desproxy Readme

desproxy - a TCP tunnel for HTTP proxies

(c) 2001 Miguelanxo Otero Salgueiro
desproxy.sourceforge.net

desproxy is just an answer to a question I have been wondering, for about a year: ¿Is there any way to make TCP connections trought HTTP proxies? Short answer: YES! Long answer: YES, but at the expense of decreased flexibility. Maybe it isn't useful for you (I hope that's not your case), or its too difficult for you newbie. desproxy just stands between your proxy and your favourite TCP application, waiting for a connection to make a TCP tunnel trought the HTTP proxy. Let's see one example

Real life example

Imagine you're inside a corporation, with a HTTP/1.1 compliant proxy (proxy.corporation.com:8080) that is the only way to get out there... But, hey! you want to chat using your favourite irc server (irc.foo.bar:6667 isn't that?) so you launch "desproxy" this way:

desproxy irc.foo.bar 6667 proxy.corporation.com 8080 6667

Now, desproxy is listening on your local port 6667, waiting for a connection (from your irc client). So you launch xchat, zircon... and type

/server 127.0.0.1 6667

xchat now tries to connect with your local port 6667, desproxy "hears the bell" and after accepting the incoming connection, makes a connection to the irc server (irc.foo.bar 6667) trough the HTTP proxy (proxy.corporation.com 8080). When it gets the connection with the irc server, desproxy hooks the two sockets together, so xchat gets the wellcome message from the irc server as if it were connected to /server irc.foo.bar 6667 .

Usage

Usage: desproxy remote_host remote_port proxy_host proxy_port local_port

remote_host & remote_port: Address of the machine you want to connect to.
proxy_host & proxy_port : Address of the HTTP proxy.
local_port : The one in which desproxy will listen waiting for connections.

Programs reported to work using "desproxy"

telnet (OK)
ftp (not transfers, just basic commands)
ncftp (untested, should work in passive mode)
ssh & scp (OK)
popclient & fetchmail (OK)
sendmail (OK)
xchat, zircon, mIRC for windows (only basic behaviour, no DCC)

Programs that WILL NOT work using "desproxy"

Those that accept (or request) connections to start from the other side of the proxy (remote to local), like classic ftp (not passive).

desproxy-inetd

desproxy-inetd is just a flavor of desproxy that doesn't bind to a local port but reads directly from standard input (and doensn't display anything beside the raw incoming "tunnelized" connection.

Usage: desproxy-inetd remote_host remote_port proxy_host proxy_port

NOTE the lack of local_host. desproxy-inetd is designed to work like any other inetd daemon. Here is my /etc/inetd.conf line for fetchmail:

pop3 stream tcp nowait mail /usr/bin/desproxy-inetd desproxy-inetd atlas.uvigo.es 110 httpproxy.uvigo.es 8080

desproxy-inetd works great to test if your proxy supports TCP tunneling; just launch

desproxy-inetd ftp.gnu.org 21 your.proxy your_proxy_port

and wait to see the FTP prompt! does it work? great! NO?...

desproxy-socks4server

desproxy-socks4server is a Socks version 4 server using desproxy . That means you can manage dinamic connections trough your HTTP proxy. For example you can use MSIE, MS Messenger, News readers, Irc clients... every application supporting a socks server/proxy.

desproxy-socks5server

desproxy-socks5server is a Socks version 5 server, just like desproxy-socks4server is a Socks version 4 server.

desproxy-dns

desproxy-dns is a dns forwarder using desproxy. It's used in conjuction with a socks server, because many clients need dns access to resolve names prior to passing them to the socks server. It supports UDP & TCP access, and forwards dns queries using TCP connections to public DNS servers. You can use any DNS server you wish, just search the web for one and give it a try!

Troubleshooting

A normal desproxy session looks like this:

miguel@Kosmos3000$ desproxy 127.0.0.1 21 127.0.0.1 4480 2222 ----------------------------------- desproxy 0.0.8 HTTP/1.1 (c) Miguelanxo Otero Salgueiro 2001 ----------------------------------- Listening on port 2222 Connection request from 127.0.0.1, port 1227 Connecting to http proxy (127.0.0.1:4480) Bidirectional connection stablished (127.0.0.1:21) <-> (localhost) proxy -> local (72) bytes local -> proxy (13) bytes proxy -> local (35) bytes local -> proxy (14) bytes proxy -> local (447) bytes End of connection.

Here, I connect to my local ftp server (127.0.0.1:21) using my local proxy (127.0.0.1:4480). You can see were the connection from another session was accepted (from 127.0.0.1 too :)), how after the connection is accepted desproxy connects to the proxy and some REAL interchange of bytes (a FTP login session).

"desproxy" is quite self explanatory about errors. "desproxy-inetd" is far more obscure, because the way inetd uses it (can't print error messages).

Basically there are two kind of errors:

Errors reported when connecting to the proxy: the http page showing the error is displayed.

Every other error: a short error message is displayed.

Errors reported by proxy may be the worse...

Some common HTTP errors (as reported by the proxy)

HTTP 400 Bad Request -> some versions of desproxy (0.0.21) cause this error (FATAL)
HTTP 403 Forbidden -> forbidden to do that (FATAL)
HTTP 404 Not Found -> Page not found, or resource not found (MINOR)
HTTP 405 Method not Allowed -> can do CONNECT method (FATAL)
HTTP 500 Internal Server Error -> maybe you're trying to connect to a closed port (conenection refused) (MINOR)
HTTP 503 Service Unavailable -> The proxy can't reach the site (MINOR)
HTTP 505 HTTP Version Not Supported -> CONNECT method not available (FATAL)
HTTP 502 Bad Gateway -> Stands for "DNS lookup error" (MINOR)

(FATAL) -> forget about using "desproxy", you can't surpass the proxy.
(TODO) -> To do, not yet implemented.
(MINOR) -> temporary fault or maybe YOUR fault!

COPYING

desproxy is licensed using the GNU GENERAL PUBLIC LICENSE.
Please read COPYING for more details.