Hubbry Logo
HTTP tunnelHTTP tunnelMain
Open search
HTTP tunnel
Community hub
HTTP tunnel
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
HTTP tunnel
HTTP tunnel
HTTP tunnel
View on Wikipedia
from Wikipedia

HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls, NATs and ACLs, among other restrictions. The tunnel is created by an intermediary called a proxy server which is usually located in a DMZ.

Tunneling can also allow communication using a protocol that normally wouldn’t be supported on the restricted network.

HTTP CONNECT method

[edit]

The most common form of HTTP tunneling is the standardized HTTP CONNECT method.[1][2] In this mechanism, the client asks an HTTP proxy server to forward the TCP connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection has been established by the server, the proxy server continues to proxy the TCP stream to and from the client. Only the initial connection request is HTTP - after that, the server simply proxies the established TCP connection.

This mechanism is how a client behind an HTTP proxy can access websites using SSL or TLS (i.e. HTTPS). Proxy servers may also limit connections by only allowing connections to the default HTTPS port 443, whitelisting hosts, or blocking traffic which doesn't appear to be SSL.

The HTTP CONNECT method can not forward UDP connection.

Example negotiation

[edit]

The client connects to the proxy server and requests tunneling by specifying the port and the host computer to which it would like to connect. The port is used to indicate the protocol being requested.[3] 

CONNECT streamline.t-mobile.com:22 HTTP/1.1
Proxy-Authorization: Basic encoded-credentials

If the connection was allowed and the proxy has connected to the specified host then the proxy will return a 2XX success response.[3] 

HTTP/1.1 200 OK

The client is now being proxied to the remote host. Any data sent to the proxy server is now forwarded, unmodified, to the remote host[3] and the client can communicate using any protocol accepted by the remote host. In the example below, the client is starting SSH communications, as hinted at by the port number in the initial CONNECT request. 

SSH-2.0-OpenSSH_4.3\r\n
...

HTTP tunneling without using CONNECT

[edit]

A HTTP tunnel can also be implemented using only the usual HTTP methods as POST, GET, PUT and DELETE. This is similar to the approach used in Bidirectional-streams Over Synchronous HTTP (BOSH).

A special HTTP server runs outside the protected network and a client program is run on a computer inside the protected network. Whenever any network traffic is passed from the client, the client repackages the traffic data as a HTTP request and relays the data to the outside server, which extracts and executes the original network request for the client. The response to the request, sent to the server, is then repackaged as an HTTP response and relayed back to the client. Since all traffic is encapsulated inside normal GET and POST requests and responses, this approach works through most proxies and firewalls.[a]

See also

[edit]

Notes

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

HTTP tunnel

View on Grokipedia
from Grokipedia
An HTTP tunnel is a networking technique that uses the Hypertext Transfer Protocol (HTTP) to encapsulate and transport data from lower-level protocols, such as TCP, by establishing a bidirectional virtual connection through an intermediary like a . This is primarily achieved via the CONNECT method in HTTP/1.1, where a client requests the proxy to open a tunnel to a specified destination host and port, allowing transparent forwarding of arbitrary data streams without HTTP semantic processing once established. The CONNECT method operates by sending a request in the form CONNECT <host>:<port> HTTP/1.1, prompting the proxy to connect to the target server; a successful response (status code 2xx, such as 200 OK) signals activation, after which the proxy relays data blindly in both directions until either endpoint closes the connection. Unlike standard HTTP requests, CONNECT requests contain no body and use an authority-form URI (host and port only, with no default port assumption), and successful responses omit content, Transfer-Encoding, or Content-Length headers to initiate immediate tunneling. This method is hop-by-hop, meaning it applies only between the client and proxy, and is not intended for origin servers. HTTP tunneling is essential for scenarios requiring secure or restricted access, such as enabling connections through corporate firewalls, where the tunnel facilitates end-to-end TLS encryption without proxy inspection of the encrypted payload. It supports proxy authentication via headers like Proxy-Authorization and can chain through multiple proxies if needed. However, the method is neither safe nor idempotent, rendering it uncacheable, and proxies are advised to limit tunneling to trusted ports (e.g., 443 for ) to mitigate risks like unauthorized access or abuse as relays for non-HTTP protocols such as SSH or FTP. Introduced in early HTTP/1.1 specifications, the CONNECT method was originally outlined in a 1996 work-in-progress document titled "Tunneling TCP based protocols through Web proxy servers" by Ari Luotonen, and later formalized in RFC 2817 for upgrading to TLS within HTTP. Modern extensions, such as the ALPN header in CONNECT requests, allow negotiation of application-layer protocols within the tunnel, enhancing support for diverse uses like or multiplexing. Despite its utility, HTTP tunneling raises security considerations, including potential for traffic to bypass filters, underscoring the need for robust proxy configurations.

