当前位置: 首页 > news >正文

商城网站建设的优点网站目的

news 2025/11/7 21:07:45
商城网站建设的优点,网站目的,网站模块划分规划,手机端移动网站建设目标:制作一个具备类似Fiddler、Burpsuit、Wireshark的https协议代理抓包功能,但是集成到自己的app内,这样无需修改系统代理设置,使用QWebengineview通过自建的代理服务器,即可实现https包的实时监测、注入等自定义功能…

目标:制作一个具备类似Fiddler、Burpsuit、Wireshark的https协议代理抓包功能,但是集成到自己的app内,这样无需修改系统代理设置,使用QWebengineview通过自建的代理服务器,即可实现https包的实时监测、注入等自定义功能。

实现:

一、https代理服务器

1.使用QSslSocket类收发https包;使用多线程,提升代理服务器的性能。

ProxyClientThread.h

#ifndef PROXYCLIENTTHREAD_H
#define PROXYCLIENTTHREAD_H#include <QObject>
#include <QTcpSocket>
#include <QNetworkProxy>
#include <QThread>
#include <QDebug>
#include <QSslSocket>
#include <QSslConfiguration>
#include <QFile>
#include <QSslKey>
#include <QByteArray>
#include <QtZlib/zlib.h>
#include <QRegularExpression>struct HTTPHDR{QString host;quint16 port;bool newReq;
};struct HTTPHDR2{quint8 CMD;QString CMDi;QString HOST;quint16 PORT;bool status;
};enum ClientConnectionState {InitialRequest,TlsHandshake,DataTransfer
};class ProxyClientThread : public QThread
{Q_OBJECTpublic:ProxyClientThread(qintptr  sockDesc, QObject *parent = 0);~ProxyClientThread();void run();QByteArray LastResquest;private:QSslSocket clientSocket;QSslSocket serverSocket;QSslConfiguration sslConfig;int m_client_state=0;bool m_serverSocketConnected=false;QByteArray cNewReqData;QByteArray clientSockData;QByteArray serverSockData;void processClient();HTTPHDR2 processHeader(QByteArray hdr);bool loadCertificateAndKey();//HTTPHDR getHostInfo(QByteArray httpHeaderPartial);int pid;bool targetFound=false;//是否找到要注入的目标bool istargetHeader=true;//是否头部bool finishInject=false;//已完成注入QString cachedStr="";//缓存的内容;private slots:void clientSockReadyRead();void serverSockConnected();void clientSockDisconnected();void serverSockDisconnected();void serverSockReadyRead();void clientTlsHandOk();void serverSockError(QAbstractSocket::SocketError errorMsg);void clientSockError(QAbstractSocket::SocketError errorMsg);signals:void complete();
};#endif // PROXYCLIENTTHREAD_H

ProxyClientThread.cpp部分代码

#include "proxyclientthread.h"//#define DEBUG 1
QString keyFile="9291.0d30ab5b.js";
QString keyStr="}else e=await V.ImSdk.sendMessage({text:r,textExtra:a,referenceMessage:eQ";
QString injectStr=",window.MySendMsg=e";
ProxyClientThread::ProxyClientThread(qintptr sockDesc, QObject *parent) : QThread(parent)
{this->pid = sockDesc;//服务端连接connect (&this->serverSocket,SIGNAL(disconnected()),this,SLOT(serverSockDisconnected()));connect (&this->serverSocket,SIGNAL(readyRead()),this,SLOT(serverSockReadyRead()));connect (&this->serverSocket,SIGNAL(errorOccurred(QAbstractSocket::SocketError)),this,SLOT(serverSockError(QAbstractSocket::SocketError)));connect (&this->serverSocket,SIGNAL(connected()),this,SLOT(serverSockConnected()));this->serverSocket.setProxy(QNetworkProxy::NoProxy);//客户端m_client_state=InitialRequest;//客户端状态为初始化状态this->clientSocket.setSocketDescriptor(sockDesc);connect(&this->clientSocket, SIGNAL(disconnected()),this,SLOT(clientSockDisconnected()));connect(&this->clientSocket, SIGNAL(readyRead()),this,SLOT(clientSockReadyRead()),Qt::DirectConnection);connect(&this->clientSocket, SIGNAL(encrypted()), this, SLOT(clientTlsHandOk()));connect(&this->clientSocket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), this, SLOT(clientSockError(QAbstractSocket::SocketError)));
}void ProxyClientThread::clientSockReadyRead()
{this->processClient();return;
}
void ProxyClientThread::processClient()
{HTTPHDR2 pHead;//recieved incoming client packetthis->clientSockData.clear();this->clientSockData = this->clientSocket.readAll();#ifdef DEBUGqDebug()<<this->pid<<"**收到客户端数据"<<this->clientSockData;#endif//查找匹配文件请求QString reqStr=QString(clientSockData);if(reqStr.contains("GET") and reqStr.contains(keyFile)){targetFound=true;qDebug()<<"找到要注入的文件--------------"<<reqStr;//修改请求头,不压缩reqStr.replace("Accept-Encoding: gzip, deflate, br","Accept-Encoding: identity");clientSockData=reqStr.toLocal8Bit();}if (this->serverSocket.state() == QAbstractSocket::ConnectedState){#ifdef DEBUGqDebug() <<this->pid<<": 4.2.向服务器发送请求:";//<<this->clientSockData;#endifserverSocket.write(clientSockData);return;}//处理 headerpHead = this->processHeader(clientSockData.mid(0,100));if (!pHead.status){this->LastResquest = this->clientSockData;return;}//process SSL/TLS Connection;if (pHead.CMD == 3){    //CONNECT类型if (serverSocket.state() == QAbstractSocket::UnconnectedState){#ifdef DEBUGqDebug() <<this->pid<<": 1.收到客户发起CONNECT连接" << pHead.CMD << pHead.HOST << pHead.PORT;#endifm_client_state=TlsHandshake;//握手状态serverSocket.connectToHostEncrypted(pHead.HOST, pHead.PORT);return;}}if (serverSocket.state() == QAbstractSocket::UnconnectedState){#ifdef DEBUGqDebug()<<"***连接服务器";#endifLastResquest=clientSockData;serverSocket.connectToHostEncrypted(pHead.HOST,pHead.PORT);return;}return;
}void ProxyClientThread::clientTlsHandOk(){//clientSockData = clientSocket.readAll();//读取客户端请求#ifdef DEBUGqDebug()<<this->pid<<": 4.<-- 已经和客户端ssl握手成功:"<<LastResquest;#endifserverSocket.write(LastResquest);}...}/** 加载自签名证书
*/
bool ProxyClientThread::loadCertificateAndKey() {QFile certFile(":/certs/server.crt");if (!certFile.open(QIODevice::ReadOnly)) {qWarning() << "Certificate file not found!";return false;}QSslCertificate cert(&certFile);QFile keyFile(":/certs/server.key");if (!keyFile.open(QIODevice::ReadOnly)) {qWarning() << "Private key file not found!";return false;}QSslKey key(&keyFile, QSsl::Rsa);sslConfig.setLocalCertificate(cert);sslConfig.setPrivateKey(key);sslConfig.setProtocol(QSsl::TlsV1_2);return true;
}

3.proxyserver.h

#ifndef PROXYSERVER_H
#define PROXYSERVER_H#include <QObject>
#include <QTcpServer>
#include <QTcpSocket>
#include <QDebug>
#include <QTcpServer>
//#include <proxyclient.h>
#include <proxyclientthread.h>class proxyServer : public QTcpServer {Q_OBJECTpublic:explicit proxyServer(QObject* parent = nullptr) : QTcpServer(parent) {}protected:void incomingConnection(qintptr socketDescriptor) override {// 创建子线程并传递 socket 描述符ProxyClientThread* workerThread = new ProxyClientThread(socketDescriptor, this);// 启动子线程workerThread->run();}
};#endif // PROXYSERVER_H

代码的逻辑其实不难,按照代理服务器的连接过程补全相关代码就可以了。

二、QWebengineView部分

使用代理服务连接,该设置仅在app内有效,不影响其他应用。

设置QWebengineView的page忽略证书错误(因为是自签名证书),不处理的话无法访问https页面。

// 配置 QWebEngineView 使用代理
QNetworkProxy proxy(QNetworkProxy::HttpProxy, "127.0.0.1", 8787);
QNetworkProxy::setApplicationProxy(proxy);//忽略证书错误
connect(webPage,SIGNAL(certificateError(QWebEngineCertificateError)),this,SLOT(on_certerror(QWebEngineCertificateError)));void xxxx::on_certerror(QWebEngineCertificateError certerror){auto mutableError = const_cast<QWebEngineCertificateError&>(certerror);mutableError.acceptCertificate();qDebug()<<"忽略证书错误。";if(certerror.type()==QWebEngineCertificateError::CertificateAuthorityInvalid){auto error=const_cast<QWebEngineCertificateError&>(certerror);qDebug()<<"忽略证书错误。";error.acceptCertificate();}
}

经过验证,这个方案可行,可以在代理服务器端修改客户端发起的请求,也可以修改服务器端返回的任何数据(已解密过的)后再返回给客户端,但是前提是要做好对应的处理工作,比如Content-length记得要修改。

http://www.yayakq.cn/news/781551/

相关文章:

  • 已有网站开发app终端wordpress问题解决方法
  • 网站出现wordpress找谁做公司网站
  • 有什么好的书写网站wordpress注册中文插件
  • wordpress打开文章昆明网站快照优化公司
  • 宁国市有做网站爱企业查询公司
  • 网站编写费用天马行空网站建设
  • 哈尔滨餐饮加盟网站建设网站建设重要
  • 个人商城网站源码下载网站快速排名工具
  • 大型行业门户网站开发建设网站开发这个专业前景怎样
  • 大连做网站qq群高校文明建设网站
  • 网站建设费用要分摊多长时间做企业网站好处
  • 成都网站推广经理wordpress的api
  • 做爰明星视频网站注册公司费用多少钱
  • 北京做软件最好的公司南昌做seo的公司有哪些
  • 微信彩票网站网站建设南充网站建设与维护
  • 高端建站属于外包公司么想用wordpress建立网站
  • 淘客优惠券网站怎么做前端网站效果有哪些
  • 网站轮播图怎么保存怎么搭建Wordpress博客
  • 前端静态网站模板下载搜狗搜索引擎优化
  • 网站前端工程师延庆手机网站建设
  • o2o网站建设市场农畜产品销售平台的网站建设
  • 环保网站案例深圳网站建设服务商
  • 筋郑州做网站网页设计师联盟网站怎么
  • 做移动端网站设计国家 住房城乡建设信用 网站
  • 能够做渗透的网站河北省建设机械协会网站首页
  • 天津网站建设哪家好太原做网页软件
  • 怎么样搭建qq号网站孝感做网站的公司
  • 网站开发工程师asp考试建设银行六安市分行网站
  • 建设电子商务网站总体设计阶段贵阳市乌当区住房与城乡建设局网站
  • 仿公众号网站网站编辑面试