https://github.com/adrianvollmer/htun
htun tunnels IP traffic transparently over HTTP or TCP
https://github.com/adrianvollmer/htun
http-tunnel ipoverhttp python tunneling
Last synced: 6 months ago
JSON representation
htun tunnels IP traffic transparently over HTTP or TCP
- Host: GitHub
- URL: https://github.com/adrianvollmer/htun
- Owner: AdrianVollmer
- License: mit
- Created: 2018-09-09T12:29:59.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2023-10-18T01:49:16.000Z (almost 2 years ago)
- Last Synced: 2025-03-20T14:22:40.983Z (7 months ago)
- Topics: http-tunnel, ipoverhttp, python, tunneling
- Language: Python
- Size: 34.2 KB
- Stars: 137
- Watchers: 5
- Forks: 11
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
htun
====
htun is a transparent tunnel for transporting IP traffic over HTTP or TCP.
It was developed with situations in mind where traffic to the internet is
restricted. For instance, some networks don't allow traffic to the internet
at all and require you to go through an HTTP proxy. htun enables you to get
full internet access in those situations (all ports, all protocols). It also
supports using a SOCKS proxy.
Obviously, performance takes a huge hit. So it is meant for some light
browsing or downloading small files sporadically. Expect transfer rates to
be cut by a factor of up to 100.
Also, it is not encrypted by default. It is recommended to put another
tunnel on top, such as Wireguard.
Since python-pytun is required, which is a non-portable module, this will
only run on Linux.
Requirements
------------
To run htun, you need Python3 and the following modules:
* urllib3==1.24
* python_pytun==2.2.1
* pytun==1.0.1
* SocksiPy_branch==1.01
Recommended:
* hexdump==3.3
Usage
-----
The script needs to be run with root privileges both on the server and the
client. On the server, run:
./htun.py --server
On the client, run:
./htun.py --uri
By default, it uses HTTP on port 80 and the IP addresses 10.13.37.1 and
10.13.37.2 for the client and the server, respectively.
For all options, run `./htun.py --help`:
usage: htun.py [-h] [--debug] [--client-addr CADDR] [--server-addr SADDR]
[--tun-netmask TMASK] [--tun-mtu TMTU] [--tun-timeout TIMEOUT]
[--route-subnet RSUBNET] [--proxy PROXY] [--username USERNAME]
[--password PASSWORD] [--listen-port LPORT] [--bind-ip BINDIP]
(--server [{http,tcp}] | --uri URI)
htun tunnels IP traffic transparently over HTTP or TCP (author: Adrian
Vollmer)
optional arguments:
-h, --help show this help message and exit
--debug, -d debug flag to true (default: False)
--client-addr CADDR, -c CADDR
tunnel local address (default: 10.13.37.1)
--server-addr SADDR, -s SADDR
tunnel destination address (default: 10.13.37.2)
--tun-netmask TMASK, -m TMASK
tunnel netmask (default: 255.255.255.0)
--tun-mtu TMTU tunnel MTU (default: 1500)
--tun-timeout TIMEOUT
r/w timeout in seconds (default: 1)
--route-subnet RSUBNET, -n RSUBNET
subnet to be routed via tunnel (default: None)
--proxy PROXY, -P PROXY
proxy URI (://:) (default: None)
--username USERNAME, -u USERNAME
username for HTTP proxy basic authentication (default:
None)
--password PASSWORD, -W PASSWORD
password for HTTP proxy basic authentication (default:
None)
--listen-port LPORT, -p LPORT
listen port of the server component (default: 80)
--bind-ip BINDIP, -b BINDIP
bind IP address of the server component (default:
0.0.0.0)
--server [SERVER] local port and bind address (http, tcp)
(default: http)
--uri URI remote URI (://[:]) (default: None)
Examples
--------
### TCP Tunnel
To use a TCP tunnel on port 443, run
./htun.py --server tcp -p 443
on the server side and
./htun.py --uri tcp://:443
on the client side. Now the client can reach the server via the IP address
10.13.37.2
### SOCKS Proxy
To use HTTP over a SOCKS5 proxy on port 5000, run
./htun.py --server
on the server side and
./htun.py --uri http:// --proxy socks5://:5000
on the client side.
### Proxy Authentication
Proxies using basic authentication are supported (but yet untested).
A proxy requiring NTLM authentication is not supported because
`python-urllib3` does not support NTLM. It is suggested to use `cntlm` as an
additional SOCKS proxy.
Performance
-----------
Performance over a TCP tunnel is much better than over an HTTP tunnel.
Expect several orders of magnitude in degradation of the connection when
using HTTP.
Example downloading 713k bytes without the tunnel:
$ curl https://example.com/example.png > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 713k 100 713k 0 0 2680k 0 --:--:-- --:--:-- --:--:-- 2680k
Downloading the same file with an HTTP tunnel:
$ curl https://example.com/example.png > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 713k 100 713k 0 0 12177 0 0:00:59 0:00:59 --:--:-- 16590
With a TCP tunnel it's at least around 3% of the original speed:
$ curl https://example.com/example.png > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 713k 100 713k 0 0 37640 0 0:00:19 0:00:19 --:--:-- 41086
To do
-----
* Make performance improvements when using HTTP
* Experiment with threaded requests
Disclaimer
----------
Keep in mind that the administrator of the network most likely did not want
you to bypass the restriction that were set up. The restriction is probably
there for a reason and you need to respect that. Using this tool may violate
terms and conditions or company rules and may possibly even get you in legal
trouble and/or fired from your job.
Use this only if you know that you have permission to use it by everyone
involved.
Author
------
Adrian Vollmer, 2018