[Twisted-Python] About CONNECT method and Proxy HTTPS

Román Ramírez rramirez at rootedcon.es
Tue Aug 14 10:51:46 EDT 2012

Hello all,

This is my first email in this list so thanks everyone in advance and Hello :)

I have a quick question about the Proxy class and the CONNECT method
(for tunneling SSL). I've already solved the certificate issues as I
use a fixed *.testdomain.com certificare for my service.

What I cannot manage to solve is how to manage the real request after
setting up the tunnel. Let me explain, whenever a browser wants to
tunnel through a Proxy it will take these steps:

1. Send a CONNECT host:443 HTTP/1.1
2. The proxy will connect to the remote (real) https server and if
everything is right, send an OK to the client,
3. If the Proxy sends a 200 (Ok) continue through TLS and send the
real request (GET /directory HTTP/1.0 and Host: test.testdomain.com)

My problem here is when working on the Request to check if the method
is CONNECT (Request.process), when I do the startTLS (and make the
transport SSL aware) I cannot find a way to read the next lines with
the REAL request (the GET /directory HTTP/1.0). As I see how to write
into the Request.process (self.transport.write) I don't see any way to
read after the startTLS. I've tried with the self.content.seek(0,0)
and self.content.read() but always getting "None".

Is there a way to read the next lines from the client after the
startTLS inside Request.process? I've reading about everything related
to Proxy, CONNECT and mitm for a week but cannot find anything working
for me...

Thanks a lot in advance for your help and your patience :)

More information about the Twisted-Python mailing list