Time
6 minutes
Difficulty
Intermediate

Video Transcription

00:05
Hello and welcome to another episode of breaking stuff with Robert today. We're going over http. Tunnel and http tunnel is a proxy, http proxy application or ah, tool that allows you to use get and post requests in order to
00:25
essentially bypassing a c l bypass. A fire will rule something of that nature. Go from a restricted system to maybe
00:31
ah less restricted system or gain access to assistant. You otherwise wouldn't be able to get to based on the current rule sets.
00:38
So this is really for this demonstration Purely command line. But it does have a gooey component that you can use, like on windows and things of that nature.
00:47
Now, this is going to be targeted at exploitation. Analysts looking to recreate attacks, you know, bypassed valuable rules. Do things of that nature to study that traffic. And look at that activity. Cyber defense analysts looking to create signatures for system behaviors related to bypassing controls
01:04
and of course, penetration testers that are looking to bypass
01:07
system controls
01:10
Now, while none of the knowledge is required is laid out here, it is recommended that you understand access control lists and their functions at a basic level knowledge of help. Tunneling works in what tunneling is the SS H protocol on what it is and does, since we will be using that in this demo
01:26
and a fundamental knowledge of Cali command line utilization.
01:30
So with those things in mind, let's jump into our demo.
01:36
Here we are, ladies and gentlemen, in the handy dandy demo environment. Now, you might notice that we have two systems up here. This is our second machine that we normally use. It has got an I P. Table rule listed here that will block port 22 traffic. Sshh. Traffic, too.
01:53
This box from
01:56
my test system. So you can see here if we do it if config that that i p matches the rule in the I P table. So when I try to do at this age
02:06
to the distant end
02:08
or the other callin machine, we get this nice connection refused message. Now,
02:15
when we give a look at the ports that are currently running, as you can see, only Port 22 is listening on this box and we were not able to make a connection. So let's say that I want to get around that I'm, ah, Penetration tester. Or maybe I want to generate some traffic that I can monitor, maybe create signatures
02:35
for the sport with respect to exploitation review.
02:38
So I'm gonna go ahead and for each
02:44
TTP tunnel, which is what we're revealing here today
02:47
as you can see its abbreviated to HTC. So if you want to see the different, you know, switches within that you can do on HTC help
02:58
that just gives you all the different switches. So we're primarily going to use the Ford ing to four report on this, and then we're going to show you how we can use that to then make a connection to a system that's blocking us. So
03:12
let's go ahead and jump right into that. So on this end, and I want to make sure that I am running the server side of this,
03:20
okay,
03:22
which is just the local host here,
03:23
I'm gonna do some 14 over 2139. So when we go back and look at that sat here,
03:30
we now see that 2139 is listening. Using that HTS service is so when we come back in,
03:39
we'll try to make that connection again, we'll still get refused. So
03:44
from that standpoint, I want to now afford this traffic this SS h traffic over that other port that's currently listening
03:53
and make my connection. So now I'm going to use the client side here I am fording, um over Port 80 90 is just a port. I can do anything here I could do 1234 and I want to. And then I'm affording to the distant end, which is 1 to 5138
04:13
And I want to hit port 2139 which is the port that's listening here.
04:17
So it starts doing that.
04:19
You can see here we are now in business. So when I go to make that S S h connection again,
04:27
I'm gonna use, um
04:30
I'm targeting my local host. And the reason for that is is that with this connection is going to go out over the port that I have created here. 1234 Okay. And it is going to hit. So when I do that of report
04:45
1234 the the idea years is that it is going to use my local machine okay. Over port 1234
04:53
using this particular rule to go to 2139 which is over here on the distant, endless name which will give me an S S H connection. So let's go ahead and hit. Enter.
05:04
And then now you can see that we can make that connection. And so if I wanted to, I could enter my password, and I now have access. Now let's go back just to validate.
05:15
I'm gonna do that the right way, don't we?
05:20
Now, you'll see here that we've got it waiting on that connection and that we still have 1234 listening. So if I go ahead and kill the process for that,
05:33
we see that it's no longer listening.
05:36
If I tried to make that S S h connection again, it refuses.
05:43
And if I try to make the connection
05:45
directly,
05:48
it refuses again. So, as you can see, this is just a brief demo of how you can use this http tunnel, um, to go over on http connection using, like, post and get requests to then bypass a rule and make like an SS H or other type of connection.
06:09
So with that in mind. Let's go ahead and jump back into our slides.
06:14
Well, I hope you enjoyed that demo of http tunnel. It was definitely interesting getting to work through that with you and show you how you can take a basic kind of foul rule or a C l and bypassed that using this pure http proxy that uses getting post request. So
06:32
with that in mind, I want to thank you for your time today,
06:35
and I look forward to seeing you again soon.

How to Use HTTPTunnel (BSWR)

HTTPTunnel is a tunnelling software which tunnels network connections through restrictive HTTP proxies over pure HTTP “GET” and “POST” requests.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor