Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I am looking for pointers (and if possible example scripts) about a way to create a general TCP/UDP tunneling application over HTTP.

Since I am a beginner in the field I would welcome anything you can tell me about this. I searched PM and the web about this, but the only examples I found were either UDP or TCP tunneling, and not over HTTP (but TCP).

And to rephrase myself, what I am looking for is a general way of having a client program connect to localhost:someport instead of someoutsidehost:someotherport and have all the communications and data transfers between them be transparent for the client (the client actually "thinking" it is connected directly to someoutsidehost:someotherport).

And to make a long story short, I am looking for an incredibly general and powerful way of piercing firewalls using a remote gateway server running some kind of customized HTTP server...

Does that imply using the packet injection module from CPAN on the remote gateway?

I have also seen and tested SOCKS servers, but this kind of application requires the client to be rewritten (if it does not support proxying in its config). So this is *not* interesting to me.

Thanks for helping!

Replies are listed 'Best First'.
Re: TCP/UDP tunneling over HTTP
by davido (Cardinal) on Apr 02, 2004 at 09:42 UTC
    The CPAN module, Net::HTTPTunnel does TCP based tunnels through HTTP. The POD has this to say about UDP tunnels:

    Unfortunately, this tunneling method only works for tcp connections. There is no equivalent way of doing UDP connections. However, with a bit of ingenuity such a scheme can certainly be devised---imagine again the scenario of a TCP listener on the other end of the tunnel. One could wrap the UDP packets in TCP, transport them through the tunnel, and unwrap them at the other end with very little trouble.


    Dave

[reply]
      Hmmmm, this is a very intereting module indeed, but it still has lots of implementation to be done: it does not support UDP (even though the POD's idea shows the way) and it is not a complete solution because the only thing you get from that module is an open socket (a single function, the constructor, is implemented).

      I cannot believe that nothing like I am looking for has ever been done! For sure I am not the first developer wanting to do something like this, and I hate like merlyn "to reinvent the wheel".

      More wisdom appreciated!
[reply]
        You might find a step for a hint here: http://www.nocrew.org/software/httptunnel.html
[reply]
Re: TCP/UDP tunneling over HTTP
by Fletch (Bishop) on Apr 02, 2004 at 13:02 UTC

    Erm, I seem to recall that at least one version of SOCKS v4 on real OSen (read some flavour of UNIX that had an ld.so which supported LD_PRELOAD) you could transparently SOCKS-ify anything (well, with some caveats about setuid programs not allowing LD_PRELOAD). Search for runsocks in the SOCKS documentation.

[reply]
Re: TCP/UDP tunneling over HTTP
by nimdokk (Vicar) on Apr 02, 2004 at 13:21 UTC
    I'm sure someone will point out my errors in this, but from what I recall, you will have a hard time tunnelling over UDP. The reason, if I remember correctly, is because UDP is a stateless protocal, its typically one-way communications (someone correct me if I am off on that description please, I'm not an expert on TCP/IP). That of course does not mean you cannot encapsulate a UDP packet within an HTTP packet. In fact, that would be a technique that a "Black Hat" might use to get around firewalls and security scanners that check packets since HTTP is typically acceptable. How to do such a thing is a little beyond me.

    "Ex Libris un Peut de Tout"
[reply]
Re: TCP/UDP tunneling over HTTP
by Anonymous Monk on Apr 02, 2004 at 12:16 UTC
    Well a good start might be to just get SSH working over HTTP, because you can already tunnel anything you like over SSH.
[reply]
      As far as I remember you can only tunnel TCP-Connections over SSH.
[reply]
Re: TCP/UDP tunneling over HTTP
by eclark (Scribe) on Apr 02, 2004 at 17:39 UTC
    To save you some trouble, there's a unix program called proxychains that will tunnel any tcp or udp over HTTP or SOCKS.
[reply]

Back to Seekers of Perl Wisdom