When using a third-party https client, there may be times when you want to try an SNI that is different from the actual one, which cannot be routed with nginx because it does not support SNI.
You may be able to rewrite SNI by using a proxy called mitmproxy. This time, we assume a client that can use the CONNECT method.
However, the Transparent HTTPS method of the following URL is likely to be rewritten even if it does not support proxies. https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks
Install mitmproxy with pip etc. https://docs.mitmproxy.org/stable/overview-installation/
Save the following program as custom_sni.py.
from mitmproxy import ctx, http
import mitmproxy
def next_layer(layer: mitmproxy.proxy.protocol.Layer):
if isinstance(layer,mitmproxy.proxy.protocol.TlsLayer):
layer._custom_server_sni="<SNI you want to solve>"
return layer
Allow the mitmproxy certificate (~ / .mitmproxy / mitmproxy-ca-cert.cer) as a preliminary preparation. Then start the proxy on port 8080 by doing the following:
mitmproxy -s custom_sni.py
All you have to do is set the proxy on the client you want to use.
Recommended Posts