Proxy: Difference between revisions
(New page: == References == * For SSH, check excellent page on [http://wiki.yobi.be/wiki/Bypass_Proxy Yobi wiki] on how to bypass corporate proxy using SSH. * [http://www.freeproxy.ru/en/free_proxy/f...) |
No edit summary |
||
| Line 16: | Line 16: | ||
== Bypassing proxy - HTTP == |
== Bypassing proxy - HTTP == |
||
The principle is to install a software on local machine that will map local port to |
The principle is to install a software on local machine that will map local port to the target server port. The desired application will then connect to this local port, and all traffic is transfered by this extra software, through the proxy. They are basically 2 methods: |
||
* '''SSL/CONNECT''' - This method doesn't require a remote host server, but requires proxy to support SSL/CONNECT command (which usually is not the case). Also traffic is not encrypted (and so all activity is visible in the proxy log in clear).<br/>Bypass software opens a port locally. When application connects to that port, the bypass sw first sends a <tt>CONNECT</tt> command to the proxy, that will establish a connection to the target host/port, and then that will simply feed all traffic from the local port through this newly opened connection.<br/>Note that CONNECT command does not ''per se'' imply SSL protocol, but is used by SSL to establish connection. So the target server does not need to support SSL on the target port. This is actually a mere ''port forwarding''. |
|||
* Without a remote host server. It requires the proxy to support SSL/CONNECT commands (usually blocked). Traffic is not encrypted. |
|||
* |
* '''Tunneling''' - This method assumes user has an access to a remote host that will forward all traffic from the proxy to the target server/port. There are some public proxies offering this services. Alternatively user may set up his own relaying remote host with some custom server software. This method supports encryption if this intermediate host does have support for it (SSH forwarding). |
||
=== Using HTTHost + HHTPort === |
=== Using HTTHost + HHTPort === |
||
[http://www.htthost.com/ HTTHost+HTTPort] is a free HTTP Tunneling package, |
[http://www.htthost.com/ HTTHost+HTTPort] is a free HTTP Tunneling package, that supports both methods described above. ''HTTHost'' is the client software, and ''HTTPort'' is the software that can be used to setup a remote relaying server. Installation is quite straightforward. |
||
<font color="red">'''! Privacy/confidentiality Issues!'''</font> - In ''remote host'' mode, if no remote host is specified, HTTHost will then automatically try to connect to some public proxies. This means that all unencrypted data (including passwords) will be send to these public proxies. If that's an issue, then for maximum safety choose explicitly mode ''SSL/CONNECT'', and don't use option ''auto''. |
|||
== Using <tt>'''socat'''</tt> == |
== Using <tt>'''socat'''</tt> == |
||
Revision as of 23:03, 23 September 2008
References
- For SSH, check excellent page on Yobi wiki on how to bypass corporate proxy using SSH.
- Good FAQ on proxy.
- HTTHost+HTTPort is a free software to create a HTTP tunnel through a proxy to connect to any remote host/port (using SSL/CONNECT). It also provides software to run a remote host to which HTTHost can tunnel through.
- List of free HTTP proxies:
Bypassing proxy - SSH
Check Yobi wiki page above to bypass proxy using SSH.
Example of commands to connect to remote IMAP server, tunneling through a SSH proxy:
ssh -f -N -R143:ton.imap.server:143 un.serveur.ssh.quelconque
Bypassing proxy - HTTP
The principle is to install a software on local machine that will map local port to the target server port. The desired application will then connect to this local port, and all traffic is transfered by this extra software, through the proxy. They are basically 2 methods:
- SSL/CONNECT - This method doesn't require a remote host server, but requires proxy to support SSL/CONNECT command (which usually is not the case). Also traffic is not encrypted (and so all activity is visible in the proxy log in clear).
Bypass software opens a port locally. When application connects to that port, the bypass sw first sends a CONNECT command to the proxy, that will establish a connection to the target host/port, and then that will simply feed all traffic from the local port through this newly opened connection.
Note that CONNECT command does not per se imply SSL protocol, but is used by SSL to establish connection. So the target server does not need to support SSL on the target port. This is actually a mere port forwarding. - Tunneling - This method assumes user has an access to a remote host that will forward all traffic from the proxy to the target server/port. There are some public proxies offering this services. Alternatively user may set up his own relaying remote host with some custom server software. This method supports encryption if this intermediate host does have support for it (SSH forwarding).
Using HTTHost + HHTPort
HTTHost+HTTPort is a free HTTP Tunneling package, that supports both methods described above. HTTHost is the client software, and HTTPort is the software that can be used to setup a remote relaying server. Installation is quite straightforward.
! Privacy/confidentiality Issues! - In remote host mode, if no remote host is specified, HTTHost will then automatically try to connect to some public proxies. This means that all unencrypted data (including passwords) will be send to these public proxies. If that's an issue, then for maximum safety choose explicitly mode SSL/CONNECT, and don't use option auto.
Using socat
socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It is a very powerful utility that can be used to establish connection between various type of interfaces (TCP/Serial/...).
Manpages are here.
Example of commands to open a local port 143, that maps to a remote IMAP server through corporate proxy:
/usr/local/bin/socat -ly 'TCP4-LISTEN:143,reuseaddr,fork' PROXY:ton.imap.server:143|TCP:134.27.168.36:8080