Corkscrew is a tool for tunneling SSH through HTTP proxies

Overview

Welcome to Corkscrew

Introduction

Corkscrew is a tool for tunneling SSH through HTTP proxies, but... you might find another use for it.

Corkscrew has been compiled on:

  • HPUX
  • Solaris
  • FreeBSD
  • OpenBSD
  • Linux
  • Win32 (with Cygwin)

Corkscrew has been tested with the following HTTP proxies:

  • Gauntlet
  • CacheFlow
  • JunkBuster
  • Apache mod_proxy

Please open a pull request if you get it working on other proxies or compile it elsewhere.

Where Do I Get It?

Corkscrew's primary distribution site was agroman.net/corkscrew, however it seems that the site went down and this repository is here to keep the code available. The new location is then github.com/bryanpkc/corkscrew.

How Do I Install It?

First you need to install development tools:

# For Debian-based distributions (Ubuntu, ElementaryOS, ...)
sudo apt install build-essential

# For Red-Hat-based distributions (CentOS, Fedora, ...)
sudo yum groupinstall 'Development tools'

You need to clone the repo and then you need to go into the corkscrew source directory and run

autoreconf --install
./configure
make
sudo make install

This will compile corkscrew and copy it into /usr/local/bin/corkscrew.

If you want to go more in depth about the configuration, please have a look at the INSTALL file which gives general information about the build system.

How Is It Used?

Setting up Corkscrew with SSH/OpenSSH is very simple. Adding the following line to your ~/.ssh/config file will usually do the trick (replace proxy.example.com and 8080 with correct values):

ProxyCommand /usr/local/bin/corkscrew proxy.example.com 8080 %h %p

NOTE: Command line syntax has changed since version 1.5. Please notice that the proxy port is NOT optional anymore and is required in the command line.

How Do I Use The HTTP Authentication Feature?

You will need to create a file that contains your usename and password in the form of:

username:password

I suggest you place this file in your ~/.ssh directory.

After creating this file you will need to ensure that the proper perms are set so nobody else can get your username and password by reading this file. So do this:

chmod 600 myauth

Now you will have to change the ProxyCommand line in your ~/.ssh/config file. Here's an example:

ProxyCommand /usr/local/bin/corkscrew proxy.work.com 80 %h %p ~/.ssh/myauth

The proxy authentication feature is very new and has not been tested extensively so your mileage may vary. If you encounter any problems when trying to use this feature please email me. It would be helpful if you could include the following information:

  • Proxy version (ie. Gauntlet Proxy, Microsoft Proxy Server, etc)
  • Operating system you are trying to run corkscrew on
  • Command line syntax you are using
  • Any error messages that are visible to you

NOTE: I have had problems using the auth features with Mircosoft Proxy server. The problems are sporadic, and I believe that they are related to the round-robin setup that I was testing it again. Your mileage may vary.

Who Contributed?

The main author is Pat Padgett. But none of the contact info left work anymore, so a name is all we have.

Bryan Chan created this repository and tweaked the code a little bit. Then Rémy Sanchez improved the documentation.

Issues
  • Improve documentation

    Improve documentation

    As I tried to use this project, I had a few hurdles on the path and so I've tried to improve the experience for future users by modernizing the documentation:

    • Create a Markdown version of the doc (the plain-text version is kept because autotools require it, but it's just a converted version of the Markdown one)
    • More detailed explanations on the compilation process
    • Fix a compilation warning
    opened by Xowap 3
  • authentication doesn't work with Squid basic auth

    authentication doesn't work with Squid basic auth

    Hello,

    I am trying to use the auth option, but it doesn't work, unforunatelly, this is all I get, no more verbose errors:

    [email protected]:~/.ssh$ corkscrew vpn.insw.cz 80 test 1 proxy
    Proxy could not open connnection to test:  Proxy Authentication Required
    

    When I try to connect for example via firefox or any other SW that ask me for proxy credentials, I just give it user and password that is written on first line in file "proxy" and it works.

    I created that file as instructed it has this format:

    user:password
    
    opened by benapetr 2
  • fix compiler warning about parens

    fix compiler warning about parens

    OS X Warning

    Compiling on osx had this warning: image

    Valgrind Warnings

    Valgrind noted a printf of an uninitialized value, descr in fprintf. image

    It also noted a memory leak, but that is a bigger change for another pull (#5).

    opened by cslauritsen 1
  • Fix memory leak, compiler warning

    Fix memory leak, compiler warning

    Compiler Warning

    Extra parentheses were causing a compiler warning on osx build. Removed in this pull.

    Memory Leak

    I noticed the call to malloc() in the function base64_encode function. The buffer cannot be free()d in the function, so I made the caller manage it so it could be.

    opened by cslauritsen 1
  • Release tags

    Release tags

    Hello @bryanpkc, could you please tag the 2.0 release as imported from http://agroman.net/corkscrew/ and eventually tag a newer release with your commits? This will help the downstream distribution of the software. Thanks!

    opened by paride 1
  • Certificate Based Authentication Works or ??

    Certificate Based Authentication Works or ??

    I have used the debian repo corkscrew and this github version, both give me the same results. I am attempting to ssh to port 443. Server has sshd running on port 443, and my client is using the 'ProxyCommand /opt/corkscrew/corkscrew my.domain 443 %h %p'

    It is a certificated based SSH and my certs are valid and work when not trying to use corkscrew.

    The ultimate error that I get is:

    kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

    Any help would be appreciated.

    opened by ms08067 0
  • Update corkscrew.c

    Update corkscrew.c

    Always setting stdin (fd 0) into &rfd causes select() to return immediately during the connecting phase as incoming data from stdin is not read until setup completes. This causes corkscrew to iterate at 100% CPU in the for(;;) loop until connection succeeds. Only allowing stdin into select() when we're already connected is done by checking for the setup variable. Also, curly brace was mistakenly closed immediately at connect error check.

    opened by Surmoka 0
  • docs: fix simple typo, usename -> username

    docs: fix simple typo, usename -> username

    There is a small typo in README.md.

    Should read username rather than usename.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Corkscrew install from brew has broken Proxy-Authorization

    Corkscrew install from brew has broken Proxy-Authorization

    Steps to reproduce:

    • Install corkscrew using brew brew install corkscrew
    • Create auth file echo [email protected] > auth
    • Make corkscrew request: corkscrew localhost 8000 localhost 8001 auth
    • Header come through like: Proxy-Authorization: Basic Q09OTkVDVCBsb2NhbGhvc3Q6ODAwMSBIVFRQLzEuMApQcm94eS1BdXRob3JpemF0aW9uOiBCYXNpYyA=
    • Decoding the auth header:
    base64 --decode <<< 'Q09OTkVDVCBsb2NhbGhvc3Q6ODAwMSBIVFRQLzEuMApQcm94eS1BdXRob3JpemF0aW9uOiBCYXNpYyA='
    CONNECT localhost:8001 HTTP/1.0
    Proxy-Authorization: Basic 
    

    Notes

    • It seems like the request headers themselves are being base64 encoded instead of the contents of the auth file.
    • I built corkscrew from source and the auth works as expected. Possibly this is as simple as publishing the latest corkscrew to homebrew.
    corkscrew --version
    corkscrew 2.0 ([email protected])
    

    Thank you this is very useful software for me.

    opened by louisbuchbinder 2
  • added install step for autoconf

    added install step for autoconf

    1. Just went through the steps to build on a fresh docker container FROM ubuntu:18.04 and theautoreconf --install step fails without this package.
    2. Pushed an additional commit with pre-install steps for macOS
    opened by louisbuchbinder 0
Owner
Bryan Chan
Bryan Chan
远程桌面、RADMIN、SSH、VNC集中管理器

远程连接管理器 远程桌面、RADMIN、SSH、VNC集中管理器 本软件用于集中管理远程桌面、ADMIN、SSH、VNC,双击主机即可直接调用对应客户端对服务器进行控制。 软件运行需要VC2010 X86运行库支持。

null 215 Aug 6, 2022
Run SSH on iOS 12 device.

