About the strange usage of bridge.

wzshiming / bridge

Bridge is a multi-level proxy that supports clients and servers with multiple protocols. SSHProxy, HTTPProxy, Socks4, Socks5, Shadowsocks.

MIT License

172 stars 17 forks source link

About the strange usage of bridge. #19

Closed hongyi-zhao closed 4 months ago

hongyi-zhao commented 4 months ago

The following description is given in the example:

Using proxy protocol(http/socks4/socks5) instead of direct TCP forwarding.
bridge -b :8080 -p -
bridge -b :8080 -p - -p http://username:password@my_server1:8080
# `http_proxy=http://127.0.0.1:8080 curl example.org` Will be the proxy

But what does -p - here mean and why must it be used like this?

Regards, Zhao

wzshiming commented 4 months ago

The project initially supported only a single TCP forwarding, -p - means there is no destination, it is a proxy.

This is equivalent to just doing a port forwarding with proxy

bridge -b :8080 -p destination:port -p http://username:password@my_server1:8080

hongyi-zhao commented 4 months ago

If so, why not just omit this argument, aka, as follows:

# A proxy listening on localhost's 8080 port:
bridge -b :8080 
# A proxy listening on localhost's 8080 port with an upstream forwarder:
bridge -b :8080 -p http://username:password@my_server1:8080

Furthermore, I tested as follows:

# A proxy listening on localhost's 8080 port:
bridge -b :18080 -p -

Then, testing the above proxy using curl in another terminal:

werner@x13dai-t:~$ curl -x http://127.0.0.1:18080 https://www.baidu.com
<html>
<head>
    <script>
        location.replace(location.href.replace("https://","http://"));
    </script>
</head>
<body>
    <noscript><meta http-equiv="refresh" content="0;url=http://www.baidu.com/"></noscript>
</body>
</html>

As you can see, it doesn't work. Why?

Regards, Zhao

wzshiming commented 4 months ago

If so, why not just omit this argument, aka, as follows:

This makes it impossible to distinguish whether this is a proxy or a tcp forwarding

a tcp forwarding

bridge -b :8080 -p example.org:80
# `curl -H 'Host: example.org' 127.0.0.1:8080` will return to the target page

a proxy

bridge -b :8080 -p - -p http://username:password@my_server1:8080
# `http_proxy=http://127.0.0.1:8080 curl example.org` Will be the proxy

Furthermore, I tested as follows:

It works fine, is there a problem I am missing?

hongyi-zhao commented 4 months ago

a tcp forwarding

bridge -b :8080 -p example.org:80
# `curl -H 'Host: example.org' 127.0.0.1:8080` will return to the target page

See below for the details of my testing:

werner@x13dai-t:~$ bridge -b :18080 -p https://www.baidu.com
2024/07/16 19:52:58 INFO DIAL "https://www.baidu.com" <- LOCAL <- "tcp://:18080" LISTEN
 chains="{Bind:[{Probe: LB:[:18080]}] Proxy:[{Probe: LB:[https://www.baidu.com]}] IdleTimeout:0s}"
2024/07/16 19:53:05 INFO Connect chains="{Bind:[{Probe: LB:[:18080]}] Proxy:[{Probe: LB:[https://www.baidu.com]}] IdleTimeout:0s}" remote_address=127.0.0.1:47182
2024/07/16 19:53:05 ERROR Step chains="{Bind:[{Probe: LB:[:18080]}] Proxy:[{Probe: LB:[https://www.baidu.com]}] IdleTimeout:0s}" err="dial https: unknown network https"

werner@x13dai-t:~$ curl -H 'Host: https://www.baidu.com' 127.0.0.1:18080
curl: (56) Recv failure: Connection reset by peer

It works fine, is there a problem I am missing?

I mean: Shouldn't I access the target website at this time? However, my information shows that it did not successfully return any valid information on the target website.

wzshiming commented 4 months ago

I got it your problem, you can't tell the difference between tcp, http, https or any proxy, here is the correct way to use it

bridge -b :18080 -p www.baidu.com:443

curl -H 'Host: www.baidu.com' -k https://127.0.0.1:18080

hongyi-zhao commented 4 months ago

Then, why the following still fail:

werner@x13dai-t:~$ bridge -b :18080 -p www.baidu.com:80
2024/07/17 10:39:31 INFO DIAL "tcp://www.baidu.com:80" <- LOCAL <- "tcp://:18080" LISTEN
 chains="{Bind:[{Probe: LB:[:18080]}] Proxy:[{Probe: LB:[www.baidu.com:80]}] IdleTimeout:0s}"
2024/07/17 10:39:42 INFO Connect chains="{Bind:[{Probe: LB:[:18080]}] Proxy:[{Probe: LB:[www.baidu.com:80]}] IdleTimeout:0s}" remote_address=127.0.0.1:58786

werner@x13dai-t:~$ curl -H 'Host: www.baidu.com' https://127.0.0.1:18080
curl: (35) error:0A00010B:SSL routines::wrong version number

Does this mean Baidu only allows https-based access?

When used in the following way:

bridge -b :18080 -p -

What is the usage scenario of this method? The reason I am asking this is that you have already seen this proxy cannot be used as a gateway to access any website:

werner@x13dai-t:~$ curl -x http://127.0.0.1:18080 https://www.baidu.com
<html>
<head>
    <script>
        location.replace(location.href.replace("https://","http://"));
    </script>
</head>
<body>
    <noscript><meta http-equiv="refresh" content="0;url=http://www.baidu.com/"></noscript>
</body>
</html>

wzshiming commented 4 months ago

https

bridge -b :10443 -p www.baidu.com:443
# curl -H 'Host: www.baidu.com' -k https://127.0.0.1:10443

http

bridge -b :10080 -p www.baidu.com:80
# curl -H 'Host: www.baidu.com' http://127.0.0.1:10080

proxy

bridge -b :18080 -p -
# curl -x http://127.0.0.1:18080 https://www.baidu.com

wzshiming commented 4 months ago

It seems to work. What are you trying to achieve?

hongyi-zhao commented 4 months ago

What are you trying to achieve?

Just trying to understand and master the various advanced usages of this powerful tool.

Now, all your above-mentioned methods work. I previously had some misunderstandings in running the testing methods. Thank you again for your comprehensive detailed examples.