Fundamentals

Definition and Principles

HTTP tunneling is a technique used to encapsulate arbitrary network protocols, such as TCP-based ones, within HTTP messages, thereby disguising non-HTTP traffic as standard web communications to traverse restrictive networks. This encapsulation allows data from lower-level protocols to be transported inside HTTP requests and responses, mimicking legitimate web browsing activity. The core principles of HTTP tunneling involve client-server to establish the tunnel, data encapsulation within HTTP bodies or headers for non-CONNECT methods, and support for bidirectional communication over a single connection. HTTP tunneling encompasses both opaque relaying via the CONNECT method, where data is forwarded blindly after setup without HTTP framing, and encapsulation techniques that embed protocol data in HTTP message components. During , the client requests the server to open a pathway, after which the intermediary data opaquely without interpreting the encapsulated content. Once established, the tunnel functions as a blind , maintaining end-to-end connectivity for the inner protocol while leveraging HTTP's persistent connections for efficiency. HTTP tunneling differs from HTTP proxying, where an acts as a forwarding agent that receives, interprets, and relays HTTP requests in absolute URI form on behalf of clients. In contrast, tunneling emphasizes protocol encapsulation to create a direct, unmodified pathway for non-HTTP data, with the intermediary ceasing participation in the HTTP communication after setup. A primary benefit of HTTP tunneling is its ability to firewalls and proxies that allow outbound HTTP traffic on ports 80 and 443 but block other protocols or ports, facilitating access in controlled environments like corporate networks. This approach enables secure or restricted applications to operate without altering network policies.

Historical Development

The concept of HTTP tunneling emerged in the mid-1990s alongside the development of early HTTP specifications, driven by the need for intermediaries like proxies to facilitate communication in distributed networks. HTTP/1.0, formalized in RFC 1945 in May 1996, introduced basic proxy support, defining proxies as intermediaries that forward requests and responses while allowing for tunneling as a blind relay mechanism to pass data through firewalls or other barriers without alteration. This laid the groundwork for encapsulating non-HTTP traffic within HTTP, though without a dedicated method for dynamic tunnel establishment. The technique evolved significantly with HTTP/1.1, published as RFC 2616 in June 1999, which formalized the CONNECT method to enable proxies to switch to a raw TCP tunnel for secure or arbitrary protocol transport. This method, originally outlined in Ari Luotonen's 1996 "Tunneling TCP based protocols through Web proxy servers," allowed clients to request a bidirectional data relay to a target host and port, commonly used for SSL-encrypted connections. The rise of HTTP tunneling in the late 1990s was closely tied to increasing firewall deployments, which restricted direct access to non-HTTP ports, prompting tools like httptunnel—first released around 1998—to encapsulate protocols such as SSH within HTTP requests for bypass purposes. By the early 2000s, HTTP tunneling saw broader integration into browsers and proxy servers, enabling seamless support for traffic through CONNECT-based tunnels to handle TLS-encrypted sessions without exposing sensitive data to intermediaries. Adaptations for TLS over HTTP tunnels became standard during this period, aligning with the growing adoption of secure web communications amid rising network restrictions. Post-2010 milestones included WebSockets (RFC 6455, December 2011), which provided a persistent, bidirectional alternative to full tunneling for real-time applications, and (RFC 7540, May 2015), which enhanced tunneling via multiplexing to allow multiple streams over a single connection, improving efficiency for proxy-relayed traffic. As of 2025, HTTP tunneling remains relevant in cloud environments for secure exposure of internal services without public IPs. However, its use has declined for some firewall bypass scenarios due to advanced (DPI) techniques that detect and block anomalous HTTP patterns, favoring more obfuscated alternatives like WebSockets.

