Home    Training    Downloads    Tutorials    Arbitary    Get Fate    Proxy Info
 
Training session 9: Proxy Tunneling
Difficulty: Medium
Learn how to tunnel proxies with only telnet
Creator: m101


Although it may seem primitive to use telnet to surf web sites, use IRC and other things, it can be very useful in some situations, like when your school decides to block port 6667 and you cant get on IRC anymore, so what do you do? Tunnel the school proxy to another proxy and access IRC from there.

First thing is first, i will go thru this in a school situation because it is easier to grasp the concept. Find out your school's proxy server, either go into Internet Explorer and goto Tools >> Options >> Connections >> Lan Settings and read off the proxy server address, it should be something like 'Address: proxy.school.edu Port: 8080'

Open up a telnet client and connect to this proxy server, now type in:

connect http://fate.area-6.net:80 http/1.1
<enter>

You should get a 'HTTP/1.0 200 Connection established' from the proxy, you are now connected. Now type the following:

GET /index.html HTTP/1.0
Proxy-Connection: Keep-Alive
Date: Wed, 27 Aug 1997 08:24:46 GMT
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Charset: iso-8859-1,*,utf-8
Accept-Language: en
Host: fate.area-6.net
User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
<enter>

You should get something simmilar to the following:

HTTP/1.1 200 OK
Date: Fri, 01 Feb 2002 06:46:40 GMT
Server: Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_
ssl/2.8.4 OpenSSL/0.9.6b DAV/1.0.2 PHP/4.0.6 mod_perl/1.24_01 mod_throttle/3.1.2
Last-Modified: Sat, 26 Jan 2002 07:35:01 GMT
ETag: "4bab-c7a-3c525c25"
Accept-Ranges: bytes
Content-Length: 3194
Connection: close
Content-Type: text/html
.....>SNIP<.....


Now let us look at what we actually told the server to send us:

GET /index.html HTTP/1.0
-This tells the server to send us http://fate.area-6.net/index.html

Proxy-Connection: Keep-Alive
-Tells the server to keep the connection alive after our request

Date: Wed, 27 Aug 1997 08:24:46 GMT
-Current Date/Time

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
-Formatting Details
Accept-Charset: iso-8859-1,*,utf-8
-What characters your connection can revieve

Accept-Language: en
-Language

Host: fate.area-6.net
-The connection you are connected to

User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
-The details of the browser

So in fact we only really need to send the following information:

GET /index.html HTTP/1.0
<enter>

But the other information may come in handy if a site is discriminant to something such as the browser you are using.

So now you know how to tunnel your proxy to surf the net. IRC is a little harder:

connect http://irc.area-6.net:6667 http/1.1
<enter>
user username user user :user
nick m101
join :#area6
PRIVMSG #area6 :hey ppl
PING :irc.area-6.net

So firstly we create a connection to our Proxy, then connect to our IRC Server, send the IDENT information that is required. Set our nick to m101, join #area6, send a message to #area6 saying 'hey ppl' and now the 'PING :irc.area-6.net'

What this 'PING :irc.area-6.net' does is when the IRC server wants to check if your connection is still active, it sends a 'PONG :irc.area-6.net' request and you have a limited ammount of time to reply or it disconnects you. This is a slight downfall in tunneling proxies for anonymous IRC access as you have to keep replying to these requests.

You now know the basics of tunneling a proxy, but this still creates problems as its only one proxy, and the proxy may require authentication. If you are unlucky and the proxy you are testing this thru requires authentication here is what you do is change your proxy request to something like this:

connect http://fate.area-6.net:80 http/1.1
Proxy-Authorization: Basic bTEwMTphcmVhNg==
<enter>

This tells the server our username and password thru the encrypted string 'bTEwMTphcmVhNg=='

To create a string with the your username and password in it do the following:

Encrypt the string 'desiredusername:desiredpassword' with Base 64 Encryption, this is descibed in another tutorial if you dont know how to do it.

So an example of how you may tunnel a proxy from a place like school to gain access to the material you want, but is not allowed would be achieved by something similar to the following:

telnet proxy.school.edu 8080
connect http://proxy.business.com:8080 http/1.1
Proxy-Authorization: Basic bTEwMTphcmVhNg==
<enter>
connect http://irc.area-6.net:6667 http/1.1
<enter>
user username user user :user
nick m101
join :#area6
PRIVMSG #area6 :hey ppl
PING :irc.area-6.net

This request would connect to the school proxy, supply it with a username and password, tell it to connect to a businesses proxy and then log onto IRC.

Proxies often block ports so you may have to use abnormal port proxies to connect, a list of proxies can be found here
Name

URL or Email

Message