Forum > Third party

AllCall - a client/server TCP/IP-over-HTTP tunnel


Announcing AllCall:

Do you live or work behind a firewall that blocks outgoing ports and which has a Neanderthal-vintage HTTP proxy that doesn't support websockets or any modern connection method? Or maybe you've noticed that more and more public WiFi locations (for example in airports) block many ports out.  If so, then AllCall might be for you.

AllCall consists of a client that runs on the inner (blocked) computer which talks to a server that lives anywhere that is publicly accessible.  It uses only the most basic HTTP primitives, so it can work over even ancient or draconian HTTP proxies.  It sends everything encrypted in packages of valid, innocuous text-only HTML.  It obfuscates connection requests in a way that makes them resistant to analysis, and protects against eavesdropping and replay attacks.

The client presents as a local SOCKSv4a server, so it can be used directly by PuTTY and indirectly by almost any other SSH through netcat.

AllCall is similar in purpose to httptunnel et al, but with a modern twist.  It has been tested on Windows and Linux.  It will drop root in Linux/Unix so it can be attached to privileged ports relatively safely.

It should be considered beta.  It works well on the (extremely) draconian firewall I work behind, and has been stress tested on several others. Both client and server are console and have no run-time dependencies except libc.  I have successfully tested the server on an OpenWrt router.  The intention is to make it an OpenWrt package so almost anyone with a cable-modem can easily deploy it.

Thanks to:

* Indy's Remy Lebeau and the rest of the Indy team past and present.  Remy particularly answered a lot of questions