Tunneling Methods

HTTP CONNECT Method

The HTTP CONNECT method, defined in HTTP/1.1, enables a client to request that a establish a bidirectional TCP connection to a specified target host and port, effectively creating a for arbitrary relay. This method is particularly useful for encapsulating protocols like through proxies, where the proxy acts as a blind forwarder after successful establishment, without interpreting the tunneled content. Specified in RFC 7231 (June 2014), CONNECT uses an authority-form request-target, focusing solely on the destination rather than a full URI path. The process begins with the client sending a CONNECT request to the proxy, formatted as CONNECT <host>:<port> HTTP/1.1, followed by required headers and a blank line. The proxy then attempts to open the TCP connection to the target; upon success, it responds with a 2xx status code (typically 200 OK), indicating the tunnel is established, and immediately begins relaying raw bytes bidirectionally between the client and target without applying HTTP framing, Transfer-Encoding, or Content-Length to the tunneled data. If the connection fails or is unauthorized, the proxy returns a 4xx or 5xx error response with a message body explaining the issue, and no tunnel is created. Once active, the tunnel persists until either endpoint closes the connection, with the proxy forwarding all subsequent data transparently. Relevant HTTP headers in a CONNECT request include the mandatory Host header, which must match the authority in the request-target to specify the tunnel destination. Optional headers like User-Agent can provide client identification for negotiation or logging purposes, while Proxy-Authorization supports authentication schemes (e.g., Basic or Digest) if the proxy requires credentials, as triggered by a prior 407 Proxy Authentication Required response. The Connection header may also appear to control options like "close" for the proxy connection. Responses to successful CONNECT requests exclude Content-Length or Transfer-Encoding headers, as no entity body is present. CONNECT is compatible with both plain HTTP connections to the proxy and HTTPS-secured proxy connections, allowing secure request transmission before tunneling. In HTTP/1.1, it operates over a single persistent connection, limiting concurrent tunnels without additional mechanisms. HTTP/2 extends support for CONNECT (per RFC 7540, May 2015), enabling multiplexing of multiple proxy requests over one connection while establishing the tunnel on a dedicated , though the tunnel itself remains non-multiplexed. A typical CONNECT negotiation trace, assuming no , appears as follows (wire format example adapted from RFC 7231): Client Request:

CONNECT www.[example.com](/page/Example.com):443 HTTP/1.1 Host: www.[example.com](/page/Example.com):443 User-Agent: ExampleClient/1.0

CONNECT www.[example.com](/page/Example.com):443 HTTP/1.1 Host: www.[example.com](/page/Example.com):443 User-Agent: ExampleClient/1.0

Proxy Response (Success):

HTTP/1.1 [200](/page/200) Connection Established Date: Mon, 10 Nov 2025 12:00:00 GMT

HTTP/1.1 [200](/page/200) Connection Established Date: Mon, 10 Nov 2025 12:00:00 GMT

After the response, raw TCP data (e.g., TLS handshake bytes) flows directly through the tunnel in both directions. For , the client would include Proxy-Authorization: Basic <base64-credentials> in the request if previously challenged.

Non-CONNECT Methods

Non-CONNECT methods for HTTP tunneling leverage standard HTTP request and response mechanisms, such as the POST method, to encapsulate and transport arbitrary data through proxies or firewalls that block the CONNECT method. In these approaches, the client encodes binary or non-HTTP protocol data into the body of HTTP POST requests, often using to ensure compatibility with text-based HTTP transmission, while the server-side handler decodes the , forwards it to the intended destination, and encodes the reply in the HTTP response body. State management across multiple requests is typically maintained using session identifiers in or URL parameters, allowing the tunnel to simulate persistent connections despite the stateless nature of HTTP. Chunked transfer encoding, defined in HTTP/1.1, enables streaming of indefinite data lengths without a fixed Content-Length header, facilitating more efficient simulation of bidirectional flows in non-CONNECT tunnels. This technique divides the tunneled data into chunks, each preceded by its hexadecimal size and terminated by CRLF, with the stream ending via a zero-length chunk; it is particularly useful for real-time protocols where content size is unknown upfront. Tools like chunkyTuna exploit this by embedding TCP stream data within chunked HTTP responses from a webshell, allowing interactive command execution or without requiring persistent connections. In bidirectional setups, the client sends chunked POST requests for outbound data, while the server responds with chunked bodies containing inbound replies, though this requires custom server-side processing to reassemble streams. Header-based tunneling embeds small amounts of data directly into custom HTTP headers or URL query parameters, avoiding the body altogether for minimal payloads like control signals or short messages. For instance, proprietary headers such as X-Tunnel-Data can carry Base64-encoded snippets, parsed by the server to route or acknowledge tunneled . However, this method is inherently limited by HTTP header size constraints, typically around 8 KB per request, making it unsuitable for bulk data transfer. Implementations of these non-CONNECT methods include tools like HTTPTunnel, which creates bidirectional virtual data paths over pure GET and POST requests, encoding traffic to traverse restrictive proxies without invoking CONNECT. Custom scripts, often written in languages like Python or Go, further demonstrate these techniques by Base64-encoding non-HTTP protocols (e.g., SSH or TCP) into POST bodies for server-side decoding and forwarding. , a versatile proxy tool, also employs GET for control messages and POST for data payloads in its HTTP tunnel mode, supporting both encrypted and plaintext variants to mimic legitimate . These methods exhibit a unidirectional , as HTTP's request-response model favors client-to-server flow, requiring polling or long-lived requests for reverse directionality, which increases latency. They incur higher overhead from repeated encoding/decoding cycles and multiple round-trip requests compared to direct tunnels. Additionally, their reliance on visible request bodies or headers makes them vulnerable to content inspection by tools, which can detect anomalous patterns like excessive usage or irregular chunking.

