Http-Tunnel Question

[jerome.athias at free.fr (Jerome Athias)]

Thomas Werth a ?crit :
> Hi,
>
> Actual i tested how to leak a firewall using http-tunnel. Using software
> from http://www.http-tunnel.com/ makes it quite easy, additional i found
> gnu http tunnel beeing open source. So i guess including this in ones
> evil planes might be easy.
>
> Blocking first one is easy by forbidding proxy end hosts, but second one
> with random "tunnel end servers" seems to be impossible. Am i wrong ,
> are there other tricks to stop it ( firewalling each host with personal
> firewall for example ) ?
>
> Now my question :
> Would it be easy to create a http-tunnel payload , so an attack can be
> connect back through firewall to outside and infiltrate a firm intranet
> ? Maybe with an auto-proxy setting from i.e. or similar ?
>
> Or is size for this payload to big to fit into an overflow , so only
> really spezialied hackers are able to create such hacks ?
>
> Target of my question is :
> May this vuln be exploited ( in future ) by a worm or more likley only a
> vision for a good hacker with high motivation ?
>
> Would it be possible to add such a payload into metasploit ?
>
> greets
> Thomas
Hi,

a nice little tool i recently found about this subject is 
"ConnectTunnel" by Benjamin CAILLAT.
It uses the CONNECT method to creates a tunnel through a proxy and so 
bypass a firewall (think about HTTPS)
it also includes passive FTP connection management
it works both on Windows and Linux

you could give it a try:
http://benjamin.caillat.free.fr/ressources/connect_tunnel/ConnectTunnel.zip

after that, for MSF payload i actually don't know more...

/JA