Skip to content

A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

Notifications You must be signed in to change notification settings

julianbuettner/tcp-over-http

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

📡 TCP over HTTP

🥦 The Questions

  • 🪃 What does it do?

    You can proxy TCP traffic over HTTP.

    A basic setup would be:

    [Your TCP target] <--TCP-- [Exit Node]
                                    ^
                                    |
                                  HTTP
                                    |
    [Your TCP client] --TCP--> [Entry Node]
    
  • 🍩 Why?

    I was bored.

    This allows you to reach servers behind a HTTP reverse proxy.
    Suddenly you can do SSH to a server which is behind a NGINX proxy.

    If you have for example a HTTP gateway, you can now also have a TCP gateway.

  • 🍾 Why not?

    If a server only opens port 80, nobody expects you to tunnel through and reach the SSH server.
    Security wise, no admin would want this tool on their server without them knowing.

🌲 Installation

Note:
If you want to use the stable version, checkout tag rocket-stable, which uses rocket and can be build with stable.

  • cargo install --locked --git https://github.com/julianbuettner/tcp-over-http --tag rocket-stable

🎺 Usage

Replace tcp-over-http by cargo run --release -- if you have not installed the binary.

tcp-over-http --help

# Start our exit node to reach our SSH server (default listen localhost:8080)
tcp-over-http exit --help
tcp-over-http exit --target-addr localhost:22

# Start our entry node (default listen localhost:1415)
tcp-over-http entry --help
tcp-over-http entry --target-url http://localhost:8080/

# Test it
ssh localhost -p 1415

⌚️ Performance

This package is not optimized for stability or speed.

Setup

# Terminal 0 - Netcat listening
nc -l 1234 > /dev/null

# Terminal 1 - Exit Node
tcp-over-http exit --target-addr localhost:1234

# Terminal 2 - Entry Node
tcp-over-http entry --target-url http://localhost:8080/

# Terminal 3 - Sending \0 data
# Using pipeviewer (pv) to see current data rate
time cat /dev/zero | pv | nc localhost 1415

🏅 Result: 900MiB/s vs 1.3GiB/s (nc | pv > nc)

About

A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

Resources

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages