{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 相关推荐>> 的问题《Set user-agent property in https connection header》','https://www.manongdao.com/q-1254287.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am unable to properly set the user-agent property for an https connection. From what I've gathered, http-header properties can be set through either the -Dhttp.agent VM option or through URLConnection.setRequestProperty(). However, setting the user-agent through the VM option causes " Java/[version]" to be appended to whatever the value of http.agent is. At the same time setRequestProperty() only works for http connections, not https (at least when I tried it).
java.net.URL url = new java.net.URL( "https://www.google.com" );
java.net.URLConnection conn = url.openConnection();
conn.setRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0");
conn.connect();
java.io.BufferedReader serverResponse = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
System.out.println(serverResponse.readLine());
serverResponse.close();
I've found/verified the problem by inspecting http communictions using WireShark. Is there any way around this?
Update: Addition Info
It seems that I didn't look deep enough into the communication. The code is running from behind a proxy so the communication observed is against the proxy, set through -Dhttps.proxyHost, and not the target website (google.com). Anyway, during an https connection, the method is CONNECT, not GET. Here is a wireshark capture of https communication attempt. Like I mentioned above, the user-agent is set through -Dhttp.agent because URLConnection.setRequestProperty() has no effect (user-agent = Java/1.7.0). In this case, notice the appended Java/1.7.0. The question remains the same, why is this happening and how do I get around it?
CONNECT www.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0 Java/1.7.0
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
HTTP/1.1 403 Forbidden
X-Bst-Request-Id: MWPwwh:m7d:39175
X-Bst-Info: ch=req,t=1366218861,h=14g,p=4037_7213:1_156,f=PEFilter,r=PEBlockCatchAllRule,c=1905,v=7.8.14771.200 1363881886
Content-Type: text/html; charset=utf-8
Pragma: No-cache
Content-Language: en
Cache-Control: No-cache
Content-Length: 2491
By the way, the request is forbidden because the proxy filters user-agent, the Java/1.7.0 is causing the rejection. I've appended Java/1.7.0 to the user-agent of an http connection and the proxy refuses connection too. I hope i'm not going crazy :).
There is no problem here. The User-Agent header is set whether the request is transported via HTTP / HTTPS. Even setting it to something unreasonable like
blah blahworks on HTTPS. The headers shown below were captured when the underlying protocol used was HTTPS.Request headers sent via HTTPS
Here's the code that triggers the request.
Normally, HTTPS requests cannot be sniffed (like @Perception mentioned). Piping the request through a proxy that replaces the root CA with its own fake CA will allow you to see the traffic. A simpler method is to just look at the access log of the target server. But as you can see from the HTTPS request snippet above, the
User-Agentheader that is sent is correct.This is not possible. Communication over an SSL socket is completely obscured from casual observation by the encryption protocol. Using packet capture software you will be able to view the initiation of the SSL connection and the exchange of encrypted packets, but the content of those packets can only be extracted at the other end of the connection (the server). If this were not the case then the HTTPS protocol as a whole would be broken, as the whole point of it is to secure HTTP communications from man-in-the-middle type attacks (where in this case the MITM is the packet sniffer).
Example Capture of an HTTPS request (partial):
Theoretically, the only way to know if your
User-Agentheader is actually being excluded is if you have access to the Google servers, but in actuality there is nothing in either the HTTPS specification or Java's implementation of it that excludes headers that would normally have been sent over HTTP.Example Capture of HTTP request:
Both example captures were generated with the exact same code:
Except that for HTTPS the target was "https://www.google.com", and for HTTP it was "http://www.google.com".
Edit 1:
Based off your updated question, using the
-Dhttp.agentproperty does indeed append 'Java/version' to the user agent header, as described by the following documentation:The 'offending' code is in a static block initializer of
sun.net.www.protocol.http.HttpURLConnection:An obscene way around this 'problem' is this snippet of code, which I 1000% recommend you not use:
Using this override with
https.proxyHost,https.proxyPortandhttp.agentset gives the desired result:But yea, don't do that. Its much safer to just use Apache HttpComponents: