Breaking out of a proxy jail: ProxyTunnel

ProxyTunnel works in the same way as desproxy. It allows you to create a standard TCP connection to a remote host via an HTTP proxy, by use of the CONNECT method.

The CONNECT method is normally used by proxy servers to allow HTTPS (SSL) communication between a client and server. Because this information is encrypted the proxy server does not try to read it, and just lets a full connection through. Generally, this type of connection will only be allowed on "safe" ports (443 is the main one, but there are others). So, provided the server application you are trying to connect to is listening on port 443, you should be able to make a full TCP connection.

The quickest way to check if your server supports CONNECT, is to try and connect to a HTTPS site, such as GMail. If that page loads, you should be OK.

ProxyTunnel runs on *nix and Windows, although the Windows version doesn't work as a standalone server (apparently). Download the appropriate version here.

Installing on Windows

Installing on *nix (including OS X)

Extract the contents of the archive:

tar vxfz proxytunnel-1.5.0.tgz

Change directory to the extracted files:

cd proxytunnel-1.5.0

Build the binary:

make

Copy the binary to a directory in your $PATH (may require root):

mv proxytunnel /usr/local/bin/proxytunnel

The usage is best explained in the help:

Usage: Proxytunnel [OPTIONS]...
	-h         --help              Print help and exit
	-V         --version           Print version and exit
	-i         --inetd             Run from inetd (default=off)
	-a INT     --standalone=INT    Run as standalone daemon on specified port
	-u STRING  --user=STRING       Username to send to HTTPS proxy for auth
	-s STRING  --pass=STRING       Password to send to HTTPS proxy for auth
	-t STRING  --domain=STRING     NTLM Domain (default: autodetect)
	-U STRING  --uservar=STRING    Env var with Username for HTTPS proxy auth
	-S STRING  --passvar=STRING    Env var with Password for HTTPS proxy auth
	-g STRING  --proxyhost=STRING  HTTPS Proxy host to connect to
	-G INT     --proxyport=INT     HTTPS Proxy portnumber to connect to
	-d STRING  --desthost=STRING   Destination host to built the tunnel to
	-D INT     --destport=INT      Destination portnumber to built the tunnel to
	-H STRING  --header=STRING     Add STRING to HTTP headers sent to proxy
	-N         --ntlm              Use NTLM Based Authentication
	-n         --dottedquad        Convert destination hostname to dotted quad
	-v         --verbose           Turn on verbosity (default=off)
	-q         --quiet             Suppress messages  (default=off)

	Examples:
	Proxytunnel [ -h | -V ]
	Proxytunnel -i [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]
	Proxytunnel -i [ -U envvar -S envvar ] -g host -G port -d host -D port [ -n ] [ -v | -q ]
	Proxytunnel -a port [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]

ProxyTunnel works well with SSH because of it's ability to forward a connection through STDIN/STDOUT. If your on Windows, and using PuTTY as your SSH client you don't need to use ProxyTunnel as it has already has an option to forward through a HTTP proxy.

Open up ~/.ssh/config (create it if needed) and enter:

Host yourserver.com
	ProxyCommand proxytunnel -v -g your.proxy.local -G 8080 -d %h -D %p

In that example, yourserver.com is the address of your SSH server, your.proxy.local is the address of your proxy and 8080 is the proxy port. Alternatively, you can use a wildcard for the host, "Host *", so that all connections made by SSH will be run through the proxy.

It's worth reading the paper the author wrote on ProxyTunnel and HTTPS proxies in general, as it has a good explanation of what's going on. The paper is here.

For more information on ProxyTunnel, check the homepage.