Proxy Hacks – Final. HTTPTunnel. Tunnel TCP / IP connections over plain old HTTP GET and POST requests. | Ubuntu, Life, Mobiles, Music, Movies, iPod and Ofcourse Windows!

Proxy Hacks – Final. HTTPTunnel. Tunnel TCP / IP connections over plain old HTTP GET and POST requests. | Ubuntu, Life, Mobiles, Music, Movies, iPod and Ofcourse Windows!

This is the final post in Proxy Hack series. This post is about the most robust approach for by passing any proxy.


Till now we have talked about SSH tunnel tricks and web based proxies.

As I warned in my earlier post, A careful SysAdmin would easily block ssh clients or corkscrew by blocking HTTP_CONNECT or discarding header less HTTP traffic (typical of ssh clients).

Today we are going to talk about *my favorite* HTTPTunnel, through which you can tunnel TCP/UDP over simple GET/POST HTTP requests. This is going to work in almost any harsh conditions except against proxies which allow only NTLM authentication. In this case however, our answer would be HTTPTunnel using NTLM Authorization Proxy Server, APS.

Before proceeding further please have a look at the wikipedia article to have a basic understanding on how an HTTPTunnel actually works.

We are going to talk about two main open source implementations – GNU Httptunnel (Basic HTTPTunnel ) and my preferred portable HTTPTunnel (Perl/php based).

Perl/PHP HTTPTunnel : http://http-tunnel.sourceforge.net/

HTTP Tunnel Diagram

(Sorry for direct linking the gif, too lazy right now to create my own.)

This is my recommended tunnel as it natively supports strong encryption, compression, access control and powerful web ui to configure server and clients.

  • Configuration of all components is done over a web based GUI
  • Support of multiple connections over one HTTPTunnel client/server
  • One HTTPTunnel server can serve multiple HTTPTunnel clients
  • SOCKS4 and SOCKS5 support
  • SOCKS cascading support
  • Multiple Security Features:
    – Strong network traffic encryption(needs some perl encryption plugins) and/or compression
    – SOCKS and/or HTTP authentication from multiple directories
    – Intrusion Detection

There is a php port available so you can run on an existing Apache PHP server.

But I will recommend running it with Perl. You will need to have perl (>= 5.8.x)(normally pre-installed) on *nix or ActivePerl on win32. You might also need to upgrade your Thread module version >= 1.51 (Not shipped by default). Linux guys will have to build from source and install from here. Windows guys may install this pre-compiled binary (version 1.51) for activeperl from here. Also you might need some encryption modules to enable encryption. Although HTTP Tunnel does not support HTTPS but GET/POST payload can be configured to be encrypted.

Just follow the simple README and All you have to do is run httptunnel server to listen up on a public port. Now, do http://localhost:port to set further configurations. Some important configurations are : Server access Control (Authentication and user source), access control to admin interface and Encryption. Feel free to play with other configurations.

At HTTP Tunnel client, run your HTTP client. By default it runs on port 1079. Browse to http://localhost:1079 to setup further configurations. Important configurations are :

  • Portmapping : Setting up TCP/IP connections to tunnel inside HTTP requests. Add as many TCP connections as you want here. All these ports would be tunneled inside HTTP.
  • Set up SOCKs server and port
  • Set up user based or IP based access control.
  • On second Tab configure tunnel server information and proxy server information.
  • On fourth tab setup advanced options like encryption, compression and access control to admin interface.

That’s it. You are done. Restart client service and you have a ready to go SOCKS proxy over which you can tunnel as many protocols as you want. Again for application not supporting SOCKS proxy like IE, Opera use proxifiers as suggested in my previous post here.

You can again create another SSH tunnel inside this HTTP tunnel by forwarding ssh port if you don’t trust HTTPTunnel’s inbuilt encryption.

GNU HTTPTunnel : http://www.nocrew.org/software/httptunnel.html

This one is a basic HTTP Tunnel implementation. First of all this does not provide any encryption, you will have to create a SSH tunnel inside HTTP tunnel.

This involves two executables, hts (httpTunnelServer) and htc (httpTunnelClient). A typical usage might be :

Server : hts -F localhost:443 8080
Client : htc -P <proxyServer>:<port> -A <proxy_username>:<password> -F 12345 hts_server:8080

Now use putty/ssh client to create an ssh tunnel inside this http tunnel. Connect to localhost:12345 to reach ssh server running at 443 on http tunnel server.

However, I have a feeling that SSH tunnel is faster than HTTP tunnel, may be because of some packet overhead in case of HTTP tunnel. Or may be SSH is a highly optimized and mature protocol than HTTP tunnel.

That’s it for now. Have a nice time tunneling 🙂