(1) Proxy service principle
There are many kinds of proxy servers, and there are three kinds of HTTP, FTP, SOCKS agents, which are divided into transparent agents and opaque agents. Among them, the transparent agent is generally a gateway and is hardware. So here discussed opaque agents.
When the machine is online through the proxy server. Communication is twice, first is the machine and proxy server communication, and then the proxy server and destination address communication.
When the machine and proxy server communicate, the destination IP is the IP of the proxy server. When the proxy server and destination address communication, the source IP is the IP of the proxy server. When the external data is the same, in the internal network, the IP data appears, all IP of the internal network and the proxy server. Therefore, it does not see any information from the outside of the IP header. Only from the data can only be seen.
For example, use an HTTP proxy to access the Internet. Process is
The machine and proxy server establishes TCP connections.
The machine issues a get command. At this time, the GET command contains the URL or IP address, which is clear.
The proxy server converts the URL to an IP address, and there may be DNS. Copy the data in the source packet. Remove the URL, re-package, and then send it.
We need to parse the first GET package.
Now let's look at several proxy methods.
HTTP (GET)
HTTP (Connect)
FTP (User
User @ Host: Port)
FTP (User
User @ Host Port)
FTP (Open Host)
FTP (Site Host)
FTP (Site
User @ Host)
SOCKS5
SOCKS4
These proxy methods have a feature. That is, when connecting, you will first connect to the proxy server, issue a request, usually a Command URL, and Command is Get, Connect, User, etc. All HTTP and FTP are the same, can be identified by keywords. And the URL is a plaintext. Some of SOCKs. It is not clear, but hexadecimal data. To get an IP address, it is also converted.
(2) The current agent service technology agent service technology is to install a proxy software on a PC, mainly for users to access Internet resources. The English abbreviation of ICS is Internet Connection Sharing is an Internet connection sharing service provided by the Windows system for home networks or small intranet networks. It is actually equivalent to a network address converter. The so-called network address converter is the process information such as the IP address and TCP / UCP port in the packet when the packet is transmitted. With a network address converter, a home network, or a small office network, you can use private addresses, and convert the private address to the ISP assignment through the network address converter to connect to the Internet. The ICS method is also called an Internet conversion connection. Software: WINGATE, WINPROXYNAT, network address conversion, from a broad sense, ICS is also using a NAT technology, but we discussed here refers to a computer that will run Windows 2000 Server as an IP router. It forwards the data package between the local area network and the Internet host to implement Internet. The NAT method is also called the route connection of the Internet. Network address conversion NAT hides internal management IP addresses by converting private internal addresses to a common external address. In this way, the IP address registration is reduced by using a non-registered IP address internally and converts them into a small portion of the external registered IP address. At the same time, this also hides the internal network structure, thereby reducing the risk of the internal network being attacked. Software: WinRoute, Sygate
(3) Agent data variable non-transparent agent: Internet host submit TCP connection request: Source IP (Internet host) target IP (proxy server) 000000: 45 00 01 9E 64 CE 40 00 80 06 17 c0 c0 A8 FD 91 E ... d. @ ....... 00000010: C0 A8 FD E8 12 47 04 38 FB 32 8B 56 7e 55 57 EA ..... G.8.2.V ~ UW.00000020: 50 18 44 70 1B EC 00 00 47 45 54 20 68 74 74 70 P.dp .... Get http00000030: 3A 2F 2F 77 77 77 2E 63 63 74 76 2E 63 6F 6D 2E: //www.cctv.com. 00000040: 63 6E 2F 20 48 54 54 50 2F 31 2E 30 0D 0A 41 63 CN / HTTP / 1.0..AC00000050: 63 65 70 74 3A 20 69 6D 61 67 65 2F 67 69 66 2C CAPT: image / gif, 00000060 : 20 69 6D 61 67 65 2F 78 2D 78 62 69 74 6D 61 70 images / x-xbitmap00000070: 2C 20 69 6D 61 67 65 2F 6A 70 65 67 2C 20 69 6D, Image / JPEG, IM00000080: 61 67 65 2F 70 6A 70 65 67 2C 20 61 70 70 6C 69 AGE / PJPEG, Appli00000090: 63 61 74 69 6F 6E 2F 76 6E 64 2E 6D 73 2D 65 78 CATION / VND.MS-EX0000A0: 63 65 6C 2C 20 61 70 70 6C 69 63 61 74 69 6E CEL, Application000000B0: 2F 76 6E 64 2E 6D 73 2D 70 6F 77 65 72 70 6F 69 /VND.MS-POWERPOI000000C0: 6E 74 2C 20 61 70 70 6C 6 9 63 61 74 69 6E 2F NT, Application / 000000D0: 6D 73 77 6F 72 64 2C 20 61 70 70 6C 69 63 61 74 MSWORD, Applicat000000E0: 69 6F 6E 2F 78 2D 73 68 6F 63 6B 77 61 76 65 2D ION / X-Shockwave-000000F0: 66 6C 61 73 68 2C 20 2A 2F 2A 0D 0A 41 63 63 65 Flash, * / * .. ACCE00000100: 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 7A 68 2D PT -LANGUAGE: EN 00000110: 63 6E 0D 0A 55 73 65 72 2D 41 67 65 6e 74 3A 20 cn..user-agent: 00000120: 4D 6F 7A 69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D Mozilla / 4.0 (Com00000130: 70 61 74 69 62 6C 65 3B 20 4D 53 49 45 20 36 2E Patible; Msie 6.00000140: 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54 20 35 2E 0;
Windows NT 5.00000150: 32 3B 20 2E 4E 45 54 20 43 4C 52 20 31 2E 31 2E 2; .NET CLR 1.1.00000000160: 34 33 32 32 29 0D 0A 48 6F 73 74 3A 20 77 77 77 4322) .. Host : www00000170: 2e 63 63 74 76 2E 63 6F 6D 2E 63 6E 0D 0A 50 72.cctv.com.cn..pr00000180: 6F 78 79 2D 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 oxy-connection: 00000190 : 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A FD 00 Keep-alive ......
Data after proxy server conversion: Source IP (proxy server) i (Website IP) @ @ 网站 @ 01 88 5D 4E 40 00 80 06 19 55 C0 A8 FD E8 E ... N @ .... u. ... 00000010: CA 6C F9 CE 06 AC 00 50 7e 57 F3 C7 E1 41 2F 21.l ..... p ~ w ... A /! 00000020: 50 18 44 70 F9 DF 00 00 47 45 54 20 2F 20 48 54 P.dp .... Get / ht0000000030: 54 50 2F 31 2E 30 0D 0A 41 63 63 65 70 74 3A 20 TP / 1.0..accept: 0000000040: 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D 61 67 65 Image / GIF, Image00000050: 2F 78 2D 78 62 69 74 6D 61 70 2C 20 69 6D 61 67 / X-Xbitmap, IMAG00000060: 65 2F 6A 70 65 67 2C 20 69 6D 61 67 65 2F 70 6A E / JPEG, IMAGE / PJ00000070: 70 65 67 2C 20 61 70 70 6C 69 63 61 74 69 6F 6E PEG, Application00000080: 2F 76 6E 64 2E 6D 73 2D 65 78 63 65 6C 2C 20 61 /VND.MS -Excel, A00000090: 70 70 6C 69 63 61 74 69 64 2E 6D PPLICATION / VND.M00000000A0: 73 2D 70 6F 77 65 72 70 6F 69 6E 74 2C 20 61 70 S-PowerPoint, AP000000B0: 70 6C 69 63 61 74 69 6F 6E 2F 6D 73 77 6F 72 64 PLICATION / MSWORD000000C0: 2C 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F 78 2 D, Application / X-000000D0: 73 68 6F 63 6B 77 61 76 65 2D 66 6C 61 73 68 2C Shockwave-Flash, 000000E0: 20 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6e * / *. .Accept-lan000000f0: 67 75 61 67 65 3A 20 7A 68 2D 63 6E 0D 0A 55 73 Guage: zh-cn..us00000100: 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C er-agent: Mozill00000110: 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 6C A / 4.0 (Compatibl00000120: 65 3B 20 4D 53 49 45) 36 2E 30 3B 20 57 69 6E E; Msie 6.0; Win00000130: 64 6F 77 73 20 4E 54 20 35 2E 32 3B 20 2E 4E 45 DOWS NT 5.2;
. NE00000140: 54 20 43 4E 34 33 32 32 29 0d T CLR 1.1.4322) .00000150: 0A 48 6F 73 74 3A 20 77 77 77 2e 63 63 74 76 2E.HOST: www.cctv .00000160: 63 6F 6D 2E 63 6E 0D 0A 50 72 6F 78 79 2D 43 6F com.cn..proxy-Co00000170: 6e 6e 65 63 74 69 6E 3A 20 4B 65 65 70 2D 41 Nnection: Keep-A00000180: 6c 69 76 65 0D 0A 0D 0A FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 001 to the Internet, the Internet host submits a connection request to the agent. In the request package, the URL of the true target is included, and it is transferred through the proxy.
The FTP proxy agent is a plain text ..] ...] zi @ .. E .. @. j @ ... yr ......... I.i6u [..... p .. ..l..user user@202.204.8.10 ...
HTTP proxy http agent is a plain text ..] ...] zi @ .. e.n. @ ... Y ........ j.8.*.n.yj@p ... z ... get http://mp3.yzu.edu.cn/ http / 1.0..accept: * / * .. accept-language: en-cn..accept-encoding: gzip, deflate .. User-agent: mozilla / 4.0 (compatible; msie 5.01; windows nt 5.0) .. Host: mp3.yzu.edu.cn..proxy-connection: keep-alive..pragma: no-cache..cookie: aspsessionIDQQQCDAcs = CLCLPECCDCEKIGEOKFAFNDAG ...... 0 ......
The SOCKS5 agent SOCKS5 agent is not clear, it is data. 202.204.8.10:21CA CC 08 0A 00 15 If used domain name, it is a plain text ..] Zy ... zi @ .. e ..> .. @ ... p ......... .... n.f7% p: .p ...; ........ vod.sjtu.edu.cn ..... qq http agent When QQ is online, it will and Tengxun server Contact ..] Zy ...] zi @ .. e ....- @ ... m * ........... 8] ... 3.jp ... 6 .. Connect 218.18.95.165:443 http / 1.1..accept: * / * .. content-type: text / html..proxy-connection: Keep-alive..content-length: 0 ......... .......
QQ SOCKS5 agent When QQ uses the SOCKS5 agent, it is not a plain text, it is data CA 60 AA A5202.96.170.165: 8000