How does HTTP Tunneling work?
Priyanka Shyam
CCDE (Written) | CWNA | Cisco SCOR | CISCO SD-WAN | Technical Writer | Influencer | Multitasker | Considerate | Empathic | Excellent Communicator | Helpful
We all know that http method includes?GET,POST,PUT,CONNECT,OPTIONS,TRACE,DELETE. We have already discussed the different HTTP methods in my article, as well as the difference between POST and PUT.
Now lets’ discuss?what is HTTP Tunneling/CONNECT, when do we use it, why do we use it?
HTTP CONNECT/Tunneling Method
In situations where network access is restricted, such as firewalls, NATs, and ACLs, HTTP tunneling is used to establish a link between two computers. Tunnels are created by proxy servers, which are usually located in DMZ zones.
Or
Using HTTP tunneling, you can bypass firewalls and other network restrictions, and an HTTP tunnel creates a direct network link between two locations. Tunnels are used to transport foreign protocols across networks that wouldn't support them normally.
The HTTP CONNECT method is the most commonly used HTTP tunneling method.?A client requests an HTTP proxy server to forward a TCP connection to a desired destination using this mechanism. On behalf of the client, the server makes the connection. After the server establishes the connection, the proxy server continues to proxy the TCP stream to and from the client. The server will simply proxy the established TCP connection after the initial connection request is sent via HTTP.
Tunneling
The tunneling technique, also known as "port forwarding," encapsulates private network data and protocol information for transmission over public networks.
What is HTTP Tunneling?
In HTTP tunneling, communications are encapsulated using the HTTP protocol.
How do we achieve it:
Tunneling over HTTP is primarily used to avoid firewalls. Protocol encapsulation occurs with HTTP tunneling, which encapsulates data packets of one protocol (e.g. SOAP, JRMP, etc.) within another protocol packet. As normal internet traffic, HTTP packets are then sent across the firewall.
The advantages of HTTP CONNECT
Tunneling over HTTP overcomes corporate restrictions (at work) and ISP restrictions (at home). Your request is wrapped in HTTP and tunneled through to the server.
If some websites are blocked by firewalls, you'll need a http tunnel server outside of the firewall in order to access them. Until the http tunnel server, your request will be wrapped in http protocol and sent to the website on your behalf. The http protocol can be used to hide your requests in this way.
领英推荐
To better understand this, let's look at an example:?
The CONNECT method is only used by a web client if it knows it is communicating with a proxy or proxy chain and the final URI begins with?https://.
It works like this; My client browser will tell the proxy to open a raw TCP connection to Google (I'm using https://google.com); any following bytes I write are repeated over that connection without interpretation. One more thing. When you talk directly to Google, do that, but if you use another proxy, just tell them the same?CONNECT."
It is important to note that this statement says nothing about TLS (https). In fact, CONNECT is orthogonal to TLS; either one can be used, either the other, or both can be used.
Nevertheless, CONNECT's purpose is to provide encrypted TLS sessions from end to end, making the data unreadable to proxies (or even entire proxy chains). Because CONNECT can be issued within plain HTTP and requires nothing more than copying raw bytes around, it works even if a proxy does not understand TLS at all.
But the connection to the first proxy can be TLS (https) although it means a double encryption of traffic between you and the first proxy.
When talking directly to the final server, it doesn't make sense to use the CONNECT method. You just start the conversation with TLS and issue an HTTP GET. The end server will typically disable CONNECT.
To a proxy,?CONNECT?support adds security risks. Any data can be passed through?CONNECT, even ssh hacking attempts to a server on 192.168.1.*, even SMTP sending spam. The outside world sees these attacks as regular TCP connections initiated by a proxy. They don't care what is the reason, they cannot check whether HTTP?CONNECT?is to blame. Hence it's up to proxies to secure themselves against misuse.
HTTP tunneling without using CONNECT
HTTP tunnels can also be implemented using only the usual HTTP methods such as POST, GET, PUT, and DELETE, similar to Bidirectional-streams Over Synchronous HTTP (BOSH).
Using this proof-of-concept program, a special HTTP server is running outside the protected network, while a client program is running on a computer inside the protected network. As network traffic passes from the client to the outside server, the client repackages each request as an HTTP request and relays it to the server, which extracts and executes the original request for the client.Since all traffic is encapsulated inside normal GET and POST requests and responses, this approach works through most proxy servers and firewalls.
Keynote:
Proxy Server
Proxy servers (computer systems or applications) in computer networks act as intermediaries (third parties who offer intermediation between two parties) for clients seeking resources from other servers in computer networks.
The proxy server accepts client requests. As a way of simplifying and controlling the complexity of a service request, the proxy server evaluates the request when a client connects to the proxy server, requesting a file, connection, web page or other resource available from a different server. Adding structure and encapsulation to distributed systems was the purpose of proxies.
Managing Director
1 年nice refresher