johncant
How do I use this for arbitrary TCP connections?
Can I use it for example to tunnel RDP through HTTP? How would I go about doing that? thanks
At the moment it supports 2 ways of doing this:
(1) The client script acts as a Socks5 server. Your RDP client would need to support Socks5.
(2) The ssh-connect script just proxies arbitrary data through STDIN and STDOUT. It's only called ssh-connect because you can use it in an option to ssh.
The easiest (but dog slow) way would be to set up an SSH tunnel through the HTTP tunnel and add the options -o ProxyCommand "./ssh-connect %h %p". You could also use socat or netcat (compiled with GAPING_SECURITY_HOLE) to bind to a port or domain socket that would execute the ssh-connect script every time a connection is received.
The tunnel works by polling the server every 200ms and sending and receiving JSON. The JSON contains the normal node.js stream events and encodes the binary data in base64. It's slow and not very reliable. You'd also be well advised to do some hacking to get better performance.
I'd be pleasantly surprised if this repo works well for you straight away. Please let me know how you get on!
Interesting project. But I can't get it to work. I've tried to run Putty to make SSH connections but I've got socks connection errors... I tried socks5, socks4, HTTP, etc. none seems to work.
@elfredo, would you like to provide more details please? I accept that it might be a bit flakey and totally devoid of error handling, but it definitely works! Maybe I can help you.
@johncant, It seems that the error occurs on Socks connection: "wrong socks version: xx" where x may equal 5, (strangely) 83, and others.
Here is another error I get when I connect SSH to 192.168.1.26 with putty using proxy 127.0.0.1:8888 Socks5 (tunnel and ssh servers are on 192.168.1.26). Tunnel is connected on 192.168.1.26:3001.
D:\Documents\code\node-http-tunnel-master>node client 192.168.1.26 development Client created LISTENING 127.0.0.1:8888 CONNECTED 127.0.0.1:50034 Received a connection
D:\Documents\code\node-http-tunnel-master\lib\request_tunnel.js:89 readyCallback(result); ^ TypeError: undefined is not a function at D:\Documents\code\node-http-tunnel-master\lib\request_tunnel.js:89:7 at process._tickCallback (node.js:419:13)
Thankyou for helping me find that bug:
The two calls to client.TCPConnection:
https://github.com/johncant/node-http-tunnel/blob/master/ssh-connect#L30
https://github.com/johncant/node-http-tunnel/blob/master/client#L39
client does not pass a second argument, so it will always fail. If I don't get round to fixing it soon, you could use the ssh-connect script or submit a PR
That issue is fixed but I'm still having problems. The server would previously have crashed after the first connection is closed. I tested it like so on one machine:
tab1$ ./server development
tab2$ ./client localhost development
tab3$ nc -x localhost:8888 www.google.com 80 # netcat on mac
# weirdly it says "oogle.comP"
# Then I type
GET /
# Then I receive an HTTP response from google
However, when I echo pipe echo -e "GET /\r\n" into nc, then it just gives me the weird "oogle.comP". I think it's something to do with not waiting until the socket is set up before sending.
@elfredo, please can you try it now? It now sends and receives the data when I use nc, but I still get the weird output. I also realised how insecure this is :)
Hi, I get new errors in the same conditions:
on server side:
stream.js:105 throw er; // Unhandled stream error in pipe. ^ Error: connect ECONNREFUSED at errnoException (net.js:670:11) at Object.afterConnect as oncomplete
on client side:
events.js:72 throw er; // Unhandled 'error' event ^ Error: connect ECONNREFUSED at errnoException (net.js:904:11) at Object.afterConnect as oncomplete
I think you're trying to connect to something that isn't listening, and my server is not catching the error. Maybe I'll get round to this in the next few days.
When I connect to 192.168.1.26:22 with no proxy the SSH server is responding. The thing is that I don't understand why the TCP connection is not made when the tunnel is established. Maybe the bug is that the packets are not reemitted to destination if both destination @ and tunnel server @ are the same ?
Well, HTTP can be thought of as connect -> send header -> receive response -> hang up, even though it doesn't strictly always work like this. The particular situation I wrote this for was a firewall that didn't even work with http streaming, so it had to look as kosher as possible. The request-response cycle means that the client initiates every piece of communication, so in order to get data back from the server, you have to poll with an empty request. However, there's no point in polling if there are no connections, because that would give away the server's existence before you even use it. You want to appear as a minuscule statistical blip on their analytics dashboard.
I've been running the server and client on the same machine and it appears to work OK, as long as no errors occur. What happens when you use ssh-connect or try connecting with bsd netcat -x (gnu netcat doesn't support SOCKS)?
OK i will test with ssh-connect. The thing is that I'm running Windows and Linux. So Putty was a good (and common) choice. Regarding the request-response cycles, have you tried to implement websocket (socket.io)? It could be faster and it seems that it works well with firewall.
Tried websockets and they didn't work! We're talking about a 2005 era McAfee firewall.
Well, I tried a website I built that used socket.io, which can fall back to long polling, and it didn't work, although I've got no idea why it shouldn't have done. Building an http tunnel was rather desparate.