I became interested, a little while ago, in how to tunnel encrypted traffic through an http proxy and firewall with only the standard open ports (80, 443).  There are a number of reasons to do this, basically anyone sniffing or logging will not be able to tell the difference between the tunnelling and regular https traffic.  It will appear as one https session to a destination address.  I'll leave it up to all of you to figure out the useful scenarios.  In any case, I wasn't able to find any documentation that explained how to do this simply, so here we go:

In this example, I'll use two machines workComp - a winxp computer sitting behind the standard corporate firewall with only proxied http and https access, and homeComp - a winxp computer sitting behind a router/gateway running NAT and a simple blocking firewall (e.g. linksys).

Step 1: Download and install OpenSSH

On homeComp download OpenSSH for windows from: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688/ Follow the instructions and install it.  Once its installed configure it according to the documentation- be sure to use a strong password/username because it will be visible to the internet (although disguised in a way, as I explain in a bit.)  Once you're sure that it is working correctly (test it using ssh localhost, and you can get to a shell) it is time to configure it for the tunneling.

Step 2: Configuring OpenSSH

On homeComp edit the file c:\program files\openssh\etc\sshd_config.  Note the file name is sshd_config and NOT ssh_config.  So in the sshd_config file, you want to make 2 important changes:

1. Uncomment the port line and change it to 443.  This is very important if the http proxy that workComp is behind is doing anything at all to detect tunneling.  Basically, this disguises the connection so the proxy thinks its a regular https connection.  I've found that these things implement some of the worst security I have ever seen - check out http://www.bluecoat.com/downloads/support/BCS_tb_tunnelling_applications.pdf if you want to have a laugh, they control tunneling by verifying the user agent header and port on the destination.

2. Uncomment the line with AllowTcpForwarding, and set it to yes.  This will allow the forwarding to take place.

Step 3: Configure port forwarding on the router (on homeComp net)

1.  You now have to configure port forwarding on your router so you'll be able to access homeComp from the internet.  Go to your port forwarding setup on the router and set to forward all 443 TCP traffic to the nat'd IP of homeComp (ex. 192.168.100.1).

You're now finished configuring homeComp - next are the steps for workComp.

Step 1: Download Putty

1. You can get putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html - install it.

Step 2: Configure Putty for use with the proxy

1. Under the session tab enter the external IP of homeComp - this will be the router's ip - you can get this from going to status or something of the like on your router.  This should not be a 192.168 address.  Enter the port as 443 (this is going to fool the proxy).  Next set the protocol to SSH.

2. Now go down under Connections and pick your proxy type (I used http, but you may want to pick something else if you are behind a socks proxy).  Enter in its hostname and port.  If you don't know what this is check the proxy settings for your web browser, this should give you all the information you need.  It'll probably be 8080..

3. Under the SSH tab set the protocol for version 2 and move AES encryption up to the top with 3DES below.

4. Now under the SSH tab, click on Tunnels - this part gets a bit confusing.  Source port is the port on workComp you want to forward over the tunnel and destination should be localhost:port.  This is because when homeComp gets the forwarded packets, it will forward it to localhost:port - which will be homeComp:port - exactly what we need.  This is also interesting, because we could set it up to forward to a 3rd machine, I'll leave that one up to someone else with some good ideas.  When your done, click add and you should have something like “L5900 localhost:5900” - I set up this forward so I can use VNC from workComp to connect to homeComp.

5. Remember to save your session, up on the main session tab, as it is quite annoying have to type all these settings in every time you start up putty.

Step 3: Connect!

1. If you've done everything correctly here and you can get out on workComp, just fire up putty and click connect.  You should be able to connect to your homeComp and get a shell up.  But there is one final task, start up the tunnel for whatever app you configured in forwarded ports.

2. Open the app which you configured your tunnel for (in Step 2.4 - on the workComp) and connect to localhost on specific port.  For tightVNC connect to localhost:5900, if we wanted to tunnel out http, we would configure our browser to use localhost:8080 and set up the similiar rule in putty.  Putty will grab the request, encrypt and tunnel it over https.  Ding.  You’re done.

Somehow I think this ended up much more confusing than I meant - let me know how I can clarify this more, or of any confusing parts and I'll fix it up.