-
You can proxy TCP traffic over HTTP.
A basic setup would be:
[Your TCP target] <--TCP-- [Exit Node] ^ | HTTP | [Your TCP client] --TCP--> [Entry Node]
-
I was bored.This allows you to reach servers behind a HTTP reverse proxy.
Suddenly you can do SSH to a server which is behind a NGINX proxy.If you have for example a HTTP gateway, you can now also have a TCP gateway.
-
If a server only opens port 80, nobody expects you to tunnel through and reach the SSH server.
Security wise, no admin would want this tool on their server without them knowing.
- get yourself a rust toolchain via rustup https://www.rust-lang.org/tools/install
- go nightly:
rustup default nightly
-
cargo install --locked --git https://github.com/julianbuettner/tcp-over-http
Note:
If you want to use the stable version, checkout tag rocket-stable
,
which uses rocket and can be build with stable.
-
cargo install --locked --git https://github.com/julianbuettner/tcp-over-http --tag rocket-stable
Replace tcp-over-http
by cargo run --release --
if you have not installed the binary.
tcp-over-http --help
# Start our exit node to reach our SSH server (default listen localhost:8080)
tcp-over-http exit --help
tcp-over-http exit --target-addr localhost:22
# Start our entry node (default listen localhost:1415)
tcp-over-http entry --help
tcp-over-http entry --target-url http://localhost:8080/
# Test it
ssh localhost -p 1415
This package is not optimized for stability or speed.
Setup
# Terminal 0 - Netcat listening
nc -l 1234 > /dev/null
# Terminal 1 - Exit Node
tcp-over-http exit --target-addr localhost:1234
# Terminal 2 - Entry Node
tcp-over-http entry --target-url http://localhost:8080/
# Terminal 3 - Sending \0 data
# Using pipeviewer (pv) to see current data rate
time cat /dev/zero | pv | nc localhost 1415