Proxy Hacks – Final. HTTPTunnel. Tunnel TCP / IP connections over plain old HTTP GET and POST requests.

This is the final post in Proxy Hack series. This post is about the most robust approach for by passing any proxy.

Till now we have talked about SSH tunnel tricks and web based proxies.

As I warned in my earlier post, A careful SysAdmin would easily block ssh clients or corkscrew by blocking HTTP_CONNECT or discarding header less HTTP traffic (typical of ssh clients).

Today we are going to talk about *my favorite* HTTPTunnel, through which you can tunnel TCP/UDP over simple GET/POST HTTP requests. This is going to work in almost any harsh conditions except against proxies which allow only NTLM authentication. In this case however, our answer would be HTTPTunnel using NTLM Authorization Proxy Server, APS.

Before proceeding further please have a look at the wikipedia article to have a basic understanding on how an HTTPTunnel actually works.

We are going to talk about two main open source implementations – GNU Httptunnel (Basic HTTPTunnel ) and my preferred portable HTTPTunnel (Perl/php based).

Perl/PHP HTTPTunnel :

HTTP Tunnel Diagram

(Sorry for direct linking the gif, too lazy right now to create my own.)

This is my recommended tunnel as it natively supports strong encryption, compression, access control and powerful web ui to configure server and clients.

  • Configuration of all components is done over a web based GUI
  • Support of multiple connections over one HTTPTunnel client/server
  • One HTTPTunnel server can serve multiple HTTPTunnel clients
  • SOCKS4 and SOCKS5 support
  • SOCKS cascading support
  • Multiple Security Features:
    - Strong network traffic encryption(needs some perl encryption plugins) and/or compression
    - SOCKS and/or HTTP authentication from multiple directories
    - Intrusion Detection

There is a php port available so you can run on an existing Apache PHP server.

But I will recommend running it with Perl. You will need to have perl (>= 5.8.x)(normally pre-installed) on *nix or ActivePerl on win32. You might also need to upgrade your Thread module version >= 1.51 (Not shipped by default). Linux guys will have to build from source and install from here. Windows guys may install this pre-compiled binary (version 1.51) for activeperl from here. Also you might need some encryption modules to enable encryption. Although HTTP Tunnel does not support HTTPS but GET/POST payload can be configured to be encrypted.

Just follow the simple README and All you have to do is run httptunnel server to listen up on a public port. Now, do http://localhost:port to set further configurations. Some important configurations are : Server access Control (Authentication and user source), access control to admin interface and Encryption. Feel free to play with other configurations.

At HTTP Tunnel client, run your HTTP client. By default it runs on port 1079. Browse to http://localhost:1079 to setup further configurations. Important configurations are :

  • Portmapping : Setting up TCP/IP connections to tunnel inside HTTP requests. Add as many TCP connections as you want here. All these ports would be tunneled inside HTTP.
  • Set up SOCKs server and port
  • Set up user based or IP based access control.
  • On second Tab configure tunnel server information and proxy server information.
  • On fourth tab setup advanced options like encryption, compression and access control to admin interface.

That’s it. You are done. Restart client service and you have a ready to go SOCKS proxy over which you can tunnel as many protocols as you want. Again for application not supporting SOCKS proxy like IE, Opera use proxifiers as suggested in my previous post here.

You can again create another SSH tunnel inside this HTTP tunnel by forwarding ssh port if you don’t trust HTTPTunnel’s inbuilt encryption.

GNU HTTPTunnel :

This one is a basic HTTP Tunnel implementation. First of all this does not provide any encryption, you will have to create a SSH tunnel inside HTTP tunnel.

This involves two executables, hts (httpTunnelServer) and htc (httpTunnelClient). A typical usage might be :

Server : hts -F localhost:443 8080
Client : htc -P <proxyServer>:<port> -A <proxy_username>:<password> -F 12345 hts_server:8080

Now use putty/ssh client to create an ssh tunnel inside this http tunnel. Connect to localhost:12345 to reach ssh server running at 443 on http tunnel server.

However, I have a feeling that SSH tunnel is faster than HTTP tunnel, may be because of some packet overhead in case of HTTP tunnel. Or may be SSH is a highly optimized and mature protocol than HTTP tunnel.

That’s it for now. Have a nice time tunneling :)

About these ads

18 Responses to “Proxy Hacks – Final. HTTPTunnel. Tunnel TCP / IP connections over plain old HTTP GET and POST requests.”

  1. Benjamin Schweizer Says:

    if you need to ‘get out’, check also ajaxterm,as it provides you a shell without the need of any client side installations and you can easily it at the computer of your coleaque…

  2. mriza Says:

    Any idea for the HTTP-Tunnel server, i mean is there any free one out there, a free shell service to put this tunnel server..

  3. Kx Says:

    Thanks benjamin. Will definetely give a try and add to post.

  4. Kx Says:

    To mriza : Do post back if you find some…

  5. John Says:


    in what way is http-tunnel (from sourceforge) portable?

  6. Kx Says:

    As it just needs perl / php / a php enabled web server it can be run on any platform.

  7. Mark Says:

    Nice write-up. I found Gnu HTTPunnel and Perl/PHP HTTPTunnel previously, and chose to implement the former. I now realize that was probably the wrong choice, not only from your post but also my experience.

