Click here to Skip to main content
11,641,081 members (64,687 online)
Click here to Skip to main content

HTTP Tunneling

, 14 Jun 2000 370.1K 15.4K 124
Rate this:
Please Sign up or sign in to vote.
This article describes how to open arbitrary TCP connections through proxy servers
<!-- Download Links -->
  • Download source files - 24 Kb
  • Download demo application - 87 Kb
  • <!-- Main HTML starts here -->

    Introduction

    The application discussed in this article provides the ability to make TCP connections through a proxy server. Often computers are behind firewalls that deny many connections. But HTTP connection is usually allowed and is made through a proxy server. This article will show how arbitrary TCP connections can be made using HTTP protocol and the proxy server.

    Approach

    When an HTTP connection is made through a proxy server the client (usually the browser) sends the request to the proxy. The proxy opens the connection to the destination, sends the request, receives the response and sends it back to the client. The HTTP protocol specifies a request method called CONNECT. The CONNECT method can be used by the client to inform the proxy server that a connection to some host on some port is required. The proxy server, if allows such connections, tries to connect to the destination address specified in the request header. If it the operation fails it sends back to the client a negative HTTP response and close the connection. If the operation succeeded then send back an HTTP positive response and the connection is consider established. After that, the proxy does not care what data is transferred between client requesting the connection and the destination. It just forwards data in both ways acting as a tunnel.

    About the protocol

    We are interested in CONNECT method from the HTTP protocol. After the applications opens a connection with the proxy server it must send the connect request in the form of an HTTP request:

    CONNECT <destination_address>:<destination_port> <http_version><CR><LF>
    <header_line><CR><LF>
    <header_line><CR><LF>
    ...
    <header_line><CR><LF>
    <CR><LF>
    

    The proxy server process the request and try to make a connection to <destionation_address>:<destination_port>.

    The proxy server sends back an HTTP response in the form:

    <http_version> <code> <message><CR><LF>
    <header_line><CR><LF>
    <header_line><CR><LF>
    ...
    <header_line><CR><LF>
    <CR><LF>
    

    If it is a positive response (code=200) then after the empty line the proxy begins to acts as a tunnel and forwards data. If it is a negative response (code!=200) then connection is closed after the empty line.

    The HTTPTunneling application

    The application act as specified in a configuration file. An entry in the configuration file locks like this:

    <Source port> <Destination address> <Destination port> <Proxy address> <Proxy port>

    If the application is running and an entry in the configuration files changes, the application automatically updates itself.

    For every entry in the configuration file the application creates a port listener. This is a thread that opens a socket on <Source port> and waits for connection. When a request arrives on that port it tries to open a tunnel to the <Destination address>:< port>. If the <Proxy address> and <Proxy port> are missing, a direct connection is made. If the field are present it opens a connection to the proxy and sends a CONNECT request using the method specified above. The tunnel construction is made in a separate thread to let the port listener to accept immediatelly new connections. After the connection is established a tunnel object is constructed based on the opened sockets, sockets are marked as non-blocking and the object is passed to manager object. The thread that has created the tunnel is destroyed. Data transfer is made on a single thread. When one of the ends closes the connection the tunnel closes the other and the tunnel is marked as inactive. The manager finds the tunnel inactive and removes it from the list of active tunnels.

    By default the application generates log information in HTTPTunneling.log file. This file can be consulted to find wrong application behaviour.

    Known problems

    • If no data transfer is made the proxy could close the connection, event neither the initiator neither the destination has closed the connection.
    • Proxy authorization may be required. This can be easily solved including in the HTTP request the Proxy-Authorization field.

    History

    June 15, 2000

    • Posted.

    License

    This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

    A list of licenses authors might use can be found here

    Share

    About the Author

    Alex Turc
    United States United States
    No Biography provided

    You may also be interested in...

