Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: connect method through a https proxy

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default connect method through a https proxy

    hi guys

    i made a couple of searches but didn't find anything related to my question so i decided to start a topic

    i am trying to use the CONNECT http method through a proxy to access my home computer from the office (which as you already guess, has a firewall which blocks access to ports 22, etc)

    i found a https proxy (googled for a proxy checker, and seems ok)

    bt ~ # nc -nvv 83.149.83.162 80
    (UNKNOWN) [83.149.83.162] 80 (http) open
    CONNECT 1.2.3.4:443 HTTP/1.0
    sent 29, rcvd 0
    as you can see I've managed to connect to the proxy but when I try to CONNECT to my home computer:443 it just hangs there ... received zero

    what do you think about this?

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    According to http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html CONNECT is/was a reserved method, are you sure it was ever actually implemented? Are you sure the proxies you're using accept it?

    Also note you specified HTTP 1.0 you may need to specify 1.1.

    Also according to http://www.web-cache.com/Writings/In...nneling-01.txt after your connect you should get a 200 back stating the connection was established.

    http://en.wikipedia.org/wiki/Tunneling_protocol seems to suggest you should be issuing the CONNECT to the proxy, getting a connection and then issuing a GET to your computer:443. Though it also notes that many proxies restrict access to the CONNECT method. (I suggest doing a OPTIONS request to the proxy server to see if it supports CONNECT).

    Edit: Ok so I kept reading more and more while I was posting so take it all with a grain of salt.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by bluerratiq View Post

    i found a https proxy (googled for a proxy checker, and seems ok)

    that's gonna be your problem rite there
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  4. #4
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    What about an ssh tunnel? A lot of the time you don't even have to use the tunnel and can just listen on a non-standard port. I use this method all the time to connect to my home computer from school (both of which have firewalls) plus its open source. Check out open-ssh.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by bluerratiq View Post
    what do you think about this?
    I think that depending on your organisations usage policies this could get you disciplined or fired. I work in the IT Security Team at my organisation and I can tell you that I wouldn't take it lightly if I found that someone in my organisation was doing this.

    Id check your usage policy before going any further. On the off chance that this is not against your organisations usage policy, I will say that if you want to use a proxy to tunnel traffic past a firewall (which is what I assume you are dealing with) you have to tunnel that traffic over a channel that is allowed past that firewall. Depending on the capabilities of the firewall this could require your traffic to match a particular combination of source/destination IP address, layer 4 protocol (TCP/UDP), source/destination port and even a particular layer 5 or above protocol (e.g. HTTP or HTTPS) if the firewall does application level inspection.

    So for example, if your organisations firewall only allows outgoing traffic from a particular set of servers on TCP port 80 and port 443, then your traffic would need to be tunneled to appear to come from one of those servers, must use the TCP protocol and must be destined for port 80 or 443. So in this circumstance running a proxy server on your own system wouldn't work and trying to tunnel through an existing proxy server running on one of the allowed IP addresses wont work unless that proxied traffic was destined for port 80 or port 443 on an external server. This setup will prevent a proxy running on an allowed address from connecting to an ssh server (running on port 22), and will even stop connection to web servers running on non standard ports. Of course many other combinations of allowable firewall rules are possible, so you need to determine whats allowed before you can get this to work.

    The CONNECT method on a proxy server should allow you to make a SSL connection via that proxy server to another system. The proxy server will basically just pass the traffic directly between the source and destination systems. Try doing this with a https web page connection in a lab and inspecting the traffic at various points to get an idea of how it works (the data portion of the packets will be encrypted when captured off the wire but you should get an idea of whats happening).
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6

    Default

    Quote Originally Posted by bluerratiq View Post
    hi guys

    i made a couple of searches but didn't find anything related to my question so i decided to start a topic

    i am trying to use the CONNECT http method through a proxy to access my home computer from the office (which as you already guess, has a firewall which blocks access to ports 22, etc)

    i found a https proxy (googled for a proxy checker, and seems ok)



    as you can see I've managed to connect to the proxy but when I try to CONNECT to my home computer:443 it just hangs there ... received zero

    what do you think about this?
    What kind of connection to your home computer do you wish to make?
    You are connecting to an http proxy, then you said you tried to connect to your home via https. I doubt if http understands/can make the certificate exchange to a 443 (SSL) port. Keep in mind, even if you do get this connection to work, you will be limited to http (or maybe https). Your best bet, as mentioned before, is to try SSH/SFTP over a non-standard port (port 80 or 443 for example). There are numerous legitimate proxy services out there you could get an account with if you really desire this. I wouldn't even think of using some anonymous "found" proxy to connect back to my home. Too many of them are trojaned, sniffed, backdoored, instrumented etc...

