GNU HTTP
Tunnel ( http://www.nocrew.org/software/httptunnel.html )It is an open source HTTP tunnel project, including tunnel server (HTS command) and tunnel client (HTC command), with (x) Nix and windows versions. We use it to build our own tunnel.
1. Static
tunnel.
HTTP tunnel is a completely transparent channel, which directly forwards your connection to the target service port, so when you connect to the local listening port of tunnel, it is equivalent to directly connecting to the target service port. For example, if you want to establish a tunnel that can access external POP3 servers, you can establish the following connections:
htc ------------> http proxy ------------------------> hts ------------------------------> POP3 serve
( localhost:8888 ) ( proxyhost:3128 ) (tun nelserver:80 ) (pop3 server:110 )
Run HTC on your own machine, and run HTS on port 80 of the external machine acting as tunnel server. HTC packages the data into HTTP requests, connects to HTS through proxy, and forwards the connection to POP3 server after HTS unpacks. The command is as follows:
On the tunnel server machine:
hts --forward-port pop3 server:110 80
(replace pop3server with the actual IP)
On the local machine:
htc --forward-port 8888 --proxy proxyhost:3128 tunnelserver :80
(replace proxyhost and tunnel server with the actual IP)
With this configuration, you can use outlook or Foxmail to connect to port 8888 of this computer, which is equivalent to connecting to the POP3 server directly.
2. Dynamic
tunnel.
A tunnel to access POP3 service has been established above, but the disadvantage is that only one specified POP3 server can be accessed. To access other servers, another tunnel must be established in the same way, which is very inconvenient. Since HTS can forward the connection to the POP3 server, let it forward to a Socks5 service. It can realize dynamic tunnel. Can it connect to any service? yeah! you 're right! We establish such a connection:
htc ------------> http proxy ------------------------> hts ------------------------------> SOCKS5 serve
( localhost:8888 ) ( proxyhost:3128 ) (tun nelserver:80 ) (socks5 server:1080 )
I won't say the order. Just change it according to the first point. This is equivalent to localhost:8888 Run a Socks5 service, set up your network program (outlook, netant, FlashGet, QQ...), let them access the network through sock5, it's OK.
3. Use HTTP proxy's connect support.
Most HTTP proxies support the connect command, but generally only the 443 (HTTPS) port from connect to the external server. This is to allow access to external HTTPS services. Because the connection of porxy to connect is directly forwarded without any analysis processing or caching, the use of connect can achieve a faster speed.
Because HTS and HTC do not support connect connection, we can use another program, deproxy, which specifically supports connect http://desproxy.sourceforge.net
To create a tunnel. Because you use connect to establish a direct TCP connection, you don't need to package and unpack the data in HTTP format, so you don't need tunnel server, just run a Socks5 on your original HTS machine. The connection is as follows:
desproxy -------------> http proxy ----------------------> SOCKS5 server
( localhost:8888 ) ( proxyhost:3128 ) (tun nelserver:443 )
Usage of the deproxy command:
desproxy remote_ host remote_ port proxy_ host proxy_ port local_ port
Here, remote_ host,remote_ Port is Tun nelserver:443 ,proxy_ host,proxy_ Port is porxyhost:3128 ,local_ Port is 8888.
Note that Socks5 must be running on port 443. If it is running on another port, the connect request will be rejected by HTTP proxy. Again, we are localhost:8888 Get a sock5 service that can access external.
4. The easiest, safest, and fastest way: with SSH + connect.
In fact, SSH provides the function of Socks5. With SSH client or putty, you can set up a Socks5 service locally. Putty also supports HTTP proxy directly. The biggest advantage is that SSH data connection is encrypted to ensure the data security. The connection using SSH is as follows:
Putty (or Plink) ---- > HTTP proxy -------- > ssh server
( localhost:8888 ) ( proxyhost:3128 ) (tun nelserver:443- >22)
First, we need to let ssh server listen on port 443. The default port of SSH is 22. We can modify the configuration of SSH, or redirect port 443 to port 22 with iptables. The configuration of the server is OK. Then create a new session in putty, fill in the IP and port of ssh server; fill in the IP and port of HTTP proxy in the "connection - > proxy" page; fill in the "source por" in the "SSH - > tunnels" page
