Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Tunnel any kind of TCP traffic through HTTP/s

Tags:

I am looking for a software to tunnel RDP or other binary TCP traffic through a HTTPS tunnel. Because many clients only have HTTP/S permitted (only port 80 and 443 open in the firewall).

But there's a need to forward RDP (and other protocols) from machines in DMZ to clients.

Function description7 View large function description

Is there any kind of open source or enterprise software for this problem?

Bad solutions

Solutions like F5 big ip has the problem that I have to create the connection configuration with this software. If it would be possible to do this by use of an api it would be an good solution. But i would prefer only to get the tunnel component without bying a whole gateway software. Beacuse i need to create tunnels (1000ds of) out of my own software and its a need to restrict tunnel access to permitted user (Identifyed by session cookie)

Good solutions

http://http-tunnel.sourceforge.net/

If it would be possible that the tunnel client would not be a dedicated server but a java applet of flash running within the clients browser, it would match by 100% my needs.

like image 865
GreenRover Avatar asked Dec 29 '12 10:12

GreenRover


People also ask

What are TCP tunnels?

TCP tunnel is a technology that aggregates and transfers packets sent between end hosts as a single TCP connection. By using a TCP tunnel, the fairness among aggregated flows can be improved and several protocols can be transparently transmitted through a firewall.

What is HTTP tunneling used for?

HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls, NATs and ACLs, among other restrictions. The tunnel is created by an intermediary called a proxy server which is usually located in a DMZ.

How do I create a TCP tunnel?

Go to Configuration > Services > Proxy Services and create a New Service. Configure the Proxy Settings to be TCP Tunnel and add relevant listening ports for destination. Once configured, save this service and ensure it is intercepted.


1 Answers

There are a huge number of projects that tunnel TCP over HTTP(S). You will have to do a bit of work to select the one that best suits your needs (and probably modify it slightly).

  • SuperTunnel (Java). Looks nice, they seem to have given some thought to how to deal with not-well-behaved proxies.

  • JHttpTunnel (Java). A port of gnu httptunnel, I think uses the same network protocol.

  • Netty HTTP Tunnel (Java, part of Netty, a very nice networking library; sample code). I think this requires both client and server to use Netty, but aside from that is a drop-in replacement for the regular sockets in Netty.

  • ProxyChains (C, Unix, very popular)

  • GNU httptunnel (C, no HTTPS support, this is probably the granddaddy of all http tunnels)

  • node-http-tunnel (Node.js), Net::HTTPTunnel (Perl), nRedir (Python), Corkscrew, htunnel, ...

I think SuperTunnel and JHttpTunnel can both be included in an applet or Java app of your own on the client side, they do not need to run as standalone proxies.

Netty will also do that, but (I think) it requires that your server also use Netty: in other words, it allows you to replace regular TCP connect() to a server using Netty with TCP-over-HTTP connect(), but does not proxy arbitrary connections to other servers (unless you write your own simple proxy).

like image 69
Alex I Avatar answered Sep 20 '22 05:09

Alex I