Security Basics mailing list archives

Re: remote admin program that uses http encaspulation

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 23 Aug 2005 18:30:41 +0300 (IDT)

On Mon, 22 Aug 2005 fad3r () hushmail com wrote:

I would like to show a client that although he has a proxy server
set up that it is still possible to abuse it and connect remotely
to servers on the outside via a remote program that uses http
encapsulation.

I tested this with dameware and pcanywhere and both do not seem to
support it.  Does anyone know a program that does this?  It does
not have to be very robust, just enough to give a console session.


http://proxytunnel.sourceforge.net/intro.html:

 ``ProxyTunnel is a program that connects stdin and stdout to a server
 somewhere on the network, through a standard HTTPS proxy. We mostly
 use it to tunnel SSH sessions through HTTP(S) proxies, allowing us
 to do many things that wouldn't be possible without ProxyTunnel.

 Proxytunnel can currently do the following:

    * Create tunnels using HTTP and HTTPS proxies (That understand the
      HTTP CONNECT command).
    * Work as a back-end driver for an OpenSSH client, and create SSH
      connections through HTTP(S) proxies.
    * Work as a stand-alone application, listening on a port for
      connections, and then tunneling these connections to a specified
      destination.''

-- 
Regards,
ASK

Current thread:

remote admin program that uses http encaspulation fad3r (Aug 23)
- Re: remote admin program that uses http encaspulation Alexander Klimov (Aug 23)
- Re: remote admin program that uses http encaspulation Devdas Bhagat (Aug 23)