~ Essays ~
|
|
|
|
essays |
(Courtesy of fravia's advanced searching
lores)
(¯`·.¸ HTTPort ¸.·´¯)
by Dmitry Dvoinikov
published at fravia's searchlores in
May 2000
Do not forget to check the GNU project at [http://www.nocrew.org/software/httptunnel.html] as well
HTTPort
TCP/IP through HTTP tunneling client
Written by Dmitry Dvoinikov < ddvoinikov(AT)geocities(POINT)com>
Download: here (fravia's)
Read FAQ: here.
Table of contents:
1. What is HTTPort for ?
2. More details, advanced usage and surfing privacy
3. Brief manual
4. Limitations
5. System requirements
6. Copyright and distribution policy
7. ToDo and improvements
8. Contributors
1. What is HTTPort for ?
HTTPort allows you to access multiple Internet services,
while being blocked from the Internet with a proxy.
The typical case is as follows: your company policy allows
you to use HTTP Internet web service only. That is, all you
can do is to run your browser and surf around the web.
This prevents anyone within proxy scope from using e-mail,
ICQ, and all other software that uses Internet protocols
different from HTTP. This may include entertainment (online
games, chat, IRC, instant messengers etc.), business (realtime
stock rate monitors, JAVA news browsers etc.) and billions of
other applications.
Internet protocols are stacked. Every protocol works atop
of some other. The basic and most widely used Internet protocol
is TCP/IP. This protocol is the blood of the Internet. Almost
every other Internet protocol relies on TCP/IP services.
The typical software operates as follows (very approximate):
- open a TCP/IP connection to "remote.server.com"
- send and receive data through an open connection
- close connection
HTTP proxy that blocks you from the Internet does not allow
you to connect to an arbitrary host "remote.server.com", thus
preventing the software from operating.
Lucky, there is a way of opening a virtual connection through
a proxy if your proxy supports HTTP protocol version 1.0 or
higher. HTTPort uses this protocol feature.
| Technical note: HTTPort looks similar to SocksCap client,
| but it is different. SocksCap requires that your proxy support
| SOCKS (port 1080), whereas HTTPort relies on HTTP CONNECT
| operator on conventional port 80 (8080, 3128 etc.).
| My proxy did not support SOCKS. :)
Any software can use this technique, so the software described
above could have worked as follows:
- open a virtual TCP/IP connection to "remote.server.com"
through a proxy
- send and receive data through an open connection
- close connection
This works fine even if you are under proxy, but almost none
of the Internet software supports this feature. This is where
HTTPort becomes useful.
HTTPort allows you to emulate any remote service on your local
machine. When HTTPort is running on your computer, the
software you use consider any remote server to be close at hand
(at localhost to be specific). Instead of trying aimless
connection attempts to "remote.server.com", which is impossible
due to proxy, it connects to "localhost", or (synonym) "127.0.0.1".
Both "localhost" and "127.0.0.1" are the predefined literal
addresses that correspond to THIS computer.
When the software connects to "127.0.0.1" your proxy doesn't
even know about it. Actually, connection to "127.0.0.1" will
succeed even if you disconnect the network cable from your
computer.
The further scenario is as follows:
- when HTTPort intercepts the connection to localhost, it
opens the virtual connection to the "remote.server.com"
as described above.
- thus there appears a double link that connects the
software that knows nothing about the proxy, HTTPort
that knows everything about the proxy and the proxy
that knows nothing about the software.
- the behaviour of this double link is indistinguishable
from the behavior of a regular TCP/IP link, from
the software and the remote server point of view.
- HTTPort transfers the data back and forth while knowing
nothing about the nature of the data. This makes it
possible to use it with ANY kind of TCP/IP software.
I will call this process "a mirroring". In the above case I
will say that HTTPort mirrors "localhost:localport" to
"remote.server.com:remoteport".
2. More details, advanced usage and surfing privacy:
Well, there is not much left to say. I found HTTPort to
be VERY useful in one more aspect:
Let's assume a typical situation:
When you are surfing the web, your company proxy logs
all of the sites that you visit, making it possible for
the network administrator to monitor your surfing activity.
Do you like it ? Me - no. Where to surf is a personal
business and the company should better trust the employees
instead of agressively controlling them.
Now, let's take the HTTPort and set it up the following way:
(the described connection configuration already exists
in this package).
- HTTPort should mirror "localhost:8080" to "webcache.dial.pipex.com:3128".
Note, webcache.dial.pipex.com is a large FREE public proxy server.
(I have contacted the PIPEX company and they confirmed that the
proxy is open to be freely used by anyone).