Applications and Examples

Proxy and Firewall Bypass

HTTP tunneling enables the circumvention of network proxies and firewalls by encapsulating restricted protocols within HTTP , which is typically whitelisted on ports 80 and 443 due to its essential role in web browsing. This mechanism allows protocols like FTP or , often blocked on their standard ports, to be routed through these open channels using methods such as the HTTP CONNECT request, which establishes a transparent TCP tunnel without proxy interpretation of the payload. In proxy integrations, forward proxies like support outbound tunneling via CONNECT, enabling clients behind a restrictive network to connect to external destinations by forwarding encapsulated traffic, while reverse proxies can terminate incoming tunnels for internal services. This setup is common in corporate environments, where employees use HTTP tunneling to access blocked external resources through the company's proxy infrastructure without violating port restrictions. Practical examples include accessing censored websites in restricted networks during the Arab Spring uprisings, where tools like employing HTTP proxying helped users evade government blocks on and news sites, including in . Similarly, in corporate intranets, HTTP tunneling routes internal tools or external services through approved HTTP paths, maintaining productivity while adhering to security policies. A notable is the early version of , released in 2006 by the , which utilized CGI proxying over HTTP to create encrypted tunnels for bypassing firewalls in censored regions. distributed proxy lists via social networks, allowing users to route traffic through volunteer-hosted servers, successfully evading IP, DNS, and keyword filters in tests across locations like and . As of 2025, continues to be used as a circumvention tool in regions with restrictions, evolving into a full . Performance in these scenarios involves added latency from encapsulation overhead, as HTTP headers and proxy introduce delays—lab evaluations of similar tools showed approximately 83-85% slower response times compared to direct connections. can be challenged in high-traffic environments, where frequent establishments increase load on proxies, though optimized implementations like mitigate this through caching and efficient forwarding.

Secure Protocol Encapsulation

HTTP tunneling enables the encapsulation of secure protocols such as SSH and VPN traffic within HTTP requests and responses, allowing transmission over networks that restrict non-HTTP traffic. This process involves wrapping the inner protocol's packets—typically encrypted by the secure protocol itself—into HTTP payloads, often using methods like POST requests for data transfer or the CONNECT method for establishing persistent tunnels. Tools like httptunnel facilitate this by creating a bidirectional virtual data path where arbitrary TCP/IP connections, including SSH, are tunneled through HTTP requests that can traverse HTTP proxies. Similarly, can wrap SSH connections in TLS before further encapsulation in HTTP, adding an additional layer of encryption compatible with HTTP/ proxies. For SSH encapsulation, the protocol's packets are mapped into HTTP requests by segmenting the TCP stream into chunks that fit within HTTP bodies or headers, with the tunnel server reassembling them for delivery to the SSH endpoint. This supports various port forwarding modes: local forwarding (-L) redirects a local port to a remote host via the tunnel, remote forwarding (-R) exposes a remote port to the local machine, and dynamic forwarding (-D) creates a proxy for flexible application routing. In restricted environments, this mapping allows SSH sessions to mimic legitimate , evading that blocks direct SSH on port 22. VPN traffic can also be encapsulated over HTTP, as seen in OpenVPN's support for HTTP proxies, where the VPN protocol requires TCP as the carrier to issue CONNECT requests to the proxy, encapsulating the entire OpenVPN stream—including authentication and data packets—within the proxied connection. Cisco AnyConnect similarly leverages HTTP proxies for initial VPN establishment, wrapping its TLS-based tunnel (which can carry IPsec/IKEv2 payloads) in to connect through corporate proxies before shifting to the full secure session. These methods ensure the inner VPN encryption remains intact while the outer HTTP layer provides camouflage. Modern tools like Tunnelmole, as of 2025, extend HTTP tunneling for secure local development and testing environments, encapsulating protocols over HTTP for remote access in restricted networks. HTTP tunnels maintain bidirectional flow by alternating between client-initiated requests carrying outbound data and server responses with inbound data, often using persistent connections or polling mechanisms to simulate full-duplex communication over HTTP's request-response model. handling for connection drops typically involves automatic reconnection attempts by the tunnel client, with timeouts and retries configured to detect proxy interruptions or network failures without disrupting the inner secure protocol session. A practical example is establishing an SSH connection over an HTTP CONNECT proxy using netcat (nc) as a ProxyCommand: ssh -D 8080 -o ProxyCommand="nc -X connect -x proxy.example.com:8080 %h %p" user@remotehost. This command directs SSH to use netcat for proxying via HTTP CONNECT to the target host and port, creating a dynamic SOCKS proxy on local port 8080 for tunneled applications. In restricted networks, this encapsulation combines the inner protocol's robust encryption—such as SSH's AES or VPN's IPsec—for data confidentiality with HTTP's ubiquity for camouflage, enabling secure access where direct connections are blocked while minimizing detection by traffic analyzers that permit standard web protocols.