  7. #7
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by cybrsnpr View Post
    There are numerous legitimate proxy services out there you could get an account with if you really desire this. I wouldn't even think of using some anonymous "found" proxy to connect back to my home. Too many of them are trojaned, sniffed, backdoored, instrumented etc...

    I was just gong to point this out as i forgot to in my other post. You can pick up a ssh server for yourself, for around $20 a year. Just take a look at what hosting company's offer.

    I found a coupon for mine that brought it down from $100 a year to like $30. Now i can ssh tunnel whenever im away from home. Puts a nice smile on your face to know you can reasonably use a unprotected AP without having to worry.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  8. #8
    Junior Member
    Join Date
    Aug 2007
    Posts
    55

    Default

    Why do you want to connect through your proxy to another proxy? The corporate proxy should support ssl as well. (unless you want to proxychain).
    Tunneling ssh straight through a proxy doesn't usually work. Most proxies are configured to only allow the http protocol.
    Also to use CONNECT (@thorin: which is what proxies use... this is the method that defines a proxy) over ssl, via netcat, you have to use something that understands SSL (thats why your connection hangs): http://proxytunnel.sourceforge.net/

    Once you set up your tunnel, you can use ssh to tunnel over https. (and, as stated before, if the proxy only allows CONNECT to 80 and 443, just make your ssh server listen at that port)

    NOTE: Some proxies use authentication via NTLM. Not sure if proxytunnel supports thsi at the moment.

    EDIT: it supports NTLM and the man page explains how to use in combination with SSH

  9. #9
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    Quote Originally Posted by AnActivist View Post
    What about an ssh tunnel? A lot of the time you don't even have to use the tunnel and can just listen on a non-standard port. I use this method all the time to connect to my home computer from school (both of which have firewalls) plus its open source. Check out open-ssh.
    I was about to use proxytunnel (which uses openssh's proxycommand)... but I wanted to settle down this method too ...

    @lupin - thanks for the detailed info ..

    I will say that if you want to use a proxy to tunnel traffic past a firewall (which is what I assume you are dealing with)
    that's right ... just for learning purposes, nothing else
    I am allowed to get out through the firewall to 80,443,8080 ... which is enough I think
    I can connect to a proxy:8080 || :80 or can make my sshd listen to 80/443/8080

    if the firewall does application level inspection.
    is there any method to check this ?
    I think one of them is to make the above setup ... to connect to mysshd:80 and if it wont connect I guess the firewall is inspecting the content too and will notice that other protocol than http is trying to get by

    What kind of connection to your home computer do you wish to make?
    i was trying to:
    1. connect to a https proxy (which supports CONNECT method)
    2. connect from that https proxy to mysshd:443
    Too many of them are trojaned, sniffed, backdoored, instrumented etc...
    thanks for the heads-up

    @barbsie - i've managed to use proxytunnel to connect to a ftp server

    you have to use something that understands SSL (thats why your connection hangs)
    fair enough, couldn't think about this, but maybe you are right

    @thorin
    after your connect you should get a 200 back stating the connection was established.
    if i did not get 200 back it means that I am not connected so maybe this is why CONNECT wouldn't work
    the OPTIONS wouldn't work either

    so the only thing that I can think of is that the proxy's that I've used sucked big time ...

  10. #10
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by bluerratiq View Post
    @lupin - thanks for the detailed info ..
    No problem.

    Quote Originally Posted by bluerratiq View Post
    that's right ... just for learning purposes, nothing else
    I am allowed to get out through the firewall to 80,443,8080 ... which is enough I think
    I can connect to a proxy:8080 || :80 or can make my sshd listen to 80/443/8080
    If you can make direct connections from your desktop machine to any machine on the Internet on any of those ports (which Im assuming are TCP ports) then you should be able to setup a tunnel using any TCP application to those ports. The only thing that will complicate things is whether any application level inspection or transparent proxying is occurring. Which brings me to...

    Quote Originally Posted by bluerratiq View Post
    is there any method to check this ?
    I think one of them is to make the above setup ... to connect to mysshd:80 and if it wont connect I guess the firewall is inspecting the content too and will notice that other protocol than http is trying to get by
    If you know the brand/type of the firewall you can of course check its capabilities, but this is kind of hit and miss unless you can view the devices configuration. The best way is to try various tests.

    The quickest and easiest way to test this is to try connecting over those ports with various higher level protocols to an external server you control. First try http, then https, then ssh etc. If the ports are allowed through the firewall but certain protocols don't work, its a good bet that transparent proxying or application level inspection is in place. Its pretty much what you suggested above.

    Your best bet then is to tunnel your traffic over the allowed protocols, once you work out what those are by testing.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •