HTTP tunnel principle and firewall penetration method-1

HTTP tunnel principle and firewall penetration method-1

TunnelMany articles are interpreted as "Tunnel" and "channel ".

Tunnel is a communication method that bypasses the firewall port shielding, which can effectively shield the firewall from the port.

Principle:
Packets at both ends of the firewall are encapsulated on the data packet type or port allowed by the firewall, and then communicate with the peer end through the firewall. When the encapsulated data packet arrives at the destination, the data packet is restored, and send the restored data packets to the corresponding service process.

Example:
Host a is protected by the firewall after the firewall. The access control principle configured by the firewall is to allow data from port 80 only, and shield all other ports. The host B system is open outside the firewall. What should I do if I need to telnet from system A to system B?
Normal telnet is certainly impossible, but we know that only port 80 is available, so using HTTP tunnel at this time is a good way. The idea is as follows: run a tunnel client on machine A to let it listen to an unused arbitrary specified port (Port> 1024 and port <65535) on the local machine, such as 1234. at the same time, direct the data from Port 1234 to port 80 of the remote machine (B) (note that port 80 is allowed by the firewall), and then run a tunnel server on machine B, listen on port 80, and then switch the data received on port 80 (data sent from the tunnel client) to the local telnet service port 23.

According to the preceding settings, the data process is:

[Telnet.exe: Any port] ---> [tunnel client.exe: 1234] ----> [firewall] ----> [tunnel server.exe: 80] ----> [Telnet server.exe: 23]

Note:
Telnet.exe and tunnel client.exe are on the same machine.
Tunnel server.exe and telnet server.exe are on the same machine.

Follow the flowchart:
Telnet.exe: transfers the sent data to port 1234 of tunnel client.exe.
Tunnel client.exe sends the data to tunnuel server.exe: 80 (this time port 80 is connected to the Internet machine, so the firewall should have no objection)
Friewall only allows inbound and outbound data from port 80.
Tunnel server.exe forwards received data to the Telnet service process and receives data from the telnet service process.
Telnet server.exe transfers the data to tunnel server.exe and sends the data to tunnel client.exe through port 80.