The HTTP CONNECT method
When you use Fiddler to capture packets, you’ll often see requests for the CONNECT method. What is the use of these requests?
We use Fiddler to capture packets. Fiddler becomes our agent, and to forward our requests, it needs to know what our requests are: server domain name, port, request URI, and so on. Otherwise it can’t forward our request. This is not a problem for HTTP requests, but it is for HTTPS requests.
Because the HTTPS request’s network packet is encrypted, the proxy has no way of knowing the content of our request and therefore cannot forward it.
So what to do?
If the proxy finds that the request from the client is encrypted and cannot be parsed, it tells the client that it needs to establish a tunnel with the server to forward HTTPS network packets. Then the client tells the proxy the server domain name, port number, etc., the proxy sends a CONNECT request, establishes a tunnel with the server, and then binds the unique identifier of the tunnel to the server, and returns it to the client. The next time the client sends an HTTPS request to the same server, it carries the tunnel identifier, and the proxy knows which tunnel to forward the encrypted network packet.
Adding a unique identifier to a tunnel is because we can initiate HTTPS requests with different server domain names. Multiple tunnels need to be established. To know which tunnel an HTTPS network packet is sent to, the agent needs to maintain a mapping table from tunnel ids to tunnels.
All above are personal guesses, waiting for proof or correction.