Shelly12 Run SSH on iOS 12 device. Only worked on iPad Air 1, iOS 12.4 Working Get root Set tfp0 to hsp4 Escape Sandbox Restore/Remount RootFS Defeat

null 6 May 11, 2021
An SSH file manager that lets you edit files like they are local

An SSH file manager that lets you edit files like they are local

Allan Boll 445 Jul 29, 2022
C++ TCP/IP and SSH stack with bounded run time and no dynamic memory allocations

Static Network Stack TCP/IP stack with all-static allocations designed for bare metal (no operating system) embedded applications with minimal footpri

Andrew Zonenberg 24 Jul 22, 2022
Tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features

Introduction tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features. tinysshd supports only secure cryptography (minim

Jan Mojžíš 861 Aug 10, 2022
Raven is like a simplified SSH with NAT traversal.

Raven Raven works like a simplified SSH with NAT traversal. Now developing... But you can still have a test for fun! Just fill server_ip in Raven.conf

null 3 Jul 13, 2022
tiny HTTP parser written in C (used in HTTP::Parser::XS et al.)

PicoHTTPParser Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, Shigeo Mitsunari PicoHTTPParser is a tiny, primitive, fast HTTP r

H2O 1.5k Aug 6, 2022
A collection of C++ HTTP libraries including an easy to use HTTP server.

Proxygen: Facebook's C++ HTTP Libraries This project comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis fo

Facebook 7.6k Aug 8, 2022
Pushpin is a reverse proxy server written in C++ that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services.

Pushpin is a reverse proxy server written in C++ that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services. The project is unique among realtime push solutions in that it is designed to address the needs of API creators. Pushpin is transparent to clients and integrates easily into an API stack.

Fanout 3.1k Aug 4, 2022
cuehttp is a modern c++ middleware framework for http(http/https)/websocket(ws/wss).

cuehttp 简介 cuehttp是一个使用Modern C++(C++17)编写的跨平台、高性能、易用的HTTP/WebSocket框架。基于中间件模式可以方便、高效、优雅的增加功能。cuehttp基于boost.asio开发,使用picohttpparser进行HTTP协议解析。内部依赖了nl

xcyl 26 Jul 21, 2022
Gromox - Groupware server backend with MAPI/HTTP, RPC/HTTP, IMAP, POP3 and PHP-MAPI support for grommunio

Gromox is the central groupware server component of grommunio. It is capable of serving as a replacement for Microsoft Exchange and compatibles. Conne

grommunio 120 Jul 2, 2022
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

graftcp English | 简体中文 Introduction graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or

mingang.he 1.3k Aug 2, 2022
null 4 Feb 25, 2022
Package manager for linux that installs windows apps through wine

Winepkg A package manager for linux that installs windows apps through wine. Usage winepkg -Si mspaint Install Dependencies: wine winetricks wget cur

null 2 May 27, 2022
Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich Presence service. 🎮

DotA 2 RPC (dota2-rpc-client) Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich P

Anderson Silva 16 Jul 25, 2022
HTTP and WebSocket built on Boost.Asio in C++11

HTTP and WebSocket built on Boost.Asio in C++11 Branch Linux/OSX Windows Coverage Documentation Matrix master develop Contents Introduction Appearance

Boost.org 3.5k Aug 10, 2022
Cross-platform, efficient, customizable, and robust asynchronous HTTP/WebSocket server C++14 library with the right balance between performance and ease of use

What Is RESTinio? RESTinio is a header-only C++14 library that gives you an embedded HTTP/Websocket server. It is based on standalone version of ASIO

Stiffstream 871 Aug 9, 2022
A C++ header-only HTTP/HTTPS server and client library

cpp-httplib A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your c

null 7.5k Aug 5, 2022
Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution

CppServer Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and

Ivan Shynkarenka 867 Aug 8, 2022