Tuesday 18 February 2014

Addressing Blocking Firewall with HTTP Tunnel (Dani Firman)

For Indonesian Language,Klik Here

We know that the firewall in pairs aimed at improving the internal LAN security in order not to be attacked from the outside. Minimizing ports are open, do allow and deny access is through a proxy server and installed so that all data can be accessed through a browser well controlled. That is one good idea and does not act as an Admin if you are not an Admin and also also do not have to regret it because there are still many roads lead to Rome. Requirement cuman one, creativity.
Most Admins are tightening rules on the LAN access using a firewall proxy servers typically run applications in order that all clients who are in the network when accessing a web page on the computer constantly monitored and it was one of the roads used by administrators to overcome blocking ports only allow browsing and email access because usually when browsing we also not only connect to port 80 ( www ) but also https ( 443 ) or other ports ( depending on application ) . For example, when you access the Webmin manager or enzyme ( hosting manager ) , log into the admin menu when we have to connect to port 9143 or another port ( depending on the configuration of the application ) , of the port blocking as applied in our network is not possible and imposible to access applications such as Webmin or enzyme then the solution is to run the Proxy Server . Proxy servers usually have wider access ports on the client side compare .

Then if the HTTP Tunnel ?
HTTP Tunnel is an application that allows you to access applications such as telnet , chat , ftp and other Internet applications through a port that is allowed through the port 80 , 8080 or 3128 that typically uses the HTTP protocol to communicate data across a network of computers and the Internet . HTTP Tunnel consists of two applications, namely the client application and server application . Please know also when you perform data communications over the HTTP protocol when the data are in complete request has been sent to your browser automatically webserver or proxy server will disconnect the connection with your browser . Certainly for applications such as Mirc chat or telnet this is certainly not favorable , can you imagine when you just want to get in Dalnet suddenly you lose your connection .
HTTP Tunnel was deliberately made ​​in the two sides of the client and server whose purpose is so that we stay Stay Alive connection and keep you connected, stay connected with the destination server by using the existing limitations on the HTTP protocol . Consider the following picture :
Note the pattern of a serial connection described above. When the data to the server in the HTTP Tunnel, Tunnel Server will automatically forward the data he received from the HTTP Tunnel Client to be sent through the proxy server to the PC through the destination port in want (telnet, chat etc). So here we need a server connected to the Internet has access to connect through a port that we want and this is the server that will act as a Tunnel Server.
For example see, eg Andi wants to chat on the LAN using HTTP Tunnel berfirewall then first he has to put up an HTTP Tunnel Server on another computer and another computer that does not restrict access in the connection. Second, the Andi must run HTTP Tunnel Client on the PC or on another computer that the LAN with the PC Andi. Andi from the LAN IP data obtained as follows: 
  
Andi PC IP = 192.168.0.45 
Proxy Server in LAN = 192.168.0.1 port 8080 

For the ease of running the HTTP Tunnel Client Andi on his own PC and he also had to install HTTP Tunnel Server in Server / other PC connected to the Internet is IP = 204.13.27.189, incidentally si Andi Dalnet want to chat on the server then the connection patterns that occur are : 
192.168.0.45___localhost___192.168.0.1 port 8080 __ 204.13.27.189 __ Dalnet.
Flow connections are bidirectional. Okay now we go straight to the installation of HTTP Tunnel. Previously please you download apps on the site Packetstormsecurity HTTP Tunnel.
Windows User : http://adf.ly/dmpcd
Linux User       : http://adf.ly/dmq3O

For HTTP Tunnel for win32, there are three files in it are : 
a. hts.exe (Server Tunnel) 
b. htc.exe (Client Tunnel) 
c. Cygwin1.dll (required for both) 
For those of you who want to install HTTP Tunnel Server in unix / linux can install it in the following way :

[xnuxer@lab]$ tar –zxvf httptunnel-3.0.tar.gz
[xnuxer@lab]$ cd httptunnel-3.0   
[xnuxer@lab httptunnel-3.0]$  ./configure
[xnuxer@lab httptunnel-3.0]$  make          

At this point you can already use HTTP Tunnel from the local directory. If you want to install the HTTP Tunnel and put in the / bin directory just type the following command :

[xnuxer@lab httptunnel-3.0]#  make check
[xnuxer@lab httptunnel-3.0]#  make install

There is no difference in the command to the HTTP Tunnel for linux with that for windows. You just have to type the command helpnya hts htc-h or-h.