    Comments and Discussions

     
    QuestionCompilation and execution steps for http tunneling source code Pin
    Anindya Sinha17-Apr-14 9:48
    memberAnindya Sinha17-Apr-14 9:48 
    Questionhelp me Pin
    Member 1005576421-May-13 18:41
    memberMember 1005576421-May-13 18:41 
    GeneralMy vote of 4 Pin
    anderbill8-Nov-10 16:14
    memberanderbill8-Nov-10 16:14 
    General[Message Deleted] Pin
    it.ragester2-Apr-09 21:57
    memberit.ragester2-Apr-09 21:57 
    GeneralQuestion about the method connect!! Pin
    Pitoniso15-May-07 10:02
    memberPitoniso15-May-07 10:02 
    GeneralI've got a Modern Compiler [modified] Pin
    qduaty11-Dec-06 4:03
    memberqduaty11-Dec-06 4:03 
    GeneralBeginner Pin
    paramprocessor27-Nov-06 23:11
    memberparamprocessor27-Nov-06 23:11 
    GeneralHTTP protocol Pin
    renato tome1-Nov-06 16:05
    memberrenato tome1-Nov-06 16:05 
    GeneralRe: HTTP protocol Pin
    renato tome12-Feb-07 15:18
    memberrenato tome12-Feb-07 15:18 
    QuestionC# Implementation?? Pin
    gvanto22-Aug-06 3:52
    membergvanto22-Aug-06 3:52 
    AnswerRe: C# Implementation?? Pin
    i0016-Apr-13 14:13
    member i0016-Apr-13 14:13 
    QuestionRedircting data from one tcp port to another Pin
    Pankajs_comp31-May-06 20:40
    memberPankajs_comp31-May-06 20:40 
    GeneralSQL via Proxy Pin
    evilnoodle22-Mar-06 22:29
    memberevilnoodle22-Mar-06 22:29 
    QuestionI have a question about proxy ISA2000 ? Pin
    catclaw200016-Jan-06 15:40
    membercatclaw200016-Jan-06 15:40 
    Generaltunnelling for VNC Pin
    georgenew4-Aug-05 4:34
    membergeorgenew4-Aug-05 4:34 
    AnswerRe: tunnelling for VNC Pin
    Pankaj Sahasrabudhe28-May-08 1:12
    memberPankaj Sahasrabudhe28-May-08 1:12 
    GeneralRe: tunnelling for VNC Pin
    anderbill8-Nov-10 16:17
    memberanderbill8-Nov-10 16:17 
    GeneralWebsense _HELP Pin
    ANON-13-Mar-05 23:47
    sussANON-13-Mar-05 23:47 
    GeneralAutorisation - how Pin
    cnkKlau16-Feb-05 12:12
    susscnkKlau16-Feb-05 12:12 
    Generalconaito VoIP ActiveX SDK Pin
    Attila Szappan13-Dec-04 3:06
    sussAttila Szappan13-Dec-04 3:06 
    GeneralRe: conaito VoIP ActiveX SDK Pin
    brian scott10-Apr-06 4:39
    memberbrian scott10-Apr-06 4:39 
    GeneralRe: conaito VoIP ActiveX SDK Pin
    andyjones129-Jun-09 23:16
    memberandyjones129-Jun-09 23:16 
    QuestionCan tunnel solve nat/port forwarding problems? Pin
    Anonymous26-Nov-04 19:07
    sussAnonymous26-Nov-04 19:07 
    QuestionAny way to reduce .exe file size? Pin
    JList8-Aug-04 15:55
    memberJList8-Aug-04 15:55 
    GeneralMemory leak problem Pin
    Le Hong Anh6-Jun-04 19:11
    memberLe Hong Anh6-Jun-04 19:11 
    Generalvoip ocx , voip activex , voip lib Pin
    hasnat ahmad2-Jan-04 0:37
    susshasnat ahmad2-Jan-04 0:37 
    GeneralConnect to SMTP Pin
    taualex4-Nov-03 1:30
    membertaualex4-Nov-03 1:30 
    GeneralFree Firewall With Source Code Pin
    xiamy3-Nov-03 5:52
    memberxiamy3-Nov-03 5:52 
    GeneralRe: Free Firewall With Source Code Pin
    Ed K11-Feb-04 4:20
    memberEd K11-Feb-04 4:20 
    GeneralRe: Free Firewall With Source Code Pin
    jproffer20-Jun-04 5:50
    memberjproffer20-Jun-04 5:50 
    Generalwan miniport driver Pin
    drogoin22-Oct-03 12:46
    memberdrogoin22-Oct-03 12:46 
    GeneralHijacking UDP packets and getting through a firewall Pin
    Kieran7726-Mar-03 3:51
    sussKieran7726-Mar-03 3:51 
    GeneralRe: Hijacking UDP packets and getting through a firewall Pin
    Lorca6-Aug-03 20:28
    sussLorca6-Aug-03 20:28 
    GeneralRe: Hijacking UDP packets and getting through a firewall Pin
    evilnoodle22-Mar-06 22:37
    memberevilnoodle22-Mar-06 22:37 
    GeneralRe: Hijacking UDP packets and getting through a firewall Pin
    MMs_xH26-Jun-04 20:00
    memberMMs_xH26-Jun-04 20:00 
    Generalproxy authorization problem Pin
    Manjit17-Feb-03 22:21
    memberManjit17-Feb-03 22:21 
    GeneralNo response from proxy Pin
    geecka22-Jan-03 17:34
    membergeecka22-Jan-03 17:34 
    GeneralNo response Pin
    Rishik200315-Nov-03 5:11
    memberRishik200315-Nov-03 5:11 
    GeneralRe: No response Pin
    Justin Deltener19-Nov-03 11:11
    memberJustin Deltener19-Nov-03 11:11 
    GeneralRe: No response Pin
    Anonymous20-Nov-03 20:37
    sussAnonymous20-Nov-03 20:37 
    GeneralSMTP through a proxy Pin
    Rishikus200320-Nov-03 21:07
    memberRishikus200320-Nov-03 21:07 
    GeneralRe: SMTP through a proxy Pin
    Justin Deltener21-Nov-03 1:42
    memberJustin Deltener21-Nov-03 1:42 
    GeneralRe(2): SMTP through a proxy Pin
    Rishikus200323-Nov-03 0:16
    memberRishikus200323-Nov-03 0:16 
    GeneralHTTP Tunneling question Pin
    Wally_wu21-Jan-03 20:57
    memberWally_wu21-Jan-03 20:57 
    GeneralRe: HTTP Tunneling question Pin
    Rishikus200323-Nov-03 0:27
    memberRishikus200323-Nov-03 0:27 
    QuestionWhat if Destination-Adress is another proxy ??? Pin
    Agent_White10-Jan-03 8:58
    memberAgent_White10-Jan-03 8:58 
    AnswerRe: What if Destination-Adress is another proxy ??? Pin
    friedrichfischer22-Feb-04 2:33
    memberfriedrichfischer22-Feb-04 2:33 
    GeneralTunnel Implementation Pin
    Mars_John25-Dec-02 23:03
    memberMars_John25-Dec-02 23:03 
    GeneralRe: Tunnel Implementation Pin
    http newbie17-May-03 4:39
    susshttp newbie17-May-03 4:39 
    GeneralPeer-to-peer Firewalled Pin
    Maff18-Nov-02 9:08
    sussMaff18-Nov-02 9:08 

    General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

    Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

    | Advertise | Privacy | Terms of Use | Mobile
    Web01 | 2.8.150731.1 | Last Updated 15 Jun 2000
    Article Copyright 2000 by Alex Turc
    Everything else Copyright © CodeProject, 1999-2015
    Layout: fixed | fluid