Tunnel any kind of TCP traffic through HTTP/s [closed]

Asked 29/12, 2012 at 10:38 Answered 13/12, 2022 at 14:10

Solved tcp applet portforwarding http-tunneling big-ip

I am looking for a software to tunnel RDP or other binary TCP traffic through a HTTPS tunnel. Because many clients only have HTTP/S permitted (only port 80 and 443 open in the firewall).

But there's a need to forward RDP (and other protocols) from machines in DMZ to clients.

7 View large function description

Is there any kind of open source or enterprise software for this problem?

Bad solutions

Solutions like F5 big ip has the problem that I have to create the connection configuration with this software. If it would be possible to do this by use of an api it would be an good solution. But i would prefer only to get the tunnel component without bying a whole gateway software. Beacuse i need to create tunnels (1000ds of) out of my own software and its a need to restrict tunnel access to permitted user (Identifyed by session cookie)

Good solutions

http://http-tunnel.sourceforge.net/

If it would be possible that the tunnel client would not be a dedicated server but a java applet of flash running within the clients browser, it would match by 100% my needs.

Cadmann answered 29/12, 2012 at 10:38 Comment(1)

Try github.com/bokysan/socketace or github.com/jpillora/chisel – Tape 16/6, 2022 at 15:55

There are a huge number of projects that tunnel TCP over HTTP(S). You will have to do a bit of work to select the one that best suits your needs (and probably modify it slightly).

SuperTunnel (Java). Looks nice, they seem to have given some thought to how to deal with not-well-behaved proxies.
JHttpTunnel (Java). A port of gnu httptunnel, I think uses the same network protocol.
Netty HTTP Tunnel (Java, part of Netty, a very nice networking library; sample code). I think this requires both client and server to use Netty, but aside from that is a drop-in replacement for the regular sockets in Netty.
ProxyChains (C, Unix, very popular)
GNU httptunnel (C, no HTTPS support, this is probably the granddaddy of all http tunnels)
node-http-tunnel (Node.js), Net::HTTPTunnel (Perl), nRedir (Python), Corkscrew, htunnel, ...

I think SuperTunnel and JHttpTunnel can both be included in an applet or Java app of your own on the client side, they do not need to run as standalone proxies.

Netty will also do that, but (I think) it requires that your server also use Netty: in other words, it allows you to replace regular TCP connect() to a server using Netty with TCP-over-HTTP connect(), but does not proxy arbitrary connections to other servers (unless you write your own simple proxy).

Housekeeper answered 2/1, 2013 at 0:24 Comment(4)

Thx for antswer, a have an first working test with SuperTunnel. Now it would be nice to let server part run within an apache webserver. Didt you have for this problem also some informations for me? – Cadmann 3/1, 2013 at 21:28

@GreenRover: You could just run the server part in Apache Tomcat. You can probably get it to run in the server but listen on a separate port quite easily; with a bit more work it should be possible to have the HTTP requests go through Tomcat also. – Housekeeper 3/1, 2013 at 22:52

@GreenRover: Another thought: you could also run the server part as a standalone process and proxy requests through it using plain Apache (which will give you some more configurability, and you can use the same address/port as your regular web server). – Housekeeper 3/1, 2013 at 23:5

if was not jet able to test it with RDP but a simple tcp telnet session works like sharm. Thanks for your help. – Cadmann 4/1, 2013 at 15:46

If you are on the windows world I would strongly suggest to take a look at Windows 2008/2008R2/2012 SSTP VPN service. It uses the 443 port, and can be co-hosted with IIS (on 443). It works like a charm on Windows Vista / 7 / 8. I have heard about mac OSX solutions but not there yet.

However there is the good old solution of SSH.

If on linux, just install an openssh-server. If on windows, get and install an OpenSSH Server (e.g. copSSH from itefix https://www.itefix.no/). Modify the port to be using 443 instead of default 22.

On the client side can then use Putty ( http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html ) or kitty ( http://kitty.9bis.net/ ) on windows or any kind of SSH client in any OS to connect to your server through port 443 (where your SSH server is listening to).

Instructions on tunneling via putty for instance can be found on several sites:

Always remember that you have to point to your local host to do this.

On Windows there is also MyEnTunnel ( http://nemesis2.qx.net/pages/MyEnTunnel ) to simplify the procedure of tunnel configuration and maintenance.

Exploiting this tunnel on a browser is extremely easy: Just tell your browser that you have a socks proxy on a local port (e.h. localhost 8080) that you just configured in your client (putty, kitty, myentunnel or whatever else).

Vincentvincenta answered 4/1, 2013 at 15:6 Comment(0)

I wrote one called sshh. http://sourceforge.net/projects/sshh/

I went a little nuts, it actually lets you make connections backwards through it.

Agon answered 28/11, 2013 at 3:14 Comment(2)

Can you test ScreenConnect.com. Do you know if that concept is same as your concept? – Fantasize 15/8, 2016 at 0:34

That look awesome, can I run it on the browser? How? – Washer 28/8, 2021 at 8:25

If you want to open a TCP tunnel over WebSocket and Browser, as your restricted environment, and you just can access limited websites by a browser. I think this tunnel tool I made can help you settle your issues down.

Cactus Tunnel: https://github.com/jeffreytse/cactus-tunnel

🌵 A charming TCP tunnel over WebSocket and Browser.

With it, you can open a tunnel over your browser quickly, and set up the SSH tunnel, sock5 proxy, etc.

For your convinience, below are the instructions of building SSH socks5 proxy tunnel via cactus-tunnel

Install tunnel tool

npm i -g cactus-tunnel

Run tunnel server

cactus-tunnel server

Run tunnel client in browser bridge mode

cactus-tunnel client -b ws://<your-tunnel-server>:7800 <your-ssh-server>:22

Create socks5 proxy in client side

ssh -p 7700 -D 1337 -q -C -N <username>@localhost

-p 7700: connect to specific SSH port 7700
-D 1337: open a SOCKS proxy on local port 1337
-q: quiet mode, don’t output anything locally
-C: compress data in the tunnel, save bandwidth
-N: do not execute remote commands, useful for just forwarding ports

Thermidor answered 13/12, 2022 at 14:10 Comment(0)

Bad solutions

Good solutions

Recommended topics

Hot tags