    After several hours with no success and thinking I just needed to understand it better, I finally realized it has a serious bug for my application. I got it working without a proxy in the loop, but when a Proxy is added, the traffic from server to client gets stuck in the tunnel and the client waits until timeout. After timing out, the tunnel is flushed in both directions, and all the data comes through. I know this through debug, because it’s too late to be of any use, as the client and server tunnel users have exited.

    The point of the above is that the Proxy is not detecting and shutting down the tunnel, or the data would not come through when the session ends. After some web searching, I saw a mil archive of a bug entry that described exactly my experience. The author went further and said it occurred with Apache proxy server but not Squid. I could not find a response to the message through searching the archive.

    In addition to the above, I found one other message fragment in a mail archive which seemed to reference the same bug. But I can’t find any place to see the status of bugs or even if someone is working on the product still. The home page doesn’t have any recent entries. I’m using the Windows binaries for version 3.3, and I haven’t seen any references to later versions. Also when I downloaded the “latest” version, it turned out to be version 3.0. So I downloaded a link that said it was an older version. It turned out to be version 3.3, but it has fewer command line options than version 3.0.

    Do you have any additional insight on this issue or when it might be resolved? I wasted alot of time trying to make it work. I’ll try the Perl/PHP implmentation now, but I’d like to see the Gnu implementation working properly. I was thinking of writing a Java GUI client for it if there is sufficient interest, but I don’t want to do that if bugs are not being fixed.

  8. Kx Says:

    Did you try any other platform binaries? I guess they more than one platform implmentations for the same. You can install cygwin to run the unix binaries…

    Keep us posted …

  9. Mark Says:

    I gave up on Gnu HTTPTunnel since the Perl app HTTPTunnel seems much more promising. Unfortunately I encountered the same issue that I saw with Gnu HTTPTunnel. I can create a working tunnel so long as there is no proxy in the loop. When a proxy is used, the return data from server to client gets hung up somewhere until the tunnel is destroyed. Not sure if it’s hung up in the proxy or the tunnel server. I’ll capture HTTP messages at client and server this evening and see what I can learn.

    It seems as if there is a kind of proxy out there that no one has learned how to tunnel through. I doubt both products have the same bug. Authorization is not an issue, since the data eventually goes through. It’s a buffering problem.

    Unfortunately the forum for HTTPTunnel seems pretty much dead. No one has posted in over a month. I posted some questions and got no answers so far.

  10. Mark Says:

    After weeks of banging on this as well as I know how, I’ve concluded that neither http tunnel product described here can be made to work with the proxy server I’m trying to tunnel through. It’s an Apache server; so given the report I mentioned above about Gnu HTTP Tunnel not working with Apache proxies, with the exact failure mode I’m seeing, I strongly suspect that neither of these products can be made to work with Apache proxy servers. Given that Apache is the most popular web server by far, that’s very unfortunate.

    The details of what I discovered can be found here:

    Unfortunately the forum site for HTTPTunnel seems to be dead. Other than me, no one has posted since Jan 30. The site doesn’t show how many views each thread has, so I don’t know if anyone is even lurking on the site.

    It’s too bad I couldn’t make this work. I’ll send an e-mail to the HTTPTunnel author, as a last resort.


  11. Kx Says:

    Looks like someone is finally responding. Keep us posted on how things finally turn up there. As far as my success rate, I got it working successfully with Polipo and tinyproxy.

  12. Mark Says:

    With assistance from the HTTP Tunnel author, I played around with HTTP request headers, but I was not able to make it work through the Proxy that way.

    However, once I loaded the crypto modules (which was not an easy feat; finding the required Perl modules was very difficult), and enabled encryption between the tunnel client and server, I found that the proxy no longer held on indefinitely to the data returned from the server. So it sounds like this particular proxy was doing this in response to something it detected in the tunneled data stream.

    Unfortunately this did not result in a happy ending for me. While encrypting tunnel traffic makes the proxy behave, I found that the tunnel actually stops working, even though the proxy is forwarding all the data in both directions. The server just never responds to the first POST request from the client.

    This is not a proxy problem. I actually can’t make it work without the proxy. I can break a working tunnel by turning encryption on. Presumably there’s something wrong in my setup; perhaps one of my crypto modules is not built correctly. But I’m getting no error messages concerning it. And not being a Perl programmer, I don’t really know what else to check.

    The author replied that he’s monitoring the forum, but he’s unable to do any significant work on the project at this time. So Unfortunately after several weeks effort, I’m still unable to get tunneling working in my environment.

  13. rita Says:

    too good post, read with enthu, but for this BSNL EVDO natted connection i casn’t get to rapidshare and torrent are half open, any solution for windows platform?

  14. hmy Says:

    is there have some C software like the http-tunnel ? I want find a C languate instance like http-tunnel.

  15. Arun Kumar Sharma Says:

    Hey !!!
    Thanks for the info..its nyc..
    Do we have to forward any port through the firewall and the router….???

  16. Alex Says:

    The author of this write up states that the only exception where this will not work is when the proxy accepts only NTLM authentication. Which is exactly my case. Does anyone have a solution for such proxies?

  17. ramuni Says:

    i want to ask, the php script of http-tunnel server use what module? i think it better if transform that script to use common module in php like fopen, fsockopen or curl

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: