
CorkScrew: A tool for tunneling SSH through HTTP proxies - dedalus
https://github.com/bryanpkc/corkscrew
======
paulddraper
Recently on a cruise ship I found my SSH access blocked.

 _And_ HTTP proxies were blocked too.

So I used a WebSocket proxy and that worked great. I highly recommend
wstunnel.

[https://github.com/erebe/wstunnel](https://github.com/erebe/wstunnel)

~~~
ohazi
Wait, so how did you start the other end of the tunnel if you were already on
the cruise ship with restricted access? Did you already have it running ahead
of time?

~~~
tyingq
Google's cloud shell is handy for this, provided you trust them for this
narrow use.

------
rossmohax
Bash only version:

    
    
      Host github.com
        User git
        ProxyCommand /bin/bash -c 'exec 3<>/dev/tcp/$PROXY_IP/$PROXY_PORT; printf "CONNECT %h:%p HTTP/1.1\n\n" >&3; cat <&3 & : ; exec cat >&3'

~~~
JoshTriplett
Some distributions don't have /dev/tcp enabled in bash, though.

~~~
leni536
socat can help in that case, if it's available. But I wonder if socat is
available on the same distributions by default.

~~~
vertex-four
some variant of netcat (nc) is generally available on most distros.

------
deniska
OpenVPN can connect through http proxies as well in case if you want to tunnel
all kinds of traffic

[https://openvpn.net/community-resources/connecting-to-an-
ope...](https://openvpn.net/community-resources/connecting-to-an-openvpn-
server-via-an-http-proxy/)

------
1996
Players tunnel SSH through DNS.

iodine is one of the many tools to do that. The best are not distributed, to
avoid creation of DPI rules.

cloudflare is doing something similar on 1.1.1.1 with wireguard.

~~~
djsumdog
iodine is great for getting free Wi-Fi too. Most captive portals don't block
DNS, but just do HTTP redirects. You can pump all your traffic over DNS to an
iodine server you have setup on a VM (it's not encrypted, so for the very
paranoid, run OpenVPN or Wireguard through your iodine tunnel).

Note: this is most likely illegal .. in every jurisdiction. So .. don't
actually do this.

~~~
QualityReboot
> Note: this is most likely illegal .. in every jurisdiction. So .. don't
> actually do this.

Sad if true. If a service is providing public DNS access without any service
agreement, I don't see how making DNS queries with it could be illegal,
especially on a public radio channel.

You might be right, but how?

It's certainly within their right to ban you by filtering out certain queries
though.

~~~
AdamJacobMuller
It's theft of service.

Remember as abstract as the law can be, the legal system is not going to be
amused by contrivances like "they were offering DNS service free and clear, so
tunneling youtube over DNS is fine"

The legal system is going to understand that you were trying to circumvent
paying for services and treat it appropriately.

~~~
QualityReboot
How can it be theft of service when they can deny you service at any time
automatically by identifying abnormally heavy users and removing them?

This isn't like bypassing the electrical grid by running your own line from
somebody else's service.

This is like saying it's theft of service to read a chapter in the bookstore.
If you hang out there all day, you might get kicked out, but that's not a
crime.

The courts might agree with you, but only because "computers are hard".

There's a world of difference between tunneling over DNS and compromising
servers. Or at least, there should be.

~~~
blackflame
"by identifying abnormally heavy users and removing them" \- That costs money,
ergo, theft. It's like if someone had to hire a security guard for a vending
machine.

~~~
QualityReboot
Or even just let those users alone. Users aren't stealing service if it's not
even the same service. It's much slower than buying wifi from the captive
portal.

DNS tunnelling is not fast or convenient. Places deploying captive portals
have probably looked at the risk to their business from it and have decided
not to worry about it.

I can't believe that using a slow DNS connection, intentionally made public,
to tunnel traffic would be considered theft or criminal.

How many free samples do I have to eat before I'm a theif? I don't believe I'm
a thief until the offer for free samples is rescinded.

~~~
blackflame
I would imagine at the very least you would degrade DNS resolution times for
legitimate users since there would be a lot more requests than usual

------
commandersaki
This is part of the standard toolkit at Telstra - otherwise nothing would get
done.

------
tbrock
Always great to have more tools that can do this sort of thing. I used to use
desproxy for this almost 20 years ago back in my windows days:

[http://desproxy.sourceforge.net/](http://desproxy.sourceforge.net/)

------
geggam
Been using this for years to get around silly corporate proxies

~~~
yjftsjthsd-h
I'm not going to tell you how to live your life, but isn't that intentionally
violating security policy and likely to end poorly? I suppose if we ignore
ethical questions it might come down to hoping that IT departments that block
stuff are also incapable of catching you, but that seems... riskier than I'd
like.

~~~
ryanlol
>and likely to end poorly?

I would guess that in most organizations it would be rather unlikely for this
to end poorly.

Most IT departments simply don’t give a shit about this stuff.

But hey, presumably you know your employer better than random internet people.

~~~
BLKNSLVR
If the IT Department has time to trawl through internet access logs, the
likelihood is that they're due for a headcount / productivity review.

In my experience. Further anecdotal evidence towards the previously mentioned
'corporate security is egregiously bad'.

------
derpherpsson
Proxychains and especially socat är really handy tools for borrowing through
filtering firewalls.

Socat is somewhat difficult to use though. But IMHO the best one.

------
55555
> Corkscrew is a tool for tunneling SSH through HTTP proxies, but... you might
> find another use for it.

What are some of the other uses for this?

~~~
commandersaki
Some companies force everything through a proxy. This is common with big
telcos and banks. So even if you want to SSH into a machine from your
workstation/desktop you probably want something like this. We used it for so
much more though - because it's not just a proxy between your workstation -
but there's many different bastion proxies situated all over the place
isolating and guarding networks.

So at the end of the day it's really just a productivity tool like your
calendar or email program, except this is used because corporate security is
egregiously bad.

------
johnchristopher
What's the difference with `ProxyCommand nc -X connect -x proxy_ip:port %h %p`
?

------
sigsergv
It requires CONNECT method to be enabled in the proxy, am I right?

~~~
brodo
Yes you are.

------
elktea
I used this the other day - works very well.

~~~
commandlinefan
I can’t quite tell from the readme (but I suspect the answer is probably yes)
- does corkscrew need to be installed on both the client and the server for it
to work?

~~~
elktea
no, just the client!

------
larodi
whats the 'new' about corkscrew? maintainer changed? i see no recent commits
with new stuff?

------
de_watcher
There is also htc/hts HTTPTunnel.

