File: proxytunnel-paper.txt

package info (click to toggle)
proxytunnel 1.9.0%2Bsvn250-6
  • links: PTS
  • area: main
  • in suites: buster, stretch
  • size: 452 kB
  • ctags: 368
  • sloc: ansic: 2,082; makefile: 79; pascal: 18
file content (101 lines) | stat: -rw-r--r-- 4,131 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
= Proxytunnel: punching holes through the corporate firewall
Proxytunnel developers
$Id: proxytunnel-paper.txt 233 2008-08-09 17:49:16Z dag- $

== Introduction
ProxyTunnel is a program that connects stdin and stdout to a server somewhere on the network, through a standard HTTPS proxy. We mostly use it to tunnel SSH sessions through HTTP(S) proxies, allowing us to do many things that wouldn't be possible without ProxyTunnel.

Proxytunnel can currently do the following:

    * Create tunnels using HTTP and HTTPS proxies (That understand the HTTP CONNECT command).
    * Work as a back-end driver for an OpenSSH client, and create SSH connections through HTTP(S) proxies.
    * Work as a stand-alone application, listening on a port for connections, and then tunneling these connections to a specified destination. 

If you want to make effective use of ProxyTunnel, the proxy server you are going to be tunneling through must adhere to some requirements.

    * Must support HTTP CONNECT command
    * Must allow you to connect to destination machine and host, with or without HTTP proxy authentication 

Most proxies however only allow connections to a number of pre-defined ports. These ports usually include 80(http) and 443(https). Some other proxies also allow traffic on other ports or ranges. Try to find out what ports your proxy allows you to connect through. You best guess is to test for the named 80 and 443, and then check for some other common ports like 8000, 8080, 8081, 8082 and the nntp ports 119(nntp) and 563(snntp).

If you have figured out what ports your proxy allows you to connect through, the fun can start. If it allows you to connect to a port you want access too, like the pop3 or imap ports you are in luck, since you can now set up a direct tunnel to these servers and read mail for example. Usually however you will be stuck with access to only port 80 and 443 (like we were, when we wrote ProxyTunnel). To be able to get access to more then just these ports you need access to a server on the internet where you are able to log-in via SSH on one of these ports. In our case we set up the SSH daemons on our home and office systems to listen to port 443(https), since these weren't used (and 80 was), and the port was allowed by the firewall/proxy.

After having setup a SSH daemon on an accessable port, we configured our local SSH clients to use ProxyTunnel as a back-end to make the connection. Doing this involves creating a ~/.ssh/config file, specifying a host-alias there, and telling SSH to use a proxy-command, using the ProxyCommand statement and our ProxyTunnel tool to do it.

We now have access to SSH on our 'unrestricted' system on the internet. As you may know, SSH allows you to do port-forwarding and other nice tricks. Using this knowledge it is possible to forward and port anywhere. I myself usually setup some port-forwardings for my mail (2 imap tunnels) and usenet. But i'm sure you can think up of many things you'd like to connect to. Now you can.

== History


== Requirements
What is required to use proxytunnel ?
What Operating Systems are supported ?

== How does it work ?

=== Normal HTTP connection

=== SSL HTTP connection

=== Proxytunnel

== Use cases

=== Connect without authentication

=== Connect with basic authentication

=== Connect with NTLM authentication

=== Connect using SSL client to proxy

=== Connect using SSL between proxy and destination

=== Connect with local and remote proxy

=== Connect using SSL between proxy and remote proxy

== Configuration

=== Configuring SSH

=== Using Socks

=== Configuring Apache

=== Configuring Tinyproxy

=== Configuring Squid


== Troubleshooting

=== Using verbose

=== Using Telnet to mimic behaviour


== Alternative tools

=== cockscrew

=== connecttunnel

=== desproxy

=== htun

=== ntlmaps

=== prtunnel

=== SOHT

== Links

 - http://proxytunnel.sourceforge.net/[Proxytunnel homepage]
 - https://proxytunnel.svn.sourceforge.net/svnroot/proxytunnel/[Proxytunnel subversion]
 - https://lists.sourceforge.net/lists/listinfo/proxytunnel-users[Proxytunnel mailinglist]


// vim: set syntax=asciidoc: