Tunnel SOCKS via HTTP
Tunnel arbitrary traffic via HTTP using a local SOCKS daemon and a remote PHP proxy script. By only relying on plain HTTP, default PHP instances can be used.
socks2http
allows for using a remote PHP script to proxy arbitrary traffic. As it does not rely
on proper HTTP proxying that requires a particular destination Host
header, even shared webspace
can be used for this purpose. Running as a local SOCKS4 daemon, many applications can use it
natively.
Incoming connections are transparently wrapped into HTTP which are then proxied by the PHP endpoint
that connects to the actual destination. By using only POST
requests, the handling of CONNECT
requests by intermediate proxies or a similar restriction on proxy usage gets circumvented. Also,
most PHP instances would not support CONNECT
handling. However, as there is no additional security
layer, this is all merely for obfuscation purposes due to HTTP.
Mode of operation
+------------+ ----HTTP--> +-----------+ +----------+
+--------+ | | <~~stream~~ | PHP bind | <~~?~~> | InterWeb |
| Client | <--SOCKS--> | socks2http | +--^-IPC-^--+ +----------+
+--------+ | | ~~~~HTTP~~> | PHP write |
+------------+ <----OK---- +-----------+
- The client program only deals with the local
socks2http
daemon as its configured SOCKS4 proxy. - An HTTP POST request is made to the proxy script, indicating the desired destination.
- If the remote connection was successful, the HTTP response will be used to continuously stream arbitrary reply traffic back.
- Upcoming client data to be sent (such as an actual HTTP request) will trigger a new standalone request as wrapper. It will be passed to the script instance maintaining the upstream socket using some IPC mechanism.
Running the PHP proxy
The PHP script requires support for IPC via
message queues
(other methods would also be suitable), and the permission to connect to arbitrary destinations using
fsockopen
.
This should be the case for default installations.
After uploading the script to a hoster of your choice, build and run the local proxy for example by typing:
make && ./socks2http 4444 example.com:80/proxy.php
By this means, local socks traffic at port 4444 will be tunneled to and handled by the given
destination, using only direct POST
requests.
Please note that the whole process is still pretty fragile and comes with a serious performance penalty, as the code is neither robust, tested, nor generally tweaked enough for “production” use at the moment.