Click here to Skip to main content
Click here to Skip to main content

HTTP Tunneling

, 14 Jun 2000
Rate this:
Please Sign up or sign in to vote.
This article describes how to open arbitrary TCP connections through proxy servers
<!-- Download Links -->
  • Download source files - 24 Kb
  • Download demo application - 87 Kb
  • <!-- Main HTML starts here -->


    The application discussed in this article provides the ability to make TCP connections through a proxy server. Often computers are behind firewalls that deny many connections. But HTTP connection is usually allowed and is made through a proxy server. This article will show how arbitrary TCP connections can be made using HTTP protocol and the proxy server.


    When an HTTP connection is made through a proxy server the client (usually the browser) sends the request to the proxy. The proxy opens the connection to the destination, sends the request, receives the response and sends it back to the client. The HTTP protocol specifies a request method called CONNECT. The CONNECT method can be used by the client to inform the proxy server that a connection to some host on some port is required. The proxy server, if allows such connections, tries to connect to the destination address specified in the request header. If it the operation fails it sends back to the client a negative HTTP response and close the connection. If the operation succeeded then send back an HTTP positive response and the connection is consider established. After that, the proxy does not care what data is transferred between client requesting the connection and the destination. It just forwards data in both ways acting as a tunnel.

    About the protocol

    We are interested in CONNECT method from the HTTP protocol. After the applications opens a connection with the proxy server it must send the connect request in the form of an HTTP request:

    CONNECT <destination_address>:<destination_port> <http_version><CR><LF>

    The proxy server process the request and try to make a connection to <destionation_address>:<destination_port>.

    The proxy server sends back an HTTP response in the form:

    <http_version> <code> <message><CR><LF>

    If it is a positive response (code=200) then after the empty line the proxy begins to acts as a tunnel and forwards data. If it is a negative response (code!=200) then connection is closed after the empty line.

    The HTTPTunneling application

    The application act as specified in a configuration file. An entry in the configuration file locks like this:

    <Source port> <Destination address> <Destination port> <Proxy address> <Proxy port>

    If the application is running and an entry in the configuration files changes, the application automatically updates itself.

    For every entry in the configuration file the application creates a port listener. This is a thread that opens a socket on <Source port> and waits for connection. When a request arrives on that port it tries to open a tunnel to the <Destination address>:< port>. If the <Proxy address> and <Proxy port> are missing, a direct connection is made. If the field are present it opens a connection to the proxy and sends a CONNECT request using the method specified above. The tunnel construction is made in a separate thread to let the port listener to accept immediatelly new connections. After the connection is established a tunnel object is constructed based on the opened sockets, sockets are marked as non-blocking and the object is passed to manager object. The thread that has created the tunnel is destroyed. Data transfer is made on a single thread. When one of the ends closes the connection the tunnel closes the other and the tunnel is marked as inactive. The manager finds the tunnel inactive and removes it from the list of active tunnels.

    By default the application generates log information in HTTPTunneling.log file. This file can be consulted to find wrong application behaviour.

    Known problems

    • If no data transfer is made the proxy could close the connection, event neither the initiator neither the destination has closed the connection.
    • Proxy authorization may be required. This can be easily solved including in the HTTP request the Proxy-Authorization field.


    June 15, 2000

    • Posted.


    This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

    A list of licenses authors might use can be found here


    About the Author

    Alex Turc

    United States United States
    No Biography provided

    Comments and Discussions

    QuestionCompilation and execution steps for http tunneling source code PinmemberAnindya Sinha17-Apr-14 10:48 
    Questionhelp me PinmemberMember 1005576421-May-13 19:41 
    GeneralMy vote of 4 Pinmemberanderbill8-Nov-10 17:14 
    General[Message Deleted] Pinmemberit.ragester2-Apr-09 22:57 
    GeneralQuestion about the method connect!! PinmemberPitoniso15-May-07 11:02 
    GeneralI've got a Modern Compiler [modified] Pinmemberqduaty11-Dec-06 5:03 
    GeneralBeginner Pinmemberparamprocessor28-Nov-06 0:11 
    GeneralHTTP protocol Pinmemberrenato tome1-Nov-06 17:05 
    GeneralRe: HTTP protocol Pinmemberrenato tome12-Feb-07 16:18 
    QuestionC# Implementation?? Pinmembergvanto22-Aug-06 4:52 
    AnswerRe: C# Implementation?? Pinmember i0016-Apr-13 15:13 
    QuestionRedircting data from one tcp port to another PinmemberPankajs_comp31-May-06 21:40 
    GeneralSQL via Proxy Pinmemberevilnoodle22-Mar-06 23:29 
    QuestionI have a question about proxy ISA2000 ? Pinmembercatclaw200016-Jan-06 16:40 
    Generaltunnelling for VNC Pinmembergeorgenew4-Aug-05 5:34 
    AnswerRe: tunnelling for VNC PinmemberPankaj Sahasrabudhe28-May-08 2:12 
    GeneralRe: tunnelling for VNC Pinmemberanderbill8-Nov-10 17:17 
    GeneralWebsense _HELP PinsussANON-14-Mar-05 0:47 
    GeneralAutorisation - how PinsusscnkKlau16-Feb-05 13:12 
    Generalconaito VoIP ActiveX SDK PinsussAttila Szappan13-Dec-04 4:06 
    GeneralRe: conaito VoIP ActiveX SDK Pinmemberbrian scott10-Apr-06 5:39 
    GeneralRe: conaito VoIP ActiveX SDK Pinmemberandyjones1210-Jun-09 0:16 
    QuestionCan tunnel solve nat/port forwarding problems? PinsussAnonymous26-Nov-04 20:07 
    QuestionAny way to reduce .exe file size? PinmemberJList8-Aug-04 16:55 
    GeneralMemory leak problem PinmemberLe Hong Anh6-Jun-04 20:11 

    General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

    Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

    | Advertise | Privacy | Terms of Use | Mobile
    Web04 | 2.8.150327.1 | Last Updated 15 Jun 2000
    Article Copyright 2000 by Alex Turc
    Everything else Copyright © CodeProject, 1999-2015
    Layout: fixed | fluid