A) Not that way. You will be violating HTTP protocol and that wont get through proxy. Even an IDS might rise an alarm, if target network use such a device. Easy detectable, generaly not working.

But there is a solution. Split TCP stream to a 'packets' of data and then transfer these data as a 'CGI script' arguments. Maybe like this:

    /cgi-bin/covert.pl?data=34a5c7ef04
    /cgi-bin/covert.pl?data=20374a53752042
[download]

The back channel will be the 'CGI' response. This way you are efectively making a covert channel, practicaly undetectable. But very slow one :-)

B) look for httunel on freshmeat