search

zhuhaow / NEKit

A toolkit for Network Extension Framework
https://zhuhaow.github.io/NEKit
BSD 3-Clause "New" or "Revised" License
2.84k stars 672 forks source link

求助HTTPS代理怎么设置呢? #288

Closed qinghuawen closed 4 years ago

qinghuawen commented 4 years ago

大佬,我想通过network extension实现简单的https代理,就像pc上浏览器设置https代理一样。可否贴一些demo代码呢?

zhuhaow commented 4 years ago

https://developer.apple.com/documentation/networkextension/neproxysettings

qinghuawen commented 4 years ago

感谢您的回复,这个我试过,但好像不起作用,是否需要在PacketTunnelProvide里面做别的处理? 以下是我的代码。运行起来后,IP并不是https代理服务器的IP.

PacketTunnelProvider.m
- (void)startTunnelWithOptions:(NSDictionary *)options completionHandler:(void (^)(NSError *))completionHandler {
    NEIPv4Settings *ipv4Settings = [[NEIPv4Settings alloc] initWithAddresses:@[@"192.0.2.1"] subnetMasks:@[@"255.255.255.0"]];

    NSArray *dnsServers = @[@"8.8.8.8"];
    ipv4Settings.includedRoutes = @[[NEIPv4Route defaultRoute]];
    NEPacketTunnelNetworkSettings *settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"192.0.2.2"];
    settings.IPv4Settings = ipv4Settings;
    settings.MTU = @(1500);
    NEProxySettings* proxySettings = [[NEProxySettings alloc] init];
    NSInteger proxyServerPort = 443;
    NSString *proxyServerName = @"xxxx.xxxx.xxxx";
    proxySettings.HTTPSEnabled = YES;
    proxySettings.HTTPSServer = [[NEProxyServer alloc] initWithAddress:proxyServerName port:proxyServerPort];
    proxySettings.autoProxyConfigurationEnabled = NO;
    proxySettings.excludeSimpleHostnames = YES;
    settings.proxySettings = proxySettings;
    NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers:dnsServers];
    settings.DNSSettings = dnsSettings;
    [self setTunnelNetworkSettings:settings completionHandler:^(NSError * _Nullable error) {
        if (error) {
            if (completionHandler) {
                completionHandler(error);
            }
        }else{
            if (completionHandler) {
                completionHandler(nil);
            }
        }
    }];
}
zhuhaow commented 4 years ago

如果你想的是用过TLS来连接到http代理的话,这个设置不是干这个的,这个设置只是说需要https请求的时候(需要CONNECT)的时候连到哪一个HTTP代理。

想要通过TLS连接到HTTP代理的话需要用NEKit的HttpsAdapter转一下。

On Feb 14, 2020, at 6:29 PM, qinghuawen notifications@github.com wrote:

感谢您的回复,这个我试过,但好像不起作用,是否需要在PacketTunnelProvide里面做别的处理? 以下是我的代码。运行起来后,IP并不是https代理服务器的IP.

PacketTunnelProvider.m

  • (void)startTunnelWithOptions:(NSDictionary )options completionHandler:(void (^)(NSError ))completionHandler { NEIPv4Settings *ipv4Settings = [[NEIPv4Settings alloc] initWithAddresses:@[@"192.0.2.1"] subnetMasks:@[@"255.255.255.0"]];

