Article delegate-en/4422 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: TCP to HTTP encapsulation
18 Mar 2009 00:19:34 GMT (Yutaka Sato)
The DeleGate Project


In message <_A4421@delegate-en.ML_> on 03/18/09(00:55:06)
you Emerson Gomes <> wrote:
 |My question, is it possible to use pure HTTP to encapsulate TCP connections?
 |I know I can use a HTTP proxy with SSL TUNNEL,that's almost what I want, but
 |not exactly.
 |Let me explain:
 |I have Host_A over a *very* restrictive firewall that would only allow
 |outcoming connections to Host_B port 80/HTTP. In Host_A I have a application
 |that needs to communicate to Host_B over a proprietary TCP protocol.
 |My idea would be: run a instance of delegate in Host_A so it would listen to
 |the TCP port for the proprietary TCP protocol, encapsulate it in HTTP,
 |forward to Host_B, where another instance of delegate would be doing the
 |opposite, that is, listening to HTTP port 80 and decapsulating the content
 |back to the TCP proprietary protocol.

HTMUX (with CAPSKEY) might be near to the feature what you described but
the usage of it is strongly restricted not to be utilized maliciously,
for example to make backdoor or to break restrictions by firewall.

Apart from DeleGate, I think it is not so difficult to write a program
to escape restrictions by firewalls while it is difficult to protect
a protocol interpretation program from being utilized maliciously to
break such restrictions.

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]