Domain: htthost.com
Stories and comments across the archive that link to htthost.com.
Comments · 11
-
Comments from the author
First of all, thank you for attention.
Now, I will try to answer some of the above question and explain my point.
This projects is a live development environment (you may call it framework or library) which simply grew out of my own personal development needs. As I do development of business-oriented services, it answers some of the real questions.
For example, "... Or; you could try writing it correctly from the beginning." is wrong. Have you ever written anything which was right from the start or would not have to be changed ever ? On the other hand, have you ever faced a need to restart a busy live service for upgrade because there is a typo in a wording ?
This leads the first (out of the two) Pythomnic principles - simplify _building_ (introducing new stuff and fixind existing). You can change the source code on the fly and reconfigure the thing without stopping the service, moreover without any visible service interruption.
Py-Fate is useful indeed, thank you. It's the second major Pythomnic principle - be ready for failures as they are inevitable and design accordingly. It can be used as a separate project (which it is - in fact a single Python module), but it fits Pythomnic making it more useful.
As to the lack of useful stuff, agree 100%, but please, this is one person project release 1.0. If you would like to contribute, you are sure welcome. The information on the site is covering everything, but it's certainly not written in marketing language (I never worked in marketing). If you have questions, please feel free to ask (e-mail or forum).
I will be continuing the project, because I feel the project is answering the right questions. You may contribute, or you can help with design or you can just consider it to be a concept at this moment and keep an eye on it. -
https steganographic, encrypted proxiesFrom http://doc.asf.ru/Tools%20&%20Utilities.htm
Corkscrew (Unix, Windows) : Tunnel SSH connections through an HTTP proxy.
Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP,
... Also supports proxies, cookies, authentification, resumes, ...DesProxy (Unix, Windows) : Tunnel TCP connections through an HTTP proxy, eventually by converting SOCKS requests.
FizzBounce (Unix) : TCP redirector through HTTP proxies.
HTTPort (Windows) [Closed source]: Tunnel TCP connections through the HTTP protocol, by simulating a SOCKS server, and by eventually using an intermediate server.
HTTPTunnel (Unix, Windows) : Bidirectionnal tunnel through HTTP requests, eventually through an HTTP proxy.
LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP,
... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...MultiProxy (Windows) [Closed source]: HTTP proxies tester. MultiProxy can be used as a proxy server who use a different proxy for each request.
Numby (Unix) : Scanner for HTTP vulnerables proxies.
Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.
ProxyTools (Unix, Windows) : Set of Perl utilities, who permits to use, sort, test and search for HTTP proxies.
TransConnect (Unix) : Transparently tunnel TCP connections through an HTTP proxy.
Zylyx (Unix) : permits to access to files through HTTP proxy caches.
-
Re:Can someone explain to me what is meant by...
HTTPort has got to be the best steg browsing solution out there. I hear it's very popular in Saudi Aribia, which is much worse than China.
-
Re:Proxy OutAnother option is htthost and httport. A little more complicated to setup than SocksCap, but especially good if you only want to use your proxy connection for some apps, but not all, and also if you just want everything to look like (encrypted) HTTP traffic (like if you're at work).
It isn't going to help the original poster with INBOUND connections though, which is obviously his primary concern. For that it seems like VPN/SSH will be necessary... I doubt it's fast enough going all the way out to your friend's cable modem and then back out to the real internet, but it's worth a shot. Otherwise one of the paid VPN providers mentioned in other posts is probably the best option.
-
Re:Cool, but effective?
A GOOD firewall will be doing more then just blocking ports. It will analyze packets to determine the type of comunication being used. Which is not to say such things can't be circumvented, but it is much harder then just using a proxy.
Not quite. Case in point; try blocking instant messengers on your network. Turns out that if you block specific ports, you'll find that they start using port 80.
Ok, block any IM content on port 80, and they move to port 443, that's HTTPS, encrypted.
Ok, so you block some IM server hostnames (there are many) on your DNS server and block access to outside DNS and proxies. Then you find out that there are apps such as htthost/httport that will happily run on a box outside your network accepting encrypted traffic on the HTTPS port and with HTTPS headers, but that are actually proxies (similar things can be achieved on a linux box with a simple enough shellscript). This works easily enough to be downloaded by your smarter-than-average bear.
P2P programs could easily go the HTTPS route if blocking becomes enough of a nuisance. They went route 80 (HTTP port) a long while ago.
So what are your alternatives? Perhaps degrade network performance by interrupting (apparent) HTTPS sessions once in a while so that people won't be able to use certain applications? Or disallow any kind of encrypted communications?
Creative people will always find a way around it. You're better off dealing with those sorts of threats from the inside by dealing with the people rather than the technology. That's probably also true for outside hackers, script-kiddies and virusauthors, but those you typically don't know. -
Re:Eventual failure
Try HTTPort, an encrypting steganographing proxy. It's a hard problem to tell HTTPort traffic from ordinary http traffic.
-
Re:Eventual failureExecutables on CD-ROMs or USB keys with HTTPort or similar is probaly the correct solution. The extent to which ordinary worms and viruses naturally play havoc with public PCs make detection of such subterfuge very difficult. The officials involved are more interested in assuring their superiors that they are on top of the problem than actually stifling dissent. As long as they can make an example of a few people per year, the rest of the country will probably be able to use google groups, yahoo mail, etc., with impunity.
Eventually one of the people made an example of will be seen to hae espused a popular or logical viewpoint, and there will be pressure to cut back on the iron fist. Then the fun begins.
-
Re:application-level firewalls are pointless
Setting this up is a bit beyond "the non-technical PC user"
They don't have to set up the HTTPort servers. But if they wanted to, it's no more difficult than running an installer on their broadband-connected home PC.
The real problem is that when you don't block things like SSH, you can log when and where such connections are going. When you do, determined users migrate to something like HTTPort, and now you loose the ability to track such connections.
HTTP application layer firewalls are not just used for blocking outgoing stuff, you can run them infront of webservers to protect against a variety of exploits/overflows
You must be referring to IIS. Wouldn't it be better to just use a web server without vulnerabilities than spend for an external patching system?
-
httPort
check out httport which allows you to run TCP over HTTP (over TCP over IP). You can go right out over port 80, or anything else that's open. There are some public servers, but you can also run your own server elsewhere to tunnel out - you can encrpyt the traffic between you and your own server too. Great for getting web and email from work - setup one browser to be your personal encrypted web connection and use another as your "work" browser.
-
Re:So?maybe "the wiley" will use HTThost to tunnel to an external proxy via http on port 80. works ok [where 'ok' is defined as 'ass slow'] through my great firewall.
Though, it would help if everyone in china had a computer on broadband "at home" (outside china) to be their proxy.
-a
-
Re:Gaining access to blocked ports for Kazaa etc??
HTTHost I Haven't tried it, but I just saw it last night and it claims to do exactly what you are looking for. Good luck with it.