Android Question Using HTTP Request method CONNECT to create a Tunnel

[Derek Johnson]

Is it possible to create an HTTP tunnel using the HTTP CONNECT Request Method?

I'm trying to emulate an App that establishes an HTTP tunnel then sends a load of Gets and Puts through the created channel.

So far I haven't found any references to this in the B4A forums.

Derek

 

[Erel]

I don't think that OkHttp supports this verb. What are you connecting to?

 

[Derek Johnson]

This is a Library Self-Service terminal communicating with its server.

The client is tunnelling through to a Firewall protected network, and the client can then access servers that would not be accessible otherwise. Using a Chrome browser on an Android tablet the browser sets up the tunnel and accesses these resources. Using Chrome on a PC, I can intercept this traffic from the browser using Fiddler, and that is where I can see the Connect request and the subsequent use of the tunnel. Perhaps this is a bit too specialised to be able to expect a library solution. I'm not even sure how to do this outside of B4A!

This is the CONNECT request observed through Fiddler:

CONNECT xxxxxxxxxxxxxxxx.com:443 HTTP/1.1
Host: xxxxxxxxxxxxx:443
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: A4 29 63 6C 79 08 64 BD 2B 83 0A 5A 98 01 51 6B 79 16 4D 12 94 43 27 F8 11 48 56 54 0A F8 3F 04
"Time": xx/xx/xxx xx:xx:xx
SessionID: xxxxxxxxxxxxxxxxxxxxxx
Extensions:
    0x6a6a        empty
    renegotiation_info    00
    server_name    xxxxxxxxxxxxxxx.com
    extended_master_secret    empty
    SessionTicket    empty
    signature_algs    sha256_ecdsa, Unknown[0x8]_Unknown[0x4], sha256_rsa, sha384_ecdsa, Unknown[0x8]_Unknown[0x5], sha384_rsa, Unknown[0x8]_Unknown[0x6], sha512_rsa, sha1_rsa
    status_request    OCSP - Implicit Responder
    SignedCertTimestamp (RFC6962)    empty
    ALPN        h2, http/1.1
    channel_id(GoogleDraft)    empty
    ec_point_formats    uncompressed [0x0]
    elliptic_curves    unknown [0x2A2A), unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
    0x7a7a        00
Ciphers:
    [AAAA]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02B]    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C02F]    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [C02C]    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C030]    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [CCA9]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    [CCA8]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    [CC14]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    [CC13]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [009C]    TLS_RSA_WITH_AES_128_GCM_SHA256
    [009D]    TLS_RSA_WITH_AES_256_GCM_SHA384
    [002F]    TLS_RSA_AES_128_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA

Compression:
    [00]    NO_COMPRESSION

and this is the response seen through Fiddler:

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: xx:xx:xx.xxx
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls12
Cipher: Aes256 256bits
Hash Algorithm: Sha384 ?bits
Key Exchange: ECDHE_RSA (0xae06) 256bits

== Server Certificate ==========
[Subject]
CN=*.xxxxxxxxxx.com, OU=Domain Control Validated

[Issuer]
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
xxxxxxxxxxxxxxxxxxxxxxxxxxxx

[Not Before]
xxxxxxxxxxxxxxxxx

[Not After]
xxxxxxxxxxxxxxxxxxxxxxxxxx

[Thumbprint]
xxxxxxxxxxxxxxxxxxxxx

[SubjectAltNames]
*.xxxxxxxxxxxxxxxxxxxxxxxx,*xxxxxxxxxxxxxxxx.com