堆栈内存溢出
  简体   繁体   English

在CPP中创建代理服务器

[英]Create Proxy Server in CPP

 原文  2015-05-28 11:58:12       c++/ sockets/ proxy

问题描述

I want to write a proxy server which can forward the client request to server. 我想编写一个代理服务器,可以将客户端请求转发到服务器。 My problem is, the server validates the client's src ip. 我的问题是,服务器会验证客户端的src ip。 is there any possible way to retain the src ip and forward it to the server? 有什么可能的方法来保留src ip并将其转发到服务器?

3 个解决方案

解决方案1
 1  2015-05-28 12:09:10

This is named "spoofing" and is generally a Bad Thing (and quite difficult for TCP/HTTP, unless you're within the same network as the server or the client). 这被称为“欺骗”,通常是一件坏事(除非您与服务器或客户端位于同一网络中,否则这对于TCP / HTTP来说是相当困难的)。

Technically, on Linux you can try to play with so-called "raw sockets" (where you construct the whole IP packet yourself, including creating fake IP headers), but chances are that your spoofed packets will run into ingress/egress corporate and/or ISP filters (which in turn may attract attention of admins, especially if done within corporate network). 从技术上讲,在Linux上,您可以尝试使用所谓的“原始套接字”(您自己构造整个IP数据包,包括创建虚假的IP标头),但是您的欺骗数据包很可能会进入企业的入口/出口和/或ISP过滤器(反过来可能会引起管理员的注意,尤其是在公司网络内完成时)。

解决方案2
 0  2015-05-28 12:09:57

Presumably, since you're asking about a proxy, you want traffic to go in both directions. 据推测,由于您正在询问代理,因此您希望流量双向流动。 While, with some tricks, you can spoof the source IP address, you wouldn't get the traffic back from the server (assuming the Internet) to the proxy though because your "return address" is somewhere else. 尽管可以通过一些技巧来欺骗源IP地址,但由于“返回地址”位于其他位置,因此您不会将流量从服务器(假设是Internet)返回到代理。 You'll also likely get the attention of DoS scanners... 您还可能会引起DoS扫描仪的注意...

解决方案3
 0  2015-05-28 18:02:05

Using Linux Packet Sockets , you can send and receive the entire ethernet frames. 使用Linux Packet Sockets ,您可以发送和接收整个以太网帧。 If you leave the source and destination MAC addresses intact, and set your own IP to 0.0.0.0 so the kernel doesn't respond to traffic for you, there is no way for other systems to detect that your system is inline. 如果您保留源MAC地址和目标MAC地址不变,并且将自己的IP设置为0.0.0.0,以使内核不为您响应流量,则其他系统将无法检测到您的系统处于内联状态。 This is called a Man-In-The-Middle (MITM) attack, but there are non-evil uses for it. 这称为中间人(MITM)攻击,但是有非邪恶用途。

This is a good example of how to use a packet socket, but you would use the original source MAC address instead of your own. 是如何使用数据包套接字的一个很好的示例,但是您将使用原始的源MAC地址而不是您自己的源MAC地址。 

struct ether_header* hdr( reinterpret_cast< const struct ether_header* >( recvd_msg_ptr ) );
memcpy( m_sockaddr.sll_addr, hdr->ether_dhost, ETH_ALEN );

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用WNDCLASSEX创建窗口吗? [.cpp的] - Create window with WNDCLASSEX? [Cpp] 在cpp中创建Maya UI窗口 - Create a Maya UI window in cpp Xcode使用cpp文件创建捆绑 - Xcode create bundle with cpp files 带有错误的Cpp OpenSSL服务器的源 - Source for a Cpp OpenSSL server with errors 使用cpp-netlib Https服务器 - Https server with cpp-netlib cpp程序在服务器上运行缓慢 - cpp programs run slow on server cmake 使用 *.cpp 规则创建 Makefile - cmake to create Makefile with *.cpp rule gRPC cpp异步服务器vs同步服务器 - gRPC cpp async server vs sync server aws-sdk-cpp:如何通过Proxy访问S3? - aws-sdk-cpp: How to access S3 through Proxy? 使用cpp-netlib 0.8作为HTTP代理-无奈 - Using cpp-netlib 0.8 as a HTTP Proxy - Helpless
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM