balboa
balboa copied to clipboard
h2non
Get curl: (56) Proxy CONNECT aborted using https example
I'm trying to do a simple forward HTTPS proxy, but I can't seem to get the https example you've provided working. Whenever I try to curl google through the proxy, I get the curl: (56) Proxy CONNECT aborted error. I've tried several different proxy definition variations, but no success:
$ curl -x https://localhost:3443 -v https://www.google.com
* Rebuilt URL to: https://www.google.com/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
$ curl -x localhost:3443 -v https://www.google.com
* Rebuilt URL to: https://www.google.com/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
$ curl -x http://localhost:3443 -v https://www.google.com
* Rebuilt URL to: https://www.google.com/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
Any suggestions and/or ideas are greatly appreciated. I'm on OS X 10.10.
Try passing the flag: --insecure
I think you have to import a custom CA certificate in the client to work with HTTPS.
@h2non Forgot to add that variation I'd tried. Using --insecure doesn't work.
Are you talking about importing the certificate into the OS X keychain?
Yes, but try first forwarding to another HTTPS server, such as: https://httpbin.org
@h2non Same result.
$ curl -x https://localhost:3443 -v --insecure https://httpbin.org
* Rebuilt URL to: https://httpbin.org/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to httpbin.org:443
> CONNECT httpbin.org:443 HTTP/1.1
> Host: httpbin.org:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
$ curl -x http://localhost:3443 -v --insecure https://httpbin.org
* Rebuilt URL to: https://httpbin.org/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to httpbin.org:443
> CONNECT httpbin.org:443 HTTP/1.1
> Host: httpbin.org:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
Earlier today I tried using my own self-signed cert that I'd added to the OS X keychain as I was heading down the same thought path as you, but I still saw the same error. I added it as a system root CA will full trust for all users. When I couldn't get that to work, I went back to your example to see if it was just my configuration...Same issue. I'm running out of ideas.
I see where could be the issue, the --secure flag in balboa is not working as expected.
There's required to pass the secure: false option to rocky, but you can't do that from balboa currently.
Try editing bin/balboa and adding opts.secure = false manually.
I've fixed the CLI issue in 0.1.2. You can simply update the package and pass the --insecure flag.
@h2non I was creating the proxy programmatically...I tried the secure flag programmatically, but it still fails:
const fs = require('fs')
const balboa = require('balboa')
const certPath = __dirname + '/..'
const opts = {
ssl: {
key: fs.readFileSync(certPath + '/key.pem', 'utf8'),
cert: fs.readFileSync(certPath + '/cert.pem', 'utf8')
},
secure: false
}
balboa(opts).listen(3443)
console.log('SSL proxy server listening on port:', 3443)
The console output remains the same:
$ curl -x https://localhost:3443 -v --insecure https://httpbin.org
* Rebuilt URL to: https://httpbin.org/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to httpbin.org:443
> CONNECT httpbin.org:443 HTTP/1.1
> Host: httpbin.org:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host localhost left intact
curl: (56) Proxy CONNECT aborted
Perhaps could be due to some issue with the forwarded host header. Try passing some host specific options. You can see all the options here.
@h2non I'll have a look and get back to you soon. Thanks for all the help on this!
Same issue. Nothing helps :(
#curl --proxy 127.0.0.1:3443 -v --insecure https://httpbin.org
* Rebuilt URL to: https://httpbin.org/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3443 (#0)
* Establish HTTP proxy tunnel to httpbin.org:443
> CONNECT httpbin.org:443 HTTP/1.1
> Host: httpbin.org:443
> User-Agent: curl/7.43.0
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Connection #0 to host 127.0.0.1 left intact
curl: (56) Proxy CONNECT aborted
My guess is that you are running this on macOS?
Its probably because inbuilt curl version does not use openssl.
Try:
brew reinstall curl --with-openssl && brew link curl --force
Hello, I had the same problem, but it was because I had an ssh tunnel on port 8080. Try changing the port.
Same issue here and it only happens with HTTPS.
I experimented with secure and another HTTPS endpoint too
