当传入代理的请求超过 http 时，如何从 ftp 代理返回 ftp 响应？

Question

At start thank you all for your kind help, Every hint is great and can teach me a lot, I appreciate every comment. Before you respond I'm aware that there is a lot of working solutions and working ftp proxies, but I'm asking this question for learning purposes and I try to understand how it works.

I have to implement my own ftp proxy server to capture ftp commands. The issue is that request incoming to proxy from client is over http protocol and when I return raw ftp response from ftp server through proxy to the client, then client browser is not able to handle this response as ftp response. Currently I'm trying to hardcode initial response from ftp proxy as following:

var clientWriter = new BinaryWriter(clientNetStream);
clientWriter.Write("220 (vsFTPd 3.0.3)\r\n");

But when client browser got this response, then it is showing following box: https://imgur.com/XcIy7Rw

Because above does not work then I've tried to include ftp response in HttpResponse as follows:

var clientWriter = new BinaryWriter(clientNetStream);
                        clientWriter.Write(
                            "HTTP/1.1 200 OK\r\n" +
                            "Date: Mon, 19 Jul 2004 16:18:20 GMT\r\n" +
                            "Server: Apache\r\n" +
                            "Last-Modified: Sat, 10 Jul 2004 17:29:19 GMT\r\n" +
                            "Accept-Ranges: bytes\r\n" +
                            "Content-Length: 9328\r\n" +
                            "Connection: keep-alive\r\n" +
                            "Content-Type: text/html\r\n" +
                            "\r\n" +
                            "220 (vsFTPd 3.0.3))\r\n");

But then browser handle this as follows: https://imgur.com/JuFTjs7

What I try do to is return "220 (vsFTPd 3.0.3)\r\n" response from server to the client and then I expect that client will send "USER anonymous\r\n" command to log in, but with both solutions this is not happening. I try to make working following sequence automatically (please see Wireshark screenshot). https://imgur.com/yT3dRxW

Does anybody knows how to return response from server to the client, to make client to communicate with ftp server?

If client send http request to the proxy then can I return Ftp response instead of http response? If not, then how proxy response should looks like?

Answer 1

It is important to distinguish between a HTTP Proxy and a FTP proxy. A HTTP proxy is typically capably to handle URLs starting with http(s):// and ftp:// . For URLs starting with ftp:// , the proxy does a protocol transformation.

That means that the client uses the HTTP protocol to transmit the URL to the proxy (in this case starting with ftp:// ). Due to the URL starts with ftp:// , the proxy knows that it must use the FTP protocol to connect to the server. This is referred to as FTP over HTTP as the client is connecting to a FTP server using a HTTP client.

Alternatively, the client can use a native FTP client to connect to the server using the proxy. In this case, the client uses the FTP protocol to talk to the proxy and the proxy uses the FTP protocol to talk to the server. This is referred to as native FTP proxy .

As you already noticed, in the FTPoverHTTP scenario, the client does not follow up on any FTP response. Instead, you have to implement the protocol transformation in the proxy accordingly. Pass the username and password from client to proxy as follows: ftp://username:password@server.com . Your proxy must extract the credentials from the URL, connect to the server, and then issue the USER and PASS command on behalf of the client.

Hint: The proxy also needs to extract directory/filenames from the URL in order to get a directory listing / file content using the FTP protocol from the server, then present it to the client accordingly, eg directory listing as html page with links to the artifacts in the directory or in case a file has been accessed, send a response which triggers a HTTP file download on the client