    NSArray dnsServers = @[@"8.8.8.8"]; ipv4Settings.includedRoutes = @[[NEIPv4Route defaultRoute]]; NEPacketTunnelNetworkSettings settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"192.0.2.2"]; settings.IPv4Settings = ipv4Settings; settings.MTU = @(1500); NEProxySettings proxySettings = [[NEProxySettings alloc] init]; NSInteger proxyServerPort = 443; NSString proxyServerName = @"xxxx.xxxx.xxxx"; proxySettings.HTTPSEnabled = YES; proxySettings.HTTPSServer = [[NEProxyServer alloc] initWithAddress:proxyServerName port:proxyServerPort]; proxySettings.autoProxyConfigurationEnabled = NO; proxySettings.excludeSimpleHostnames = YES; settings.proxySettings = proxySettings; NEDNSSettings dnsSettings = [[NEDNSSettings alloc] initWithServers:dnsServers]; settings.DNSSettings = dnsSettings; [self setTunnelNetworkSettings:settings completionHandler:^(NSError _Nullable error) { if (error) { if (completionHandler) { completionHandler(error); } }else{ if (completionHandler) { completionHandler(nil); } } }]; } — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/288?email_source=notifications&email_token=AAJ2MLC4TAD7RJNJ4XIGZBDRCZXCJA5CNFSM4KUYOEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELYLMCQ#issuecomment-586200586, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ2MLGGWO57UHRHXQGUDJLRCZXCJANCNFSM4KUYOEYQ.

qinghuawen commented 4 years ago

明白了,您的源码demo里面有这个转换处理吗?感激不尽

qinghuawen commented 4 years ago

我想的就是填入一个https代理服务器的地址,连接后,网络请求通过代理发出,IP地址也会变成代理服务器的IP地址

zhuhaow commented 4 years ago

你可以看一下demo

On Feb 14, 2020, at 7:02 PM, qinghuawen notifications@github.com wrote:

明白了,您的源码demo里面有这个转换处理吗?感激不尽

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/288?email_source=notifications&email_token=AAJ2MLAQOUCXRKAB6J5OQMDRCZ24FA5CNFSM4KUYOEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELYOFMY#issuecomment-586212019, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ2MLHNDMVAAEHBYEH33KTRCZ24FANCNFSM4KUYOEYQ.

zhuhaow commented 4 years ago

我个人的建议是你弄个pac,只返回PROXY https://host:port好了 https://xn--host:port-ec7n287g,具体语法你要再查一下

On Feb 14, 2020, at 7:07 PM, qinghuawen notifications@github.com wrote:

我想的就是填入一个https代理服务器的地址,连接后,网络请求通过代理发出,IP地址也会变成代理服务器的IP地址

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/288?email_source=notifications&email_token=AAJ2MLE2AQJTUFXV4IYWF4DRCZ3N3A5CNFSM4KUYOEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELYOSEQ#issuecomment-586213650, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ2MLFLCPAEVCTNLVF64B3RCZ3N3ANCNFSM4KUYOEYQ.

qinghuawen commented 4 years ago

用了PAC之后是不是可以不需要用NEKit的HttpsAdapter呢,只需要用我原来的代码,也就是NEProxySettings就可以了达到我的目标吗?

zhuhaow commented 4 years ago

用了PAC之后你不需要其他任何东西

On Feb 14, 2020, at 7:16 PM, qinghuawen notifications@github.com wrote:

用了PAC之后是不是可以不需要用NEKit的HttpsAdapter呢,只需要用我原来的代码,也就是NEProxySettings就可以了吗?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/288?email_source=notifications&email_token=AAJ2MLHWOMCSKFT24AZL6N3RCZ4P7A5CNFSM4KUYOEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELYPJHI#issuecomment-586216605, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ2MLFQZFNJ4GM2T36W46DRCZ4P7ANCNFSM4KUYOEYQ.

qinghuawen commented 4 years ago

再次感谢大佬,我试试

qinghuawen commented 4 years ago

您好,按照您的建议试了一下,连接上之后还是无网络,我的代理服务器肯定是正常的,因为PC浏览器可以正常使用代理。以下是代码片段。感觉我就差最后一步了。。

 NEPacketTunnelNetworkSettings *settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"192.0.2.2"];
    settings.IPv4Settings = ipv4Settings;
    settings.MTU = @(1500);
    NEProxySettings* proxySettings = [[NEProxySettings alloc] init];
    NSInteger proxyServerPort = 443;
    NSString *proxyServerName = @"example.myproxy.com";
    proxySettings.HTTPSEnabled = YES;
    proxySettings.HTTPSServer = [[NEProxyServer alloc] initWithAddress:proxyServerName port:proxyServerPort];
    proxySettings.autoProxyConfigurationEnabled = YES;
    proxySettings.proxyAutoConfigurationURL = [NSURL URLWithString:@"https://example.mypac.com/pac.txt"];
    //proxySettings.excludeSimpleHostnames = YES;
    settings.proxySettings = proxySettings;

其中https://example.mypac.com/pac.txt的内容如下,格式应该也没问题。

function FindProxyForURL(url, host) {
    return "HTTPS example.myproxy.com:443"
}
zhuhaow commented 4 years ago

不要再设httpsproxy了

在 2020年2月14日,20:07,qinghuawen notifications@github.com 写道:

 您好,按照您的建议试了一下,连接上之后还是无网络,我的代理服务器肯定是正常的,因为PC浏览器可以正常使用代理。以下是代码片段。感觉我就差最后一步了。。

NEPacketTunnelNetworkSettings settings =[[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"192.0.2.2"]; settings.IPv4Settings = ipv4Settings; settings.MTU = @(1500); NEProxySettings proxySettings = [[NEProxySettings alloc] init]; NSInteger proxyServerPort = 443; NSString *proxyServerName = @"example.myproxy.com"; proxySettings.HTTPSEnabled = YES; proxySettings.HTTPSServer = [[NEProxyServer alloc] initWithAddress:proxyServerName port:proxyServerPort]; proxySettings.autoProxyConfigurationEnabled = YES; proxySettings.proxyAutoConfigurationURL = [NSURL URLWithString:@"https://example.mypac.com/pac.txt"]; //proxySettings.excludeSimpleHostnames = YES; settings.proxySettings = proxySettings; 其中https://example.mypac.com/pac.txt的内容如下,格式应该也没问题。

function FindProxyForURL(url, host) { return "HTTPS example.myproxy.com:443" } — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.

qinghuawen commented 4 years ago

您好,去掉httpsserver相关后,就只剩以下这几行代码了,好像还是有问题

NEProxySettings* proxySettings = [[NEProxySettings alloc] init];
proxySettings.autoProxyConfigurationEnabled = YES;
proxySettings.HTTPSEnabled = YES;
proxySettings.proxyAutoConfigurationURL = [NSURL 
URLWithString:@"https://example.mypac.com/pac.txt"];
settings.proxySettings = proxySettings;
zhuhaow commented 4 years ago

你设了httpsenabled应该pacenabled就没用了

在 2020年2月14日,20:41,qinghuawen notifications@github.com 写道:

 您好,去掉httpsserver相关后,就只剩以下这几行代码了,好像还是有问题

NEProxySettings* proxySettings = [[NEProxySettings alloc] init]; proxySettings.autoProxyConfigurationEnabled = YES; proxySettings.HTTPSEnabled = YES; proxySettings.proxyAutoConfigurationURL = [NSURL URLWithString:@"https://example.mypac.com/pac.txt"]; settings.proxySettings = proxySettings; — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.

qinghuawen commented 4 years ago

您好,去掉HTTPSEnabled之后,就只剩与PAC相关的代码了。似乎还是没有网络。有没有可能是其他的比如ipv4setting等设置问题?

NEProxySettings* proxySettings = [[NEProxySettings alloc] init];
proxySettings.autoProxyConfigurationEnabled = YES;
proxySettings.proxyAutoConfigurationURL = [NSURL
URLWithString:@"https://example.mypac.com/pac.txt"];
settings.proxySettings = proxySettings;
zhuhaow commented 4 years ago

把defaultroute去掉

在 2020年2月14日,18:30,qinghuawen notifications@github.com 写道:

 感谢您的回复,这个我试过,但好像不起作用,是否需要在PacketTunnelProvide里面做别的处理? 以下是我的代码。运行起来后,IP并不是https代理服务器的IP.

PacketTunnelProvider.m

qinghuawen commented 4 years ago

您好,defaultRoute去掉后,网络正常,但是IP是本机IP,不是代理服务器的IP

zhuhaow commented 4 years ago

matchDomains?

https://github.com/zhuhaow/Specht/blob/master/SpechtTunnelPacketProvider/PacketTunnelProvider.swift https://github.com/zhuhaow/Specht/blob/master/SpechtTunnelPacketProvider/PacketTunnelProvider.swift

On Feb 14, 2020, at 9:06 PM, qinghuawen notifications@github.com wrote:

您好,defaultRoute去掉后,网络正常,但是IP是本机IP,不是代理服务器的IP

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/288?email_source=notifications&email_token=AAJ2MLEIP5X4AJ5FX5O3NXTRC2JNDA5CNFSM4KUYOEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELY6XHQ#issuecomment-586279838, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ2MLBBEZPTPZJ5AXHXCPTRC2JNDANCNFSM4KUYOEYQ.

qinghuawen commented 4 years ago

您好,matchDomains也去掉了。现在整体代码如下:

- (void)startTunnelWithOptions:(NSDictionary *)options completionHandler:(void (^)(NSError *))completionHandler
{
    NEIPv4Settings *ipv4Settings = [[NEIPv4Settings alloc] initWithAddresses:@[@"192.0.2.1"] subnetMasks:@[@"255.255.255.0"]];

    NSArray *dnsServers = @[@"8.8.8.8"];
    NEPacketTunnelNetworkSettings *settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"192.0.2.2"];
    settings.IPv4Settings = ipv4Settings;
    settings.MTU = @(1500);
    NEProxySettings* proxySettings = [[NEProxySettings alloc] init];
    proxySettings.autoProxyConfigurationEnabled = YES;
proxySettings.proxyAutoConfigurationURL = [NSURL
URLWithString:@"https://example.mypac.com/pac.txt"];
    settings.proxySettings = proxySettings;
    NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers:dnsServers];
    settings.DNSSettings = dnsSettings;
    [self setTunnelNetworkSettings:settings completionHandler:^(NSError * _Nullable error) {
        if (error) {
            if (completionHandler) {
                completionHandler(error);
            }
        }else{
            if (completionHandler) {
                completionHandler(nil);
            }
        }
    }];
}
zhuhaow commented 4 years ago

https://github.com/zhuhaow/Specht/blob/cfd35278f05eef0cbf20f1e53a477947f38388dd/SpechtTunnelPacketProvider/PacketTunnelProvider.swift#L56

On Feb 14, 2020, at 9:13 PM, qinghuawen notifications@github.com wrote:

您好,matchDomains也去掉了。现在整体代码如下:

qinghuawen commented 4 years ago

所以还是需要借助您这个httpAdapter吗?

zhuhaow commented 4 years ago

你之前有写过matchDomains吗? 加上了这一行么? https://github.com/zhuhaow/Specht/blob/cfd35278f05eef0cbf20f1e53a477947f38388dd/SpechtTunnelPacketProvider/PacketTunnelProvider.swift#L56

qinghuawen commented 4 years ago

您好,之前没有写matchDomains这个参数,刚才加上了设置proxySettings.matchDomains = [""],与刚才一样的现象,有网络但IP是本机IP

zhuhaow commented 4 years ago

你怎么测的ip

qinghuawen commented 4 years ago

就是在safari里面打开测IP网站,比如百度搜索IP.

zhuhaow commented 4 years ago

pac服务器访问日志有记录么

qinghuawen commented 4 years ago

您好,我现在没权限访问pac服务器,但我直接把js脚本写到ios代理里了。但是这样也是不行的。 :(

proxySettings.proxyAutoConfigurationJavaScript = @"function FindProxyForURL(url, host) { return \"HTTPS example.myproxy.com:443\"}";

zhuhaow commented 4 years ago

不知道了

On 14 Feb 2020, at 22:00, qinghuawen notifications@github.com wrote:

 您好,我现在没权限访问pac服务器,但我直接把js脚本写到ios代理里了。但是这样也是不行的。 :(

proxySettings.proxyAutoConfigurationJavaScript = @"function FindProxyForURL(url, host) { return \"HTTPS example.myproxy.com:443\"}";

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or unsubscribe.

qinghuawen commented 4 years ago

好的,不好意思打扰您这么久,网上这方面的资料确实太少了。我再自己研究一下,非常感谢!