I am looking for a software to tunnel RDP or other binary TCP traffic through a HTTPS tunnel. Because many clients only have HTTP/S permitted (only port 80 and 443 open in the firewall).
But there's a need to forward RDP (and other protocols) from machines in DMZ to clients.
7
View large function description
Is there any kind of open source or enterprise software for this problem?
Bad solutions
Solutions like F5 big ip has the problem that I have to create the connection configuration with this software. If it would be possible to do this by use of an api it would be an good solution. But i would prefer only to get the tunnel component without bying a whole gateway software. Beacuse i need to create tunnels (1000ds of) out of my own software and its a need to restrict tunnel access to permitted user (Identifyed by session cookie)
Good solutions
http://http-tunnel.sourceforge.net/
If it would be possible that the tunnel client would not be a dedicated server but a java applet of flash running within the clients browser, it would match by 100% my needs.
There are a huge number of projects that tunnel TCP over HTTP(S). You will have to do a bit of work to select the one that best suits your needs (and probably modify it slightly).
SuperTunnel (Java). Looks nice, they seem to have given some thought to how to deal with not-well-behaved proxies.
JHttpTunnel (Java). A port of gnu httptunnel, I think uses the same network protocol.
Netty HTTP Tunnel (Java, part of Netty, a very nice networking library; sample code). I think this requires both client and server to use Netty, but aside from that is a drop-in replacement for the regular sockets in Netty.
ProxyChains (C, Unix, very popular)
GNU httptunnel (C, no HTTPS support, this is probably the granddaddy of all http tunnels)
node-http-tunnel (Node.js), Net::HTTPTunnel (Perl), nRedir (Python), Corkscrew, htunnel, ...
I think SuperTunnel and JHttpTunnel can both be included in an applet or Java app of your own on the client side, they do not need to run as standalone proxies.
Netty will also do that, but (I think) it requires that your server also use Netty: in other words, it allows you to replace regular TCP connect()
to a server using Netty with TCP-over-HTTP connect()
, but does not proxy arbitrary connections to other servers (unless you write your own simple proxy).
If you are on the windows world I would strongly suggest to take a look at Windows 2008/2008R2/2012 SSTP VPN service. It uses the 443 port, and can be co-hosted with IIS (on 443). It works like a charm on Windows Vista / 7 / 8. I have heard about mac OSX solutions but not there yet.
However there is the good old solution of SSH.
If on linux, just install an openssh-server. If on windows, get and install an OpenSSH Server (e.g. copSSH from itefix https://www.itefix.no/). Modify the port to be using 443 instead of default 22.
On the client side can then use Putty ( http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html ) or kitty ( http://kitty.9bis.net/ ) on windows or any kind of SSH client in any OS to connect to your server through port 443 (where your SSH server is listening to).
Instructions on tunneling via putty for instance can be found on several sites:
- http://oldsite.precedence.co.uk/nc/putty.html
- http://www.damtp.cam.ac.uk/user/jp107/xp-remote/web-tunnel/
Always remember that you have to point to your local host to do this.
On Windows there is also MyEnTunnel ( http://nemesis2.qx.net/pages/MyEnTunnel ) to simplify the procedure of tunnel configuration and maintenance.
Exploiting this tunnel on a browser is extremely easy: Just tell your browser that you have a socks proxy on a local port (e.h. localhost 8080) that you just configured in your client (putty, kitty, myentunnel or whatever else).
I wrote one called sshh.
http://sourceforge.net/projects/sshh/
I went a little nuts, it actually lets you make connections backwards through it.