ssl - How to change Host HTTP Header to break through SNI?

问题描述

To reach a target file, I must put specific Host Header in request, because server is using SNI.

My server's ip is 172.1.1.61 and mydomain.com is target host which can give me a file.

I tried to use a curl like that with no success:

curl -I --resolve mydomain.com:443:172.1.1.61 https://172.1.1.61:443/FederationMetadata/2007-06/FederationMetadata.xml -v

* Added mydomain.com:443:172.1.1.61 to DNS cache
* About to connect() to 172.1.1.61 port 443 (#0)
*   Trying 172.1.1.61...
* Connected to 172.1.1.61 (172.1.1.61) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer

Also I tried to use an openssl client:

openssl s_client -connect 172.1.1.61:443 -servername mydomain.com

And it has showed me a valid certificate, related to mydomain.com:

CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = mydomain.com
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=mydomain.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
some moar strings
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwNDAzMDQyODE3Wh==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=mydomain.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4609 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9B020000BE0E627BF16F61C924ED4B90FF698F1868168A0467E0F359F98DE1FA
    Session-ID-ctx: 
    Master-Key: (hidden)
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1602236714
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=104

But the last string is read:errno=104 what is equal to Connection Reset error.

As my last hope I'd installed a Modify Header Value plugin on my Chrome browser and made settings like that:

But still no connection:

What I did wrong?

标签： sslcurlopensslsni