Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
From the article:
> Ubiquitous presence of HTTPS allows you to pass your data through very restrictive middle boxes!
This is, in fact, why all — or nearly all — proprietary VPN protocols (so-called "SSL VPNs") implement a mode that initiates a tunnel via HTTPS, at least as a fallback if not as the primary mode of operation: precisely in order to have a mode of operation that works with almost any connection to the global Internet.
I'm one of the main developers of https://gitlab.com/openconnect/openconnect, which implements many such protocols, and wrote https://github.com/dlenski/what-vpn, which sniffs or identifies even more flavors of TLS-based VPN servers.
From the article:
> Ubiquitous presence of HTTPS allows you to pass your data through very restrictive middle boxes!
This is, in fact, why all — or nearly all — proprietary VPN protocols (so-called "SSL VPNs") implement a mode that initiates a tunnel via HTTPS, at least as a fallback if not as the primary mode of operation: precisely in order to have a mode of operation that works with almost any connection to the global Internet.
I'm one of the main developers of https://gitlab.com/openconnect/openconnect, which implements many such protocols, and wrote https://github.com/dlenski/what-vpn, which sniffs or identifies even more flavors of TLS-based VPN servers.
In general, tunneling through HTTP2 turns out to be a great choice. There is a RPC protocol built on top of HTTP2: gRPC[1].
This is because HTTP2 is great at exploiting a TCP connection to transmit and receive multiple data structures concurrently - multiplexing.
There may not be a reason to use HTTP3 however, as QUIC already provides multiplexing.
I expect that in the future most communications will be over encrypted HTTP2 and QUIC simply because middleware creators can not resist to discriminate.
[1] <https://grpc.io>
Nice. My solution involved more code: https://github.com/ThomasHabets/huproxy
I used to use a tool that does exactly this nearly 20 years ago to poke a hole through corporate firewalls, corkscrew.
https://github.com/bryanpkc/corkscrew
Personally I use https://github.com/jpillora/chisel as a reverse Proxy through nginx, then connect through it using OpenVPN to bypass a similarly restrictive firewall. But this discussion is filled with other, similar hacks, I may have to try some of them.
Corkscrew works for a specific use case:
1. you're behind an HTTP proxy, and
2. the HTTP proxy support the CONNECT method
Around 20 years ago I did a short contract which had #1 but not #2. Thankfully, there's a tool for this, too. Of course it requires some set up on the server side:
https://github.com/larsbrinkhoff/httptunnel
I learned about chisel in PEN-200 / preparing for the OSCP.
Then I learned about, Ligolo-ng [1] which is a game-changer. I highly recommend checking it out. It is most applicable to a penetration test. It uses TLS so I'm not sure it could be used to address the issue mentioned in the article.
[1] https://github.com/nicocha30/ligolo-ng
Related posts
- Can You Grok It – Hacking Together Your Own Dev Tunnel Service
- Exposer son pod à distance dans Kubernetes ou OpenShift avec Rust …
- Ask HN: Books/resources/materials that teach you VPN fundamental?
- Need your help ASAP
- Symfony in microservice architecture - Episode I : Symfony and Golang communication through gRPC