獲取加密的正文響應 WinHttp HTTPS

Question

我正在嘗試使用端口 443 SSL 連接google.com 但是當我調用WinHttpReadData返回加密文本時，但使用WinHttpQueryHeaders我從服務器獲取純/文本響應標頭。

完全不確定為什么會發生這種情況，我指的是沒有加密的標題和正文，是的，我的目標是解密響應正文。

來源在這里：

// ConsoleApplication3.cpp : Este archivo contiene la función "main". La ejecución del programa comienza y termina ahí.
//

#include "pch.h"
#include <windows.h>
#include <winhttp.h>
#include <iostream>
#include <string>
#include <algorithm>



int main(){

    DWORD dwSize = 2000;
    DWORD dwDownloaded = 0;
    LPSTR pszOutBuffer;
    DWORD headerSize = 0;
    char * lpOutBuffer = new char[dwSize / sizeof(char)];

    HINTERNET hSession = NULL;
    HINTERNET hConnect = NULL;
    HINTERNET hRequest = NULL;

    // Use WinHttpOpen to obtain a session handle.
    hSession = WinHttpOpen(L"WinHTTP Example/1.0",
        WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
        WINHTTP_NO_PROXY_NAME,
        WINHTTP_NO_PROXY_BYPASS, 0);

    // Specify an HTTP server.
    if (hSession)
        hConnect = WinHttpConnect(hSession, L"google.com",
            443, 0); //443 port for SSL/TLS

    std::cout << "hConnect " << hConnect << std::endl;

    // Create an HTTP request handle.
    if (hConnect)
        hRequest = WinHttpOpenRequest(hConnect, L"GET", L"/",
            L"HTTP/1.1", WINHTTP_NO_REFERER,
            NULL,
            WINHTTP_FLAG_SECURE); //SECURE FLAG


    std::cout << "hRequest " << hRequest << std::endl;


    if (hRequest) { //Adding Headers

        std::cout << "Añadiendo headers!\n";
        WinHttpAddRequestHeaders(hRequest,
            L"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);
        WinHttpAddRequestHeaders(hRequest,
            L"Accept-Encoding: gzip, deflate, br",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);

        WinHttpAddRequestHeaders(hRequest,
            L"Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);

        WinHttpAddRequestHeaders(hRequest,
            L"Connection: keep-alive",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);

        WinHttpAddRequestHeaders(hRequest,
            L"Host: google.com",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);

        WinHttpAddRequestHeaders(hRequest,
            L"Upgrade-Insecure-Requests: 1",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);

        WinHttpAddRequestHeaders(hRequest,
            L"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0",
            -1L,
            WINHTTP_ADDREQ_FLAG_ADD);


    }

    // Send a request.
    BOOL bResults;
    if (hRequest)
        bResults = WinHttpSendRequest(hRequest,
            WINHTTP_NO_ADDITIONAL_HEADERS,
            0, WINHTTP_NO_REQUEST_DATA, 0,
            0, 0);

    std::cout << "bResults " << bResults << " " << GetLastError() << std::endl;

    if (bResults)
        bResults = WinHttpReceiveResponse(hRequest, NULL);

    std::cout << "bResults " << bResults << " " << GetLastError() << std::endl;

    if (bResults)
    {
        WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_RAW_HEADERS,
            WINHTTP_HEADER_NAME_BY_INDEX, NULL,
            &dwSize, WINHTTP_NO_HEADER_INDEX);

        printf("Tamaño de los headers: %d", dwSize);

        // Allocate memory for the buffer.
        if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
        {
            lpOutBuffer = new char[dwSize / sizeof(char)];

            // Now, use WinHttpQueryHeaders to retrieve the header.
            bResults = WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_RAW_HEADERS,
                WINHTTP_HEADER_NAME_BY_INDEX,
                lpOutBuffer, &dwSize,
                WINHTTP_NO_HEADER_INDEX);
            if (bResults){

                char * headers_aqui = new char[dwSize / sizeof(char)];
                int dwSize2 = 0;
                for (int i = 0,i2 = 0; i < dwSize; i++) {

                    //std::cout << (int)str[i] << std::endl;
                    if ((int)lpOutBuffer[i] != 0) {
                        headers_aqui[i2] = lpOutBuffer[i];
                        dwSize2 = i2;
                        i2++;
                    }
                }

                std::cout << "Tamaño ahora: " << dwSize2 << std::endl;

                std::string str(headers_aqui, dwSize2);



                std::cout << "Header contents: \n" << str << "\n\n\n\n\n"; //No encrypted or compressed.



            }

        }

    }

    if (bResults)
    {
        do
        {
            // Check for available data.
            dwSize = 0;
            if (!WinHttpQueryDataAvailable(hRequest, &dwSize))
                printf("Error %u in WinHttpQueryDataAvailable.\n",
                    GetLastError());

            // Allocate space for the buffer.
            pszOutBuffer = new char[dwSize + 1];
            if (!pszOutBuffer)
            {
                printf("Out of memory\n");
                dwSize = 0;
            }
            else
            {
                // Read the data.
                ZeroMemory(pszOutBuffer, dwSize + 1);

                if (!WinHttpReadData(hRequest, (LPVOID)pszOutBuffer,
                    dwSize, &dwDownloaded))
                    printf("Error %u in WinHttpReadData.\n", GetLastError());
                else
                    printf("%s", pszOutBuffer); //Encrypted or compressed, think SSL encryption.

                // Free the memory allocated to the buffer.
                delete[] pszOutBuffer;
            }
        } while (dwSize > 0);
    }


    // Report any errors.
    if (!bResults)
        printf("Error %d has occurred.\n", GetLastError());

    // Close any open handles.
    if (hRequest) WinHttpCloseHandle(hRequest);
    if (hConnect) WinHttpCloseHandle(hConnect);
    if (hSession) WinHttpCloseHandle(hSession);


    //std::cout << "Hello World!\n";
}

Output 這里： https://pastebin.com/cSkEugDT

我閱讀了文檔，但沒有找到有關WinHttpReadData中內容解密的任何信息，顯然這只發生在 https 上，當我測試 http 時，它返回純文本/文本。

我懷疑調用 WinHttpReadData 之前的某些參數。

Answer 1

最后我得到了錯誤，這是在 header Accept-Encoding

WinHttpAddRequestHeaders(hRequest,
        L"Accept-Encoding: gzip, deflate, br",
        -1L,
        WINHTTP_ADDREQ_FLAG_ADD);

我評論並解決了這個問題。 GZIP是一種壓縮算法，它制作了這種壓縮文本（deflate 和其他具有相同目的的算法）。

關於Accept-Encoding header： https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding