堆栈内存溢出
  简体   繁体   English

如何在java中的HttpResponse中的代理服务器上获取客户端IP地址?

[英]How to get Client Ip address at Proxy server in HttpResponse in java?

 原文  2016-05-04 20:22:46       java/ cookies/ proxy

问题描述

I am trying to implementing a proxy server in java which will get the HttpRequest from client browser, forward it to server.我正在尝试在 Java 中实现一个代理服务器,它将从客户端浏览器获取 HttpRequest,并将其转发到服务器。 After receiving HttpResponse from server, it extract cookie and modify the cookie, and then forward HttpResponse with modified cookie to client browser.从服务器接收到 HttpResponse 后,它提取 cookie 并修改 cookie,然后将带有修改后的 cookie 的 HttpResponse 转发到客户端浏览器。 This I am doing to prevent misuse cookie for session highjacking.我这样做是为了防止滥用 cookie 进行会话劫持。

Next time, when client will try to connect the same server, my proxy server will get HttpRequest with this modified cookie.下次,当客户端尝试连接同一台服务器时,我的代理服务器将使用此修改后的 cookie 获取 HttpRequest。 My proxy server will replace this modified cookie by original before forwarding that HttpRequest to server and server will respond as it will detect correct cookie.在将该 HttpRequest 转发到服务器之前,我的代理服务器将用原始 cookie 替换此修改后的 cookie,服务器将响应,因为它将检测到正确的 cookie。

One drawback in this approch, if other client of same lan becomes attacker ans steal modified cookie of a client and send HttpRequest to proxy server, proxy server will replace this modified cookie by original and forward to server and attacker will able to perform session highjacking.这种方法的一个缺点是,如果同一局域网的其他客户端成为攻击者并窃取客户端的修改后的 cookie 并将 HttpRequest 发送到代理服务器,代理服务器会将修改后的 cookie 替换为原始 cookie 并转发到服务器,攻击者将能够执行会话劫持。

To solve this problem, I am trying to implement this in following way.为了解决这个问题,我试图通过以下方式实现这一点。

Instead of (cookie original value= modified value), I will store (Ip, cookie original value)= modified value.而不是 (cookie original value= modified value),我将存储 (Ip, cookie original value)= modified value。 So any time HttpReqest comes from client browser I will check Ip address of sender and Ip address stored along with original cookie for this modified cookie.因此,每当 HttpReqest 来自客户端浏览器时,我都会检查发件人的 Ip 地址以及与此修改后的 cookie 的原始 cookie 一起存储的 Ip 地址。

I have tried to run this code in a Single machine, where I have redirected to all browser request to localport 1111 and I am able to get Client Ip address.我尝试在一台机器上运行此代码,在那里我已将所有浏览器请求重定向到本地端口 1111,并且我能够获取客户端 Ip 地址。

 public static void runServer(String host, int remoteport, int localport)
      throws IOException {

// Create a ServerSocket to listen for connections with
ServerSocket ss = new ServerSocket(1111);

final byte[] request = new byte[1024];
byte[] reply = new byte[4096];

while (true) {
  Socket client = null, server = null;
  try {
    // Wait for a connection on the local port
    client = ss.accept();

    final String SenderIp=client.getInetAddress().getHostAddress();
    System.out.println("Client Ip address "+ SenderIp);

.....

// cookie convertion moodified to original is done here
   (modified cookie ---> original cookie value)
.....



// forward HttpRequest to server 
byte[] requestBytes = requestString.getBytes("ISO-8859-1");
streamToServer.write(requestBytes,0,requestBytes.length);
streamToServer.flush();

}   



// Read the server's responses
        // and pass them back to the client.
        int bytesRead;
        try {
          while ((bytesRead = streamFromServer.read(reply)) != -1) {

        String responseString = new String(reply, 0, bytesRead, "ISO-8859-1");
         System.out.println("Reply string "+responseString);


        // cookie modification done here

        System.out.println("Forwarded to IP "+SenderIp);
        byte[] responseBytes = responseString.getBytes("ISO-8859-1");
        streamToClient.write(responseBytes, 0, responseBytes.length);
        streamToClient.flush();

        HashMap(original_cookie,  modified cookie)
}
}

How can I know the Ip address to whom this HttpResponse will be sent ?我怎么知道这个 HttpResponse 将发送到IP 地址 I mean Client Ip address where I will send modify cookie我的意思是我将发送修改 cookie 的客户端 IP 地址

I want to use HashMap(original_cookie,IP address, modified cookie) after I get HttpResponse from External Server.我想在从外部服务器获取 HttpResponse 后使用 HashMap(original_cookie,IP address, modified cookie)。

Thank you in advance.先感谢您。

1 个解决方案

解决方案1
 0 已采纳  2016-05-09 06:50:29

I got the solution.我得到了解决方案。 I am creating a separate socket between new client and server.我正在新客户端和服务器之间创建一个单独的套接字 So, we can easily retrieve IP address of individual client from the socket between that particular client and server.因此,我们可以轻松地从特定客户端和服务器之间的套接字中检索单个客户端的 IP 地址。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Java HttpServletRequest 中获取客户端 Ip 地址 - How to get client Ip Address in Java HttpServletRequest 如何在CometD中获取客户端的代理IP地址? - How to get client's Proxy IP address in CometD? 如何使用 Nginx 作为反向代理在 gRPC Java 服务器端获取真实的客户端 IP - How to get real client IP on gRPC Java server side using Nginx as reverse proxy 如何使用Java在GWAN服务器中获取客户端IP地址? - How i can get the Client IP Address in GWAN Server Using Java? 如何获取客户端IP地址? - how to get client ip address? Java IP地址代理 - Java ip address proxy 如何通过Meteor中的Java客户端获取DDP调用的源IP地址 - How to get the source ip address of DDP call by a Java client in Meteor 如何在java中的服务(DAO)类中获取客户端IP地址 - How to get client IP address in service(DAO) class in java Java套接字-客户端和服务器IP地址 - Java socket - client and server IP address 从服务器获取客户端的IP地址 - get IP address of a client from a server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM