Android Question Using HTTP Request method CONNECT to create a Tunnel

Derek Johnson

Active Member
Licensed User
Longtime User
Is it possible to create an HTTP tunnel using the HTTP CONNECT Request Method?

I'm trying to emulate an App that establishes an HTTP tunnel then sends a load of Gets and Puts through the created channel.

So far I haven't found any references to this in the B4A forums.

Derek
 
Sort by date Sort by votes

Derek Johnson

Active Member
Licensed User
Longtime User
This is a Library Self-Service terminal communicating with its server.

The client is tunnelling through to a Firewall protected network, and the client can then access servers that would not be accessible otherwise. Using a Chrome browser on an Android tablet the browser sets up the tunnel and accesses these resources. Using Chrome on a PC, I can intercept this traffic from the browser using Fiddler, and that is where I can see the Connect request and the subsequent use of the tunnel. Perhaps this is a bit too specialised to be able to expect a library solution. I'm not even sure how to do this outside of B4A!

This is the CONNECT request observed through Fiddler:

B4X: 
CONNECT xxxxxxxxxxxxxxxx.com:443 HTTP/1.1
Host: xxxxxxxxxxxxx:443
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: A4 29 63 6C 79 08 64 BD 2B 83 0A 5A 98 01 51 6B 79 16 4D 12 94 43 27 F8 11 48 56 54 0A F8 3F 04
"Time": xx/xx/xxx xx:xx:xx
SessionID: xxxxxxxxxxxxxxxxxxxxxx
Extensions:
    0x6a6a        empty
    renegotiation_info    00
    server_name    xxxxxxxxxxxxxxx.com
    extended_master_secret    empty
    SessionTicket    empty
    signature_algs    sha256_ecdsa, Unknown[0x8]_Unknown[0x4], sha256_rsa, sha384_ecdsa, Unknown[0x8]_Unknown[0x5], sha384_rsa, Unknown[0x8]_Unknown[0x6], sha512_rsa, sha1_rsa
    status_request    OCSP - Implicit Responder
    SignedCertTimestamp (RFC6962)    empty
    ALPN        h2, http/1.1
    channel_id(GoogleDraft)    empty
    ec_point_formats    uncompressed [0x0]
    elliptic_curves    unknown [0x2A2A), unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
    0x7a7a        00
Ciphers:
    [AAAA]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02B]    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C02F]    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [C02C]    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C030]    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [CCA9]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    [CCA8]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    [CC14]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    [CC13]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [009C]    TLS_RSA_WITH_AES_128_GCM_SHA256
    [009D]    TLS_RSA_WITH_AES_256_GCM_SHA384
    [002F]    TLS_RSA_AES_128_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA

Compression:
    [00]    NO_COMPRESSION

and this is the response seen through Fiddler:

 
Last edited:
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Locked
  • Article
Android Code Snippet SaveAs - Let the user select a target folder + list of other related methods
Replies
16
Views
23K
Erel
  • Locked
  • Article
Android Tutorial [B4X] OkHttpUtils2 with Wait For
2
Replies
36
Views
104K
Erel
  • Locked
  • Article
B4J Library [B4X] jRDC2 - B4J implementation of RDC (Remote Database Connector)
5 6 7
Replies
138
Views
135K
Erel
  • Article
B4A Library OkHttp - Replaces the Http library
8 9 10
Replies
196
Views
127K
Jmu5667
  • Article
Android Code Snippet Set HTTP Request Header with OkHttpUtils2
Replies
12
Views
27K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…