Breaking out of a proxy jail: SOCKS via HTTP

SOCKS via HTTP does what is says on the box. It tunnels a SOCKS connection through a HTTP proxy to a remote (unfiltered) machine. From the proxies view, it's just HTTP traffic (granted, quite a lot of it). I would only suggest it's use if you don't have HTTPS access and cannot use desproxy or proxytunnel.

SOCKS via HTTP is written entirely in Java, so it should run on any machine with a Java Virtual Machine on.

Not only can you run the app on both Windows and *nix, but you can mix and match. This means you can:

• Run the server on *nix and the client on *nix,
• Run the server on *nix and the client on Windows (this is what I use),
• Run the server on Windows and the client on *nix,
• Run the server on Windows and the client on Windows,

First, download the application either in compressed tarball or zipped format.

The configuration of the application is generic: it's the same for all OSs. The config files are nicely commented, meaning I should have to go into much detail here for it to make sense.

The first file you need to edit is classes/jhttpserver/inithttpsrv.properties. This is the configuration for the jhttp server.

The only value you might need to change here, is the port the server runs on. Generally, your work proxy will only let you make connections on port 80, so the server must be run on 80. However, if you can connect on another port, you might want to do so, so that you can run a real web server (like Apache) on that port. Adjust the jhttpserver.server.port to suit.

Next, you will need to configure the part of the server that handles the SOCKS via HTTP connection. This is done in socksviahttp/server/initsrv.properties.

This is where you need to specify usernames and passwords for use in authenticating with the SOCKS via HTTP server. It is recommended that you change these from the default, so that anyone can't just use your connection.

Now the client needs to be configured. Obivously, this needs to be done on the machine that is going to run the client - not the server. Open up /socksviahttp/client/init.properties.

There are three main sections to this file. You need to specify the location of the server running SOCKS via HTTP and tell it your user name, configure the proxy information including location and authentication, and specify the local port to run the local SOCKS server on.

SOCKS via HTTP does not support NTLM authentication. To connect to a Microsoft proxy server, you will need to use something like NTLM Authorization Proxy Server. I've not tried this myself yet, so I can't say much more on the subject. However, this is reported to work with SOCKS via HTTP. Install it, then configure SOCKS via HTTP to use it as proxy.

Now you should be ready to run the client.

To make use of the SOCKS server, you need to specify it in the application you want to use it with (X-Chat, Putty, etc). The SOCKS server is SOCKS4.

Not all applications support the direct use of a SOCKS proxy. Most GUI apps on Windows and OS X do, but a lot of the command line functions of *nix will not.

I suggest the use of connect for these: a tiny application that will accept a standard TCP connection and relay it over a SOCKS server, much in the same way that desproxy does (without the HTTP proxy CONNECT part).

To run, use:

For more information on connect, check the homepage.

For more information on SOCKS via HTTP, check the homepage.

Specific examples using SOCKS via HTTP

Although it is possible to make any kind of connection with SOCKS via HTTP, some just don't have sense. A simple SSH connection is fine. Although it is possible to do something more complex like BitTorrent any advantage to be had from a fast corporate connection would be lost as the data must first pass through your home server: you might as well just download from home.