More rants of a dead man

I’m a programmer. From my purist point of view, security exists to add layers of  complexity and to slow things down.

I’m not a Luddite, I appreciate the need for all sorts of security devices because it is time honored knowledge that people generally suck.

But that doesn’t mean that the rest of us (in the I’m-a-better-driver-than-average sense) have to tolerate the limits and impositions imposed upon us by those trying to make everything more secure.

Today’s subject is network firewalls. Specifically corporate network firewalls. The kind that don’t let you do anything fun.

I thought that it might be possible to use an HTTP proxy to connect to TCP end points together.

I wasn’t sure if it would work, so I gave it a try.

The resulting effort, does in fact work, and is called sshh.

You can download it here.

http://deadpelican.com/sshh_release_I_20090814.tar.gz

Or the prebuilt cygwin windows binaries…

http://deadpelican.com/sshh_release_I_20090814.cygwin.zip

Shortly after finishing it up a friend of mine told me there’s already something called httptunnel or something like that.

Well, it’s good to know I had a good idea anyway.

But sshh does one thing that httptunnel does not.

HARM is a program I wrote many years ago that allows you to connect backwards through a firewall by making a connection over an existing connection that is coming out of the firewall.

I added this concept to sshh so that once you’ve got it up an running, you can make TCP connections out via the http proxy, and in via the http proxy.

This is the README from the archive, that has lots more detail and information.

http://deadpelican.com/README.sshh