Anorov
Support for ssl.wrap_socket?
I'll try to debug later when I have more free time but I'm getting:
Exception in thread 2:
Traceback (most recent call last):
File "/usr/lib/python3.4/threading.py", line 920, in _bootstrap_inner
self.run()
File "/usr/lib/python3.4/threading.py", line 868, in run
self._target(*self._args, **self._kwargs)
File "/home/mike/Desktop/Projects/Python/HttpRace/HttpRace.py", line 166, in execute_run
self.__socket.send(str.encode("%s%s" % (self.__CRLF, self.__CRLF)))
File "/usr/lib/python3.4/ssl.py", line 684, in send
v = self._sslobj.write(data)
BrokenPipeError: [Errno 32] Broken pipe
Creation: https://github.com/a904guy/HttpRace/blob/master/HttpRace.py#L121-L131
Error: https://github.com/a904guy/HttpRace/blob/master/HttpRace.py#L166
I understand this isn't the appropriate use of sockets proxy for https/http ahead of time, but the application in nature calls for it really, and the socket proxy allows me to debug via Charles a lot easier.
Reproduce easily
./cli.py -u 'http://google.com/' -u 'http://yahoo.com/' -u 'https://google.com/'
Well, I found the cause of the _sslobj.write dying, still doesn't wrap socks.socksocket() properly.
Just to be clear, are you saying your issue with SSL wrapping is unrelated to the bug you found?
My testing is not showing any issues with SSL sockets.
Sorry, for the lack of information. The first bug I found was directly related to the format of the request I was sending through the socket based on the har json file parsing. When I resolved the issue, I still wasn't getting the connection shown via Charles over ssl wrapper, but shows on http traffic. I'll do additional checking of open/est connections to the sock proxy port later when I can.
I'm doing additional testing, it may still be in the request formatting of the socket I'm attempting to create that is causing the broken pipe, I'll close the ticket until I have time to dig into ssl.py to find out the cause.
+1 on this functionality. When I use ssl.wrap_socket, my connection still goes through, but only by going directly to the target server (the proxy is never hit). But when I don't use ssl.wrap_socket, it works perfectly.
So this skips the proxy and goes directly to the server (hostname:port):
s = socks.socksocket()
s.set_proxy(socks.HTTP, "my-proxy-server.com", 8888)
ssl_sock = ssl.wrap_socket(s, ca_certs="server.crt", cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect((hostname, port))
But but this works perfectly, going through the proxy:
s = socks.socksocket()
s.set_proxy(socks.HTTP, "my-proxy-server.com", 8888)
s.connect((hostname, port))
...however...
It looks like this works perfectly:
s = socks.socksocket()
s.set_proxy(socks.HTTP, "my-proxy-server.com", 8888)
s.connect((hostname, port))
# SSL wrap AFTER connecting and doing the proxy negotiation, which makes sense, since the
# proxy must be able to actually read the HTTP CONNECT request.
ssl_sock = ssl.wrap_socket(s, ca_certs="server.crt", cert_reqs=ssl.CERT_REQUIRED)
I agree this is confusing behavior, but I'm not sure there's a great way to fix it.
ssl.wrap_socket returns a completely new SSLSocket object, with its own connect method. socksocket can't really do anything here, since its object has been completely replaced.
The only sane options I see are adding a custom SSLSOCKSSocket, adding an optional ssl keyword argument, or just adding a note to the documentation that you can't wrap SSL over a socksocket if it's not already connected. The first 2 would be a bit weird, since people are supposed to use this as a drop-in replacement for socket.socket.
Unless anyone has a better suggestion for somehow preserving self.proxy and the connect method after the object has already been swapped out, I believe I'll just update the documentation.