Usage: HTS [OPTION]... [PORT]
Listen for incoming httptunnel connections at PORT (default port is 8888).
When a connection is made, I/O is redirected to the destination specified
by the --device, --forward-port or --stdin-stdout switch.

  -c, --content-length BYTES     use HTTP PUT requests of BYTES size
                                 (k, M, and G postfixes recognized)
  -d, --device DEVICE            use DEVICE for input and output
  -F, --forward-port HOST:PORT   connect to PORT at HOST and use it for
                                 input and output
  -h, --help                     display this help and exit
  -k, --keep-alive SECONDS       send keepalive bytes every SECONDS seconds
                                 (default is 5)
  -M, --max-connection-age SEC   maximum time a connection will stay
                                 open is SEC seconds (default is 300)
  -s, --stdin-stdout             use stdin/stdout for communication
                                 (implies --no-daemon)
  -S, --strict-content-length    always write Content-Length bytes in requests
  -V, --version                  output version information and exit
  -w, --no-daemon                don't fork into the background
  -p, --pid-file LOCATION        write a PID file to LOCATION

Report bugs to bug-httptunnel@gnu.org.

Under the help command to the HTTP Tunnel Client :

Usage: HTC [OPTION]... HOST[:PORT]
Set up a httptunnel connection to PORT at HOST (default port is 8888).
When a connection is made, I/O is redirected from the source specified
by the --device, --forward-port or --stdin-stdout switch to the tunnel.

  -A, --proxy-authorization USER:PASSWORD  proxy authorization
  -z, --proxy-authorization-file FILE      proxy authorization file
  -B, --proxy-buffer-size BYTES  assume a proxy buffer size of BYTES bytes
                                 (k, M, and G postfixes recognized)
  -c, --content-length BYTES     use HTTP PUT requests of BYTES size
                                 (k, M, and G postfixes recognized)
  -d, --device DEVICE            use DEVICE for input and output
  -F, --forward-port PORT        use TCP port PORT for input and output
  -h, --help                     display this help and exit
  -k, --keep-alive SECONDS       send keepalive bytes every SECONDS seconds
                                 (default is 5)
  -M, --max-connection-age SEC   maximum time a connection will stay
                                 open is SEC seconds (default is 300)
  -P, --proxy HOSTNAME[:PORT]    use a HTTP proxy (default port is 8080)
  -s, --stdin-stdout             use stdin/stdout for communication
                                 (implies --no-daemon)
  -S, --strict-content-length    always write Content-Length bytes in requests
  -T, --timeout TIME             timeout, in milliseconds, before sending
                                 padding to a buffering proxy
  -U, --user-agent STRING        specify User-Agent value in HTTP requests
  -V, --version                  output version information and exit
  -w, --no-daemon                don't fork into the background

Report bugs to bug-httptunnel@gnu.org.

Once all applications have been installed tunnel, now you are ready to use it. Now learn how to use an application server and his client. 

HTTP Tunnel Server :
[xnuxer@lab httptunnel-3.0]$ ./hts -F mesra.kl.my.dal.net:7000 8034
[xnuxer@lab httptunnel-3.0]$ ps -ax|grep hts
21910 ?        S      0:00 ./hts -F mesra.kl.my.dal.net:7000 8034
[xnuxer@lab httptunnel-3.0]$

The purpose of the command hts above is HTTP Tunnel Server will connect and forwards the data to be sent every HTTP Tunnel Client through a proxy server to server mesra.kl.my.dal.net and will serve any client data tunnel through port 8034 . For Windows users, commandnya same and there is no difference. 

HTTP Tunnel Client: 

Assuming we run HTTP Tunnel Client on our own PCs. For windows users you need to run the tunnel client from the DOS prompt. Then the command :

htc –P 192.168.0.1:8080 –F 1080 202.145.0.89:8034

The purpose of the above command is run tunnel client and forwards any data that are connected via port 1080 and sends the data to the HTTP-Tunnel Server IP 202.145.0.89 air through a proxy server port 8034 local air-port IP 192.168.0.1 8080. 

There are times when a proxy server using user authentication and password, then you can add the option-A to htc like the following example :

htc –P 192.168.0.1:8080 –A user:password –F 1080 202.145.0.89:8034

Easy is not it? This application also I have tried and succeeded well. Consider some of the following images :

Okay successful :) and you have successfully run the application tunnel. Good luck!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)