views:

209

answers:

1

I need to tunnel the connections (mostly TCP) made by an application through Socks5, SSH or HTTPS.

So far, I've found 3 ways to do this: api hooks, winsock lsp and a driver.

I'm looking for advice on the best way to handle this, and any recommendations on SDK's that could abstract this task for me (free/open-source preferred, but commercial ones are welcome as long as the price is not high for a one-man-starting-company to afford).

ps. I'm using .Net (C# and-or C++/CLI)

edit: I have no control whatsoever of the target application.

A: 

As a straight way you can invoke plink command line to create the tunnel and then connect to the localhost from your application. Plink is the commandline version of Putty, you have tons of options and it is a very popular, safe and tested application.

You have an application (SSH Tunnel Client) that does it for you with a nice UI. It is a bit buggy but it works just fine.

This example connects the port 80 in the remote machine to the port 8000 of your local host.

plink.exe -L 127.0.0.1:8000:127.0.0.1:80 -C -pw 1234 -2  -l user myserver.com

What I don't recommend of this method is that the commandline contains the password and it is easy to see with any process manager, now the good thing of plink is that you have the source code available so you can integrate it in your project.

Edit

Now imagine that your application connects to "yahoo.com" to get some data, you can't modify the application but you can setup a Man in the Middle. You can execute the next command:

plink.exe -L 127.0.0.1:80:google.com:80 -C -pw 1234 -2  -l user myserver.com

Where myserver.com is a SSH sever that allows you to do tunnels and has access to google.com Now go to your hosts file in C:\windows\system32\drivers\etc\ as administrator and add the next entry:

127.0.0.1 yahoo.com

You can test the setup with your browser and navigate to yahoo.com an you will see the google.com page. It seems simple but the real power is that all the traffic is passing through myserver.com.

Some advantages are

  1. All the traffic to yahoo.com is encrypted
  2. You can bypass proxy restrictions with this method
  3. You can get access to the intranet where myserver.com is located if you can connect to it from the outside
  4. You can log or modify the data of the connection

Be aware that this method is very likely to have problems with HTTPS connections because of the certificates authentication.

Cristian
And how does Plink intercepts the target connection? As far as I can tell, Plink works just like a local proxy, isn't that right?
Pai Gaudêncio
it doesn't. You have to redirect the application to your localhost and the tunnel will make the application think that it is communicating directly with the remote machine.If the application is connecting to a domain name you can add an entry in your hosts file
Cristian
@Cristian: That's the problem, I have no control over the target application.
Pai Gaudêncio
May be my last edit clarifies the method
Cristian