Security and Limitations

Potential Risks

HTTP tunneling introduces several security vulnerabilities and operational limitations that can compromise network integrity and performance. One primary detection risk arises from (DPI) techniques, which analyze packet payloads beyond headers to identify non-HTTP patterns embedded within tunneled traffic, such as unusual levels or nonstandard data in HTTP bodies. Proxy servers further exacerbate this by connection details, including user agents and abnormally long session durations indicative of tunneling activity, thereby revealing unauthorized channels. Man-in-the-middle (MITM) attacks pose a significant threat to HTTP tunnels, particularly when not secured over , allowing attackers to intercept and alter unencrypted tunneled data. Even with TLS encryption, proxy misconfigurations can expose traffic, as loosely configured proxies supporting methods like CONNECT may enable tunneling to arbitrary servers, facilitating unauthorized access or data leakage. The HTTP CONNECT method, a common vector for such tunneling, amplifies these risks by permitting relays to non-Web protocols if not restricted to safe ports. Performance bottlenecks are inherent due to the encapsulation process, where HTTP headers add substantial overhead, resulting in bandwidth loss compared to direct connections. Additionally, HTTP/1.1's limitation to a single persistent connection per tunnel can create , exacerbating latency and throughput issues under high load. Compliance issues stem from HTTP tunneling's ability to evade network policies, enabling unauthorized that violates organizational security controls and data protection regulations. Furthermore, tunnels can facilitate distribution by obscuring malicious payloads, as seen in campaigns abusing services like Cloudflare's Tunnel to deliver remote access trojans via links. As of 2025, evolving threats include AI-based in next-generation firewalls (NGFWs), which employ behavioral analytics to flag unusual traffic patterns suggestive of tunneling, such as deviations from baseline HTTP flows.

Mitigation Strategies

To mitigate the security risks associated with HTTP tunneling, such as unauthorized or command-and-control communications, organizations employ a combination of detection and prevention techniques focused on identifying anomalous HTTP traffic patterns and restricting tunneling capabilities at the network perimeter. Detection primarily relies on anomaly-based intrusion detection systems (IDS) that analyze deviations from normal HTTP behavior, including packet sizes, session durations, and data transfer ratios. For instance, behavior profiles derived from training on legitimate can flag interactive or streaming sessions indicative of tunneling, achieving high detection rates with low false positives in controlled evaluations. (DPI) tools further enhance detection by examining HTTP payloads for non-standard protocols or encoded content, such as embedded in request bodies, which legitimate HTTP traffic rarely exhibits. Advanced methods compare multiple statistical features of HTTP requests, such as character distributions, request lengths, and token-based structures using techniques like deterministic finite automata (DFA) or n-gram analysis. These approaches have demonstrated effectiveness for tunneling detection in academic benchmarks, though they require ongoing tuning to adapt to evolving traffic norms. , often powered by classifiers like support vector machines, selects optimal traffic attributes (e.g., byte or inter-arrival times) to distinguish tunneled sessions from benign ones, improving in high-volume environments. Once detected, alerts trigger administrative review, including payload keyword scanning for malicious indicators like command shells. Prevention strategies emphasize proxy and firewall configurations to limit HTTP tunneling vectors, particularly the CONNECT method, which establishes opaque TCP tunnels. Proxies like or Web Security Appliances can be hardened by whitelisting allowed destination ports (e.g., restricting CONNECT to 443 for only) and hosts, blocking all other tunneling attempts via lists (ACLs). Application-layer firewalls and next-generation firewalls (NGFWs) enforce protocol strictness by denying HTTP-proxy applications or non-HTTP traffic masquerading within HTTP, while bidirectional data flows prevents abuse. Additionally, and zero-trust policies reduce the by isolating sensitive systems and requiring explicit authentication for outbound connections, ensuring that even if tunneling occurs, lateral movement is curtailed.

