From my understanding when resources are limited on a network you can creeate a tunnel which would basically connect you to a server which would act as mean to exceed those limits. Therefore you would have Yourself, being blocked by something (could be a firewall, proxy etc.), thus you are limited and can not access certain services. Now to create a tunnel yuo would need a client which would send a request to a server, which would then procceed and accomplish the request and send the received information. An example is accessing blocked sites: If I the client send a request to access anandtech.com, but the firewall or proxy is blocking anandtech.com, i could create a "tunnel" unto my server and request my server to retrieve anandtech.com and send it back to me. Obviously this would be slower then having a direct connection to the internet, But my goal is to create a Java Based Script (a Server and a CLient) that would allow the client to use certain services which are not available in a certain network, through tunneling the connection. Therefore i would need to create a server script, which would listen for any incomming connections on a certain port, and proccess the requests, which the results would be sent back to the client. Is this correct?
HTTP-Tunneling, How it works?
- Thread starter Leoski
- Start date
Sounds accurate to me. You do realize however, that the server in this setup would have to be outside of the firewall/proxy that is blocking the request.
edit: haha, just realized there is another thread already answering your question
edit: haha, just realized there is another thread already answering your question
It sounds like you just need a proxy.
But circumventing security/policy measures put in place by the official administration is a bad thing. Don't do it. Surf for donkey porn at home, work at work.
But circumventing security/policy measures put in place by the official administration is a bad thing. Don't do it. Surf for donkey porn at home, work at work.
When i started reading about HTTP-Tunneling i was very interested in it, and the whole point of this project is to learn more about it, to learn it inside out. Http-tunneling is (i belieave) mostly used when a user has limited access to the web. THerefore i would like to create a software that would do that, for fun. I know the server must be outside of the firewall. Previously someone told to create a SSH connection and a Proxy server, but how can this help me, creating a tunnel?
If you tunnel it over SSH you don't have to worry about "http tunneling" or someone sniffing your donkey porn.
Putty is usually the standard SSH client. OpenSSH is the best daemon IMO, but I'm not sure if there are Windows ports of it anymore.
Garion
Platinum Member
- Apr 23, 2001
- 2,331
- 7
- 81
Yes, it is very possible to do exactly what you want. Here's how it works.
If your security policy limits you to HTTP only and you MUST do something else, you can use one of several HTTP tunneling applications out there.
When you think about it, HTTP can be used to send a LOT of different kinds of data - It's not just HTLM and web pages. It's just raw data, put into a HTTP connection.
The HTTP Tunnel apps just take this to the next logical step. They use a custom HTTP server and HTTP client to use that protocol to tunnel generic TCP data, much like an IPSec tunnel encapsulates other IP datagrams.
The catch with HTTP is that it's designed to be a connectionless request/response system. Most TCP apps don't behave this way. The biggest challenge is to setup a reliable communication channel between client and server. Most do this via frequent hearbeats from the client in the form of a GET request. (i.e., once ever 250 MS do a "GET http://www.tunnelserver.com/cu...sion=MyClientSessionID") and if the server has something that needs to be delivered to you, it's sent through that get.
Sending data is easier. Your client can do a POST any time you need to deliver data.
The biggest challenge is to create a way to forward on TCP requests from your local machine. Most do this by creating a TCP listener on your loopback IP. You'd configure your client so that anything going to 127.0.0.1 port 10034 will get forwarded, through the HTTP tunnel and the server to 145.223.1.45 port 80. Some are more flexible than this, but this is the simplest implementation.
There are a variety of apps that are built for this - The most common is GNU httptunnel. It's open source and you can easily download and compile it, as necessary. It works quite well and is a good app.
Now, onto the rest of the story...
For those of you that don't know, I am the architect / engineer that is responsable for a very large corporate proxy / Internet access solution for a Fortune 200 company. We handle 60M+ requests per day and have more Internet bandwidth than most small countries - In our data centers, I think we're up to about 700Mb/s.
We are VERY strict in our security policies. Opening up one of these kinds of tunnels is expsing your network to that remote machine and all of it's security issues. Bypassing our proxies is NOT good karma and definitley not career-enhancing. Be VERY careful with these things, as using them is almost always a violation of your company's "computing acceptable use policy", typically grounds for termination. If you're a student, you could be expelled. I've seen/heard of both happening.
Put it this way - It's my job to make sure things like this DON'T work. Unfortunately, these things masquerade their traffic so well that it's hard for us to catch them in the act. The next day, when our nightly stats have run, yes. We'll know about it. (Gee... Someone mad 300,000 POSTS to this IP address in the old @home IP space. Gee, what could THEY be doing?). Remember that, if you're good, your admins WILL catch you and you should be prepared for that. I usually do the nice guy thing and call the user up directly, but we have had to report a few to security and things went rapidly downill from there for those guys.
It seems, however, that you are mostly in this for the academic interest, just trying to see how it's done. If so, go check out httptunnel and see what makes it tick and fiddle away. Also jsut do a google search on "http tunnel" and see what you find - There's a lot of good stuff out there. Just be careful not to do something you shouldn't be doing.
- G
If your security policy limits you to HTTP only and you MUST do something else, you can use one of several HTTP tunneling applications out there.
When you think about it, HTTP can be used to send a LOT of different kinds of data - It's not just HTLM and web pages. It's just raw data, put into a HTTP connection.
The HTTP Tunnel apps just take this to the next logical step. They use a custom HTTP server and HTTP client to use that protocol to tunnel generic TCP data, much like an IPSec tunnel encapsulates other IP datagrams.
The catch with HTTP is that it's designed to be a connectionless request/response system. Most TCP apps don't behave this way. The biggest challenge is to setup a reliable communication channel between client and server. Most do this via frequent hearbeats from the client in the form of a GET request. (i.e., once ever 250 MS do a "GET http://www.tunnelserver.com/cu...sion=MyClientSessionID") and if the server has something that needs to be delivered to you, it's sent through that get.
Sending data is easier. Your client can do a POST any time you need to deliver data.
The biggest challenge is to create a way to forward on TCP requests from your local machine. Most do this by creating a TCP listener on your loopback IP. You'd configure your client so that anything going to 127.0.0.1 port 10034 will get forwarded, through the HTTP tunnel and the server to 145.223.1.45 port 80. Some are more flexible than this, but this is the simplest implementation.
There are a variety of apps that are built for this - The most common is GNU httptunnel. It's open source and you can easily download and compile it, as necessary. It works quite well and is a good app.
Now, onto the rest of the story...
For those of you that don't know, I am the architect / engineer that is responsable for a very large corporate proxy / Internet access solution for a Fortune 200 company. We handle 60M+ requests per day and have more Internet bandwidth than most small countries - In our data centers, I think we're up to about 700Mb/s.
We are VERY strict in our security policies. Opening up one of these kinds of tunnels is expsing your network to that remote machine and all of it's security issues. Bypassing our proxies is NOT good karma and definitley not career-enhancing. Be VERY careful with these things, as using them is almost always a violation of your company's "computing acceptable use policy", typically grounds for termination. If you're a student, you could be expelled. I've seen/heard of both happening.
Put it this way - It's my job to make sure things like this DON'T work. Unfortunately, these things masquerade their traffic so well that it's hard for us to catch them in the act. The next day, when our nightly stats have run, yes. We'll know about it. (Gee... Someone mad 300,000 POSTS to this IP address in the old @home IP space. Gee, what could THEY be doing?). Remember that, if you're good, your admins WILL catch you and you should be prepared for that. I usually do the nice guy thing and call the user up directly, but we have had to report a few to security and things went rapidly downill from there for those guys.
It seems, however, that you are mostly in this for the academic interest, just trying to see how it's done. If so, go check out httptunnel and see what makes it tick and fiddle away. Also jsut do a google search on "http tunnel" and see what you find - There's a lot of good stuff out there. Just be careful not to do something you shouldn't be doing.
- G
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter