智能家居>> htun>> 返回
项目作者: AdrianVollmer

项目描述 :
htun tunnels IP traffic transparently over HTTP or TCP
高级语言: Python
项目地址: git://github.com/AdrianVollmer/htun.git
创建时间: 2018-09-09T12:29:59Z
项目社区:https://github.com/AdrianVollmer/htun
开源协议:MIT License
下载


htun

htun is a transparent tunnel for transporting IP traffic over HTTP or TCP.

It was developed with situations in mind where traffic to the internet is
restricted. For instance, some networks don’t allow traffic to the internet
at all and require you to go through an HTTP proxy. htun enables you to get
full internet access in those situations (all ports, all protocols). It also
supports using a SOCKS proxy.

Obviously, performance takes a huge hit. So it is meant for some light
browsing or downloading small files sporadically. Expect transfer rates to
be cut by a factor of up to 100.

Also, it is not encrypted by default. It is recommended to put another
tunnel on top, such as Wireguard.

Since python-pytun is required, which is a non-portable module, this will
only run on Linux.

Requirements

To run htun, you need Python3 and the following modules:

  • urllib3==1.24
  • python_pytun==2.2.1
  • pytun==1.0.1
  • SocksiPy_branch==1.01

Recommended:

  • hexdump==3.3

Usage

The script needs to be run with root privileges both on the server and the
client. On the server, run:

  1. ./htun.py --server

On the client, run:

  1. ./htun.py --uri <SERVER URI>

By default, it uses HTTP on port 80 and the IP addresses 10.13.37.1 and
10.13.37.2 for the client and the server, respectively.

For all options, run ./htun.py --help:

  1. usage: htun.py [-h] [--debug] [--client-addr CADDR] [--server-addr SADDR]
  2.                [--tun-netmask TMASK] [--tun-mtu TMTU] [--tun-timeout TIMEOUT]
  3.                [--route-subnet RSUBNET] [--proxy PROXY] [--username USERNAME]
  4.                [--password PASSWORD] [--listen-port LPORT] [--bind-ip BINDIP]
  5.                (--server [{http,tcp}] | --uri URI)
  7. htun tunnels IP traffic transparently over HTTP or TCP (author: Adrian
  8. Vollmer)
  10. optional arguments:
  11.   -h, --help            show this help message and exit
  12.   --debug, -d           debug flag to true (default: False)
  13.   --client-addr CADDR, -c CADDR
  14.                         tunnel local address (default: 10.13.37.1)
  15.   --server-addr SADDR, -s SADDR
  16.                         tunnel destination address (default: 10.13.37.2)
  17.   --tun-netmask TMASK, -m TMASK
  18.                         tunnel netmask (default: 255.255.255.0)
  19.   --tun-mtu TMTU        tunnel MTU (default: 1500)
  20.   --tun-timeout TIMEOUT
  21.                         r/w timeout in seconds (default: 1)
  22.   --route-subnet RSUBNET, -n RSUBNET
  23.                         subnet to be routed via tunnel (default: None)
  24.   --proxy PROXY, -P PROXY
  25.                         proxy URI (<proto>://<host>:<port>) (default: None)
  26.   --username USERNAME, -u USERNAME
  27.                         username for HTTP proxy basic authentication (default:
  28.                         None)
  29.   --password PASSWORD, -W PASSWORD
  30.                         password for HTTP proxy basic authentication (default:
  31.                         None)
  32.   --listen-port LPORT, -p LPORT
  33.                         listen port of the server component (default: 80)
  34.   --bind-ip BINDIP, -b BINDIP
  35.                         bind IP address of the server component (default:
  36.                         0.0.0.0)
  37.   --server [SERVER]     local port and bind address (http, tcp)
  38.                         (default: http)
  39.   --uri URI             remote URI (<proto>://<host>[:<port>]) (default: None)

Examples

TCP Tunnel

To use a TCP tunnel on port 443, run

  1. ./htun.py --server tcp -p 443

on the server side and

  1. ./htun.py --uri tcp://<host>:443

on the client side. Now the client can reach the server via the IP address
10.13.37.2

SOCKS Proxy

To use HTTP over a SOCKS5 proxy on port 5000, run

  1. ./htun.py --server

on the server side and

  1. ./htun.py --uri http://<host> --proxy socks5://<proxy-host>:5000

on the client side.

Proxy Authentication

Proxies using basic authentication are supported (but yet untested).

A proxy requiring NTLM authentication is not supported because
python-urllib3 does not support NTLM. It is suggested to use cntlm as an
additional SOCKS proxy.

Performance

Performance over a TCP tunnel is much better than over an HTTP tunnel.
Expect several orders of magnitude in degradation of the connection when
using HTTP.

Example downloading 713k bytes without the tunnel:

  1. $ curl https://example.com/example.png  > /dev/null
  2.   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
  3.                                  Dload  Upload   Total   Spent    Left  Speed
  4. 100  713k  100  713k    0     0  2680k      0 --:--:-- --:--:-- --:--:-- 2680k

Downloading the same file with an HTTP tunnel:

  1. $ curl https://example.com/example.png  > /dev/null
  2.   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
  3.                                  Dload  Upload   Total   Spent    Left  Speed
  4. 100  713k  100  713k    0     0  12177      0  0:00:59  0:00:59 --:--:-- 16590

With a TCP tunnel it’s at least around 3% of the original speed:

  1. $ curl https://example.com/example.png  > /dev/null
  2.   % Total    % Received % Xferd  Average Speed   Time    Time     Time Current
  3.                                  Dload  Upload   Total   Spent    Left Speed
  4. 100  713k  100  713k    0     0  37640      0  0:00:19  0:00:19 --:--:-- 41086

To do

  • Make performance improvements when using HTTP
  • Experiment with threaded requests

Disclaimer

Keep in mind that the administrator of the network most likely did not want
you to bypass the restriction that were set up. The restriction is probably
there for a reason and you need to respect that. Using this tool may violate
terms and conditions or company rules and may possibly even get you in legal
trouble and/or fired from your job.

Use this only if you know that you have permission to use it by everyone
involved.

Author

Adrian Vollmer, 2018