Jump to content

How do I create a SSH Tunnel through a http tunnel?


Recommended Posts

Im Currently trying to create a ssh tunnel through a http tunnel, as one of the offices I use has recently had a http proxy installed.

The Http Proxy they have installed only allows http protocol over port 80.

So basically what im trying to do is:

App > SSH Client > Http Tunnel Client > Through Office HTTP Proxy > Http Tunnel Server(WHS) > SSH Server (WHS)

The reason I need to create these tunnels is because I use remote desktop through ssh tunnels at all of the other offices.

I have tried a few programs, but seem unable to create a connection to the server.

Is It possible if someone could explain simply how I would do this and suggest some programs I could use for the http tunnel (Preferably with GUI)?

Im currently using:-

Server: Windows Home Server (WHS)


Client: Windows Xp Pro


Thanks in Advance for any help. :-)

Link to comment
Share on other sites

This one works well and cross platform ++.

link does not work for me. I can see it cache don google, but neither their site or ftp seem to working. Maybe their DNS or site itself is down?

Link to comment
Share on other sites

You mentioned that they only would allow unsecured http traffic. Are you sure that you can't browse ssl secured sites?

Yes, SSL/TLS use port 443 by default. Is this port allowed? If you can check gmail or online banking then it is supported.

The most recent HAK5 video (Dec 17) showed an SSH tunnel. The default SSH tunnel is 22 - this will likely be blocked by the offsite Firewall filter. You can keep the ssh listen port at 22, but map the local 22 port to 80 on the public side (on your SSH server's WAN Firewall).

So if your SSH server resides on your home LAN, on your firewall, open public port 80 from the WAN side to port 22 pointing to the LAN IP address of the SSH server. THen setup DynDNS.org on your router's DNS update client or whatever.

You can then use Plink or PuTTY Tray to open a SSH session to your personal SSH server and set a loopback port (Hak5 used 9999 in video). Then configure your Web Browser and other clients proxy settings to locahost or and port 9999 and enable SOCKS 5.

If you use Firefox, get FoxyProxy extension and be sure to also check "DNS requests are proxied as well".

There is another way of doing this without an SSH client session running (this assumes port 443 or HTTPS is not disabled offsite). You can install a personal Proxy Server and Stunnel (SSL server) on a computer on your Home LAN. Squid and ProxyTunnel are two that come to mind


Configure Stunnel to redirect WAN traffic from the listen port 443 to the LAN proxy.

Then configure your Offsite webrowser to the WAN address and port of your proxy. No SSH client is needed, but this only works for HTTP and can't be configured for POP, IMAP etc ... without separate servers running.

Of course, if you can not change your web browser's Proxy settings then you're SOOL

Link to comment
Share on other sites

Ok.. Not going to read the wall of text but..

Just modify the configuration of the SSH daemon on the service to it uses the selected port you want make sure nothing else is listening on that port on the server side.

Then tunnel the selected port on the client side to the server, configure your application in this case firefox to use that port on the client/server side as a SOCKS tunnel.

Link to comment
Share on other sites

Ok I can log onto secure sites but when I use a port scan it comes up blocked.

Im no expert at this, but I already have ssh working on port 80 at all the other offices I use. Just im sure this proxy must block ssh as I cant connect.

Is there any chance you could explain (In a simple guide) how I would set up the proxy and stunnel please

Thanks for your replies.

Also any further advice would be appreciated, as I can try things again in the new year.

Thanks all, much appreciated. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...