Optionally you may mirror "localhost:8080" to any other web proxy
server you know and you like (different from your company proxy,
of course).
- Your browser should use "localhost:8080" as a web proxy. See your
browser manual on how to achieve that.
- Now surf to "whatever.you.like.com".
- What happens when you surf ? Your company proxy sees that you are
connecting to a large proxy server that is assumed to be safe and
secure. But you proxy does not know where you are actually connecting to
("whatever.you.like.com").
In order to do so, it should analyze the traffic, which is very hard.
- The PIPEX proxy sees that someone from "proxy.yourcompany.com" connects
to "whatever.you.like.com" but it does not know who you are (NOTE,
that your company proxy may reveal some of your details to the
PIPEX proxy, and furthermore to the remote site).
- The "whatever.you.like.com" remote site sees that someone from
"proxy.pipex.com" connects, but it does not know who you are (same NOTE
as above).
This scheme makes it very hard for your local company proxy admin to
monitor your surfing activity.
Are you using HTTPort, or not, you may visit
http://privacy.net/analyze
in order to see what information about yourself is revealed to any
remote site you visit.
Also I can think of many other useful possibilities:
- using HTTPort as mini-proxy
- HTTPort chaining
- etc. etc.
But I won't tell you all of the ideas, for I guess it would be
interesting to you to discover it by yourself :)
3. Brief manual:
When you start up the HTTPort for the first time, it has
no proxy defined. You should enter your company proxy parameters
on the "System" page. Parameters include proxy host name
(name or IP address) and port (typically - 80, 81, 8080, etc.).
The mirroring parameters may be edited on the "Port mapping"
page. The default mappings included in this package include:
- localhost:8080 is being mirrored to webcache.dial.pipex.com:3128
So, set your browser to use localhost:8080 or 127.0.0.1:8080 as a proxy,
and surf safer.
- localhost:25 is being mirrored to smtp.mail.yahoo.com:25
- localhost:110 is being mirrored to pop.mail.yahoo.com:110
The later two allow you to use your free Yahoo! mail account
(if you have one). If you do not, simply modify the mapping -
substitute "your.mail.server.com" instead of
"smtp.mail.yahoo.com" in both mappings.
Now run your favorite mail client and modify its properties
in order for it to use "localhost:25" and "localhost:110" for
SMTP and POP3 servers respectively. This makes it possible
to send and receive e-mail from under a proxy !
Moreover, if you have got more mail accounts, add two more
mappings, mirror another two local ports to
your.another.mail.server.com:25 and
your.another.mail.server.com:10 and here you go.
Click "Start", minimize HTTPort and enjoy :)
4. Limitations:
HTTPort works with any software that uses TCP/IP.
HTTPort DOES NOT work with ICQ. This is due to the fact
that ICQ uses UDP/IP protocol by side of TCP/IP. There
is no way of mirroring UDP/IP protocol through an HTTP proxy.
5. System requirements:
- Windows 9x or Windows NT
- Winsock 1.1
- TCP/IP protocol installed and configured
- HTTP 1.0 compliant proxy server that supports CONNECT operator.
6. Copyright and distribution policy:
HTTPort is written by Dmitry Dvoinikov <[email protected]>
(c) 1999, Dmitry Dvoinikov
HTTPort is freeware. You may distribute it freely, only if
no modifications are made to the original distribution
package. If you wish to use HTTPort with commercial package,
you are free to do it, but you should make no profit on HTTPort
as a part of the package. This means that HTTPort may not be sold
in any way, either explicit or implicit.
HTTPort is provided on "AS IS" basis. No guarantee of any kind.
No warranty of any kind. No responsibility of any kind. I just
give away an application and you just use it if you wish. That's
all.
Almost no support provided. I've tested HTTPort VERY throughly
and consider it to be stable. As always, there is exactly ONE bug,
but I just don't know where is it :)
HTTPort is compressed with freeware
PE-Pack (c) 1998 by ANAKiN
Installer is made with freeware
Freeman Installer (c) 1993-1997 by TipTec Development.
7. ToDo and improvements:
Changed in version 1.1:
+ proxy authorization (basic)
+ connection statistics
+ updates notification
What else ?
Whatever you say :) Don't hesitate to write me your suggestions.
8. Contributors:
Tony Younes
Simone Palla <[email protected]>
Pieter van der Merwe <[email protected]>
Have a nice day :)
Best regards,
Dmitry Dvoinikov
15.12.1999
(c) Dmitry Dvoinikov, published at searchlores.org in May 2000
(c) 2000: [fravia+], all rights
reserved