ssl - How to change Host HTTP Header to break through SNI?
问题描述
To reach a target file, I must put specific Host Header in request, because server is using SNI.
My server's ip is 172.1.1.61
and mydomain.com
is target host which can give me a file.
I tried to use a curl like that with no success:
curl -I --resolve mydomain.com:443:172.1.1.61 https://172.1.1.61:443/FederationMetadata/2007-06/FederationMetadata.xml -v
* Added mydomain.com:443:172.1.1.61 to DNS cache
* About to connect() to 172.1.1.61 port 443 (#0)
* Trying 172.1.1.61...
* Connected to 172.1.1.61 (172.1.1.61) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer
Also I tried to use an openssl client:
openssl s_client -connect 172.1.1.61:443 -servername mydomain.com
And it has showed me a valid certificate, related to mydomain.com:
CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = mydomain.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=mydomain.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
some moar strings
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwNDAzMDQyODE3Wh==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=mydomain.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4609 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 9B020000BE0E627BF16F61C924ED4B90FF698F1868168A0467E0F359F98DE1FA
Session-ID-ctx:
Master-Key: (hidden)
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1602236714
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=104
But the last string is read:errno=104
what is equal to Connection Reset error.
As my last hope I'd installed a Modify Header Value plugin on my Chrome browser and made settings like that:
What I did wrong?
解决方案
openssl s_client -connect 172.1.1.61:443 -servername mydomain.com ... SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384
...
但是最后一个字符串是读取的:errno=104 等于连接重置错误。
您在此处看到的错误意味着连接重置发生在最后阶段或直接在 TLS 握手之后。在此阶段,SNI 已用于选择证书,并且尚未发送带有 Host 标头的 HTTP 请求。这意味着 SNI 和 Host 标头都不是这里的实际问题。
这意味着可以排除错误的 SNI 和 Host 标头作为连接重置的可能原因。还发现了共享密码,因此这也不是问题。例如,可能是缺少客户端证书或其他原因。也许服务器日志会显示。
推荐阅读
- git - 使用现有源代码在 git 的子文件夹中创建新的 Git 存储库
- excel - 除了包含我正在搜索的值的行之外,是否有代码可以用来隐藏所有行?
- sql - api调用数据库中的读取超时导致高打开文件
- raku - Perl6 使用代理触发属性访问
- ssl - Datagrip Intellij Cassandra SSL 连接
- sql - 在 sql 中使用 ALTER 添加 AUTO_INCREMENT
- php - 上传时如何相互呼应每个文件
- reference - 在创建别名可变借用之后但在使用它之前使用不可变借用实际上是危险的吗?
- rabbitmq - Rabbit MQ 备份消费者
- microservices - 微服务模式:事务日志跟踪与轮询发布者