS5 proxy.

In addition, the HTTP tunneling technology is also used to create Trojans. For example, you can set the agent segment in the HTTP packet to IE, set the external port to 80, and then inject your pony into the IE process, which firewall can identify whether a trojan is sending data?