References

  1. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/CONNECT
  2. https://www.rfc-editor.org/rfc/rfc2817.html
  3. https://www.rfc-editor.org/rfc/rfc7639.html
  4. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling
  5. https://www.giac.org/paper/gsec/3153/http-tunnels-proxies/103911
  6. https://datatracker.ietf.org/doc/html/rfc2817
  7. https://datatracker.ietf.org/doc/html/rfc2817#section-5.3
  8. https://datatracker.ietf.org/doc/html/rfc1945#section-1.2
  9. https://datatracker.ietf.org/doc/html/rfc1945#section-5.1.2
  10. https://datatracker.ietf.org/doc/html/rfc2616#section-9.9
  11. https://datatracker.ietf.org/doc/draft-luotonen-web-proxy-tunneling-00
  12. https://datatracker.ietf.org/doc/html/rfc9114
  13. https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.6
  14. https://datatracker.ietf.org/doc/html/rfc7230#section-2.3
  15. https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.3
  16. https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3
  17. https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
  18. https://datatracker.ietf.org/doc/html/rfc7235#section-4.4
  19. https://datatracker.ietf.org/doc/html/rfc7230#section-6.1
  20. https://datatracker.ietf.org/doc/html/rfc7230#section-6.3
  21. https://datatracker.ietf.org/doc/html/rfc7540#section-8.3
  22. https://http-tunnel.sourceforge.net/
  23. https://live.paloaltonetworks.com/t5/general-topics/base64-encoded-http-traffic/td-p/26808
  24. https://datatracker.ietf.org/doc/html/rfc9112
  25. https://github.com/SecarmaLabs/chunkyTuna
  26. https://blog.secarma.co.uk/labs/chunkytuna-a-web-shell-evolved
  27. https://security.stackexchange.com/questions/189433/tunnel-ssh-over-http-with-custom-headers
  28. https://github.com/larsbrinkhoff/httptunnel
  29. https://gost.run/en/tutorials/http-tunnel/
  30. https://www.nocrew.org/software/httptunnel.html
  31. https://wiki.squid-cache.org/Features/HTTPS
  32. https://www.hackingloops.com/how-to-get-past-a-firewall/
  33. http://www.squid-cache.org/Doc/config/https_port
  34. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Reports-2017-05.pdf
  35. https://blog.udemy.com/http-tunneling/
  36. https://cyber.harvard.edu/sites/cyber.harvard.edu/files/2007_Circumvention_Landscape.pdf
  37. https://vpnoverview.com/vpn-reviews/psiphon/
  38. https://www.stunnel.org/
  39. https://openvpn.net/community-docs/connecting-to-an-openvpn-server-via-an-http-proxy.html
  40. https://community.cisco.com/t5/vpn/anyconnect-vpn-and-proxy/td-p/2013623
  41. https://dev.to/robbiecahill/set-up-http-tunneling-in-minutes-with-tunnelmole-56n4
  42. https://www.vectra.ai/modern-attack/attack-techniques/tunneling
  43. https://repository.rit.edu/cgi/viewcontent.cgi?article=1784&context=other
  44. https://hpbn.co/http1x/
  45. https://unit42.paloaltonetworks.com/evasion-of-security-policies-by-vpn-clients-poses-great-risk-to-network-operators/
  46. https://www.csoonline.com/article/3480886/attackers-leverage-cloudflare-tunnels-to-obscure-malware-distribution.html
  47. https://www.fortinet.com/lat/resources/cyberglossary/next-generation-firewall
  48. https://apps.dtic.mil/sti/pdfs/ADA529552.pdf
  49. https://www.fortinet.com/resources/cyberglossary/dpi-deep-packet-inspection
  50. https://link.springer.com/chapter/10.1007/978-3-540-74320-0_3
  51. https://www.sciencedirect.com/science/article/abs/pii/S0167404816000080
  52. https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117933-qa-csc-00.pdf
  53. https://live.paloaltonetworks.com/t5/general-topics/http-tunneling/td-p/4454
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.