RE: Tunneling RDP traffic over HTTP proxies.

From: Evans, Arian (Arian.Evans@fishnetsecurity.com)
Date: Thu Dec 01 2005 - 13:08:19 EST

• Next message: jeremiah: "RE: ASCII to Arabic character conversion"
• Previous message: Cody Tubbs: "Re: Monitor program execution"
• Maybe in reply to: Steve McLaughlin: "Tunneling RDP traffic over HTTP proxies."
• Next in thread: Amin Tora: "Re: Tunneling RDP traffic over HTTP proxies."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Since proxies use HTTP connect method this may be simpler:

http://net-square.com/datapipe_http/index.html

You can wrap it in SSLTunnel if you need to hide it from content validation.

-ae

> -----Original Message-----
> From: Fco. Jose Garrido Matamoros [mailto:fjgarrido@tecvd.com]
> Sent: Thursday, December 01, 2005 4:37 AM
> To: pen-test@securityfocus.com
> Subject: Re: Tunneling RDP traffic over HTTP proxies.
>
>
> Hi:
>
> Look httptunnel:
>
> http://www.nocrew.org/software/httptunnel.html
>
> Best regards
>
> El Miércoles, 23 de Noviembre de 2005 17:43, Steve McLaughlin
> escribió:
> > Hi list,
> >
> > Does anyone know of any solutions for tunnelling RDP
> traffic through an
> > HTTP proxy?
> >
> > Thanks in Advance
> > Steve
> >
> > Visit us at http://www.aggreko.com
> >
> > Confidentiality Notice: This communication and any accompanying
> > attachments contain confidential information intended for a specific
> > individual and purpose. This communication is private and
> protected by
> > law. If you are not the intended recipient, you are hereby
> respectfully
> > notified that any disclosures, copying, forwarding or
> distribution, or the
> > taking of any action based on the contents of this communication is
> > strictly prohibited.
> >
> >
> _____________________________________________________________________
> > This email has been scanned by the MessageLabs Email
> Security System.
> > For more information please visit http://www.messagelabs.com/email
> >
> ______________________________________________________________________
> >
> >
> --------------------------------------------------------------
> -------------
> >--- Audit your website security with Acunetix Web
> Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking
> applications on your
> > website. Up to 75% of cyber attacks are launched on
> shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers
> > are futile against web application hacking. Check your website for
> > vulnerabilities to SQL injection, Cross site scripting and other web
> > attacks before hackers do! Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> >
> --------------------------------------------------------------
> -------------
> >----
>
> --
> Fco. Jose Garrido Matamoros
> Ingeniero Sup. Telecomunicacion
>
> TecVD - Seguridad y Control de Sistemas de Informacion
> http://www.tecvd.com
>
> NOTA.- Las tildes de este mensaje han sido omitidas
> expresamente para evitar
> cualquier tipo de alteracion en los caracteres del texto.
>
>
> ******************AVISO LEGAL******************
>
> Este mensaje es privado y confidencial y solamente para la
> persona a la que va
> dirigido. Si usted ha recibido este mensaje por error, no
> debe revelar,
> copiar, distribuir o usarlo en ningun sentido. Le rogamos lo
> comunique al
> remitente y borre dicho mensaje y cualquier documento adjunto
> que pudiera
> contener. No hay renuncia a la confidencialidad ni a ningun
> privilegio por
> causa de transmision erronea o mal funcionamiento.
> Cualquier opinion expresada en este mensaje pertenece
> unicamente al autor
> remitente, y no representa necesariamente la opinion de
> Tecnologias de
> Vigilancia y Deteccion, S.L., a no ser que expresamente se diga y el
> remitente este autorizado para hacerlo.
> Los correos electronicos no son seguros, no garantizan la
> confidencialidad ni
> la correcta recepcion de los mismos, dado que pueden ser
> interceptados,
> manipulados, destruidos, llegar con demora, incompletos, o con virus.
> Tecnologias de Vigilancia y Deteccion, S.L. no se hace
> responsable de las
> alteraciones que pudieran hacerse al mensaje una vez enviado.
> Este mensaje
> solo tiene una finalidad de informacion, y no debe
> interpretarse como una
> oferta de venta o de compra de cualquier producto o servicio.
> En el caso de
> que el destinatario de este mensaje no consintiera la
> utilizacion del correo
> electronico via Internet, rogamos lo ponga en nuestro conocimiento.
>
> Se le informa que los datos de caracter personal que
> libremente suministre
> pueden ser incluidos en un fichero para facilitar la oferta
> de servicios y/o
> productos basados en las preferencias y requerimientos que
> comunique. En todo
> caso le asiste el derecho de acceso, rectificacion,
> cancelacion u oposicion
> al tratamiento de esos datos; para ejercer estos derechos
> debe dirigirse por
> escrito adjuntando fotocopia de DNI, o documento equivalente,
> a la sede de la
> empresa.
>
>
> ******************DISCLAIMER******************
>
> This message is private and confidential and it is intended
> exclusively for
> the addressee. If you receive this message by mistake, you should not
> disseminate, distribute or copy this e-mail. Please inform
> the sender and
> delete the message and attachments from your system. No
> confidentiality nor
> any privilege regarding the information is waived or lost by any
> mistransmission or malfunction.
> Any views or opinions contained in this message are solely
> those of the
> author, and do not necessarily represent those of Tecnologias
> de Vigilancia y
> Deteccion, S.L., unless otherwise specifically stated and the
> sender is
> authorised to do so.
> E-mail transmission cannot be guaranteed to be secure,
> confidential, or
> error-free, as information could be intercepted, corrupted,
> lost, destroyed,
> arrive late, incomplete, or contain viruses. Tecnologias de
> Vigilancia y
> Deteccion, S.L. does not accept responsibility for any changes in the
> contents of this message after it has been sent.
> This message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any
> product or service.
> If the addressee of this message does not consent to the use
> of internet
> e-mail, please communicate it to us.
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: jeremiah: "RE: ASCII to Arabic character conversion"
• Previous message: Cody Tubbs: "Re: Monitor program execution"
• Maybe in reply to: Steve McLaughlin: "Tunneling RDP traffic over HTTP proxies."
• Next in thread: Amin Tora: "Re: Tunneling RDP traffic over HTTP proxies."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT