> For the complete documentation index, see [llms.txt](https://docs.particle42.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.particle42.com/pivoting/http-tunnel-ing.md).

# HTTP Tunnel-ing

In real time scenarios, it is unlikely to get any of the previous methods working, unless it is within a network, since firewalls these days can perform deep packet inspection and stop such connections.&#x20;

In such scenarios we can have our connections encapsulated within a HTTP Tunnel to trick the firewall into allowing the connection.&#x20;

## Scenario/Goal

<figure><img src="/files/0qJR1G5qyHvHPQRP1KVg" alt=""><figcaption></figcaption></figure>

Let there be 3 systems - A, B and C.&#x20;

A -> B is possible through http and random port 1234

B -> C is on the same network with access to the service running on C

A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting  &#x20;

## Install HTTP Tunnel on System A & B

```
sudo apt install httptunnel
```

### System B

To begin with we will create a SSH tunnel from our compromized Linux system to the Windows machine RDP port,

```
ssh -L 0.0.0.0:8888:172.16.1.30:3389 user@127.0.0.1
```

The above command will forward anything received on port 8888 to the rdp port of the Windows system.

Next we will create a hts server that will decapsulate the packets received on port 1234 (since this is open in the firewall) and forward it to 8888,

```
hts --forward-port localhost:8888 1234
```

### System A

Next we create a listening service on the Kali machine to take our request and encapsulate it to forward to the 1234 service that we had created earlier on system B,

```
htc --forward-port 8080 192.168.1.20:1234
```

With this all traffic sent to port 8080 will be tunneled to the Windows machine through the Linux system.

```
rdp 127.0.0.1 8080
```

This will give us a remote of the Windows machine.&#x20;


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.particle42.com/pivoting/http-tunnel-ing.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.