exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

iptun-ssl.txt

iptun-ssl.txt
Posted Dec 24, 1999
Authored by Coaxial Karma

Step by Step instructions for tunnelling IP through an SSL Proxy using two linux boxes, pppd, ipfwadm, and ppptcp-ssl.

tags | paper
systems | linux, unix
SHA-256 | 0dea7e4d8de7848934326ba14c32424742eca07f1b208d21ec80e262ffbdfb8c

iptun-ssl.txt

Change Mirror Download
From: "Coaxial Karma" <c_karma@hotmail.com>
To: news@technotronic.com
Subject: IP tunnelling through SSL proxy
Date: Thu, 23 Dec 1999 10:34:02 PST
Mime-Version: 1.0

-[ Tunnelling through an SSL Proxy ]-

-[ Introduction ]-

I know this may be known stuff, but since I haven't seen a lot of
released tools to implement this concept (through an SSL Proxy),
I've decided to write something about it.

Here is what you'll need in order to create your tunnel:

1) Two linux boxes with root privileges - one on each side of the firewall

2) pppd-2.2 or greater - already installed on both linux boxes
(it is recommended to use the same version on both linux boxes)

3) ipfwadm-2.3.0 or greater - already installed on both linux boxes

4) ppptcp-ssl.tar.gz (207.236.226.123/ppptcp-ssl.tar.gz)

Futhermore, you must have the following options turned ON in your
kernel:
- Network firewalls
- Forwarding/gatewaying
- IP: Firewalling
- Masquerading

And make sure IP forwarding is turned ON (not only in your kernel!)

The following has been tested with:
- linux kernel 2.0.29/2.0.35/2.0.37
- pppd 2.2.0/2.3.7
- ipfwadm 2.3.0

-[ Installation ]-

On both linux boxes, do the following:

1) cd /usr/local/src; tar zxvf ppptcp-ssl.tar.gz
2) cd ppptcp-0.6; make

-[ Configuring the tunnel ]-

Let's assume the following configuration:

Linux #1 IP: 10.8.20.50 (inside the corporate network)
Linux #2 IP: 154.5.21.77 (outside the corporate network)
Proxy IP: 10.8.18.254 (port 8080)
Your default route: 10.8.20.1

1) Start a ppptcp server on Linux #2 listening on port 443:
ppptcp 443 -- silent 192.168.1.1:192.168.1.2 proxyarp &

2) Configure ipfwadm on Linux #2 to masquerade for Linux #1:
ipfwadm -F -a accept -S 192.168.1.2/32 -m

3) Delete default route on Linux #1:
route del default

4) Add a route to your proxy on Linux #1:
route add -host 10.8.18.254 gw 10.8.20.1

5) Start a ppptcp client on Linux #1 (also support authentication):
ppptcp 154.5.21.77 443 10.8.18.254 8080 &

6) Add a default route on Linux #1:
route add default gw 192.168.1.1

7) You're set!

Once the tunnel is established, you could also use Linux #1 as a
router for friends in your corporate network. They could then access
the Internet without any restrictions. In order to do so, you need
to:

1) Add a masquerading rule to Linux #1 for your friends:
ipfwadm -F -a accept -S 10.8.20.0/24 -m

2) Delete default route on machines that want to bypass firewall:
route delete 0.0.0.0 (on Win95/98/NT)
route del default (on UNIX)

3) Add a default route on machines that want to bypass firewall:
route add 0.0.0.0 MASK 0.0.0.0 10.8.20.50 (on Win95/98/NT)
route add default gw 10.8.20.50 (on UNIX)

-[ Conclusion ]-

By default, ppptcp doesn't encrypt the traffic. If you want it to
encrypt the traffic, read the INSTALL file provided with ppptcp ;-)

It may also be interesting to note that making internal machines
reachable to Linux #2 is also trivial once the tunnel has been
established. Therefore, this makes for an interesting backdoor
to internal network.

have phun!

ck

-[ Credits ]-

1) encode_base64() function has been excerpt from httptunnel 2.11
from Lars Brinkhoff.

2) ppptcp-0.6 from Sam Lantinga has been slightly modified to
support SSL proxy and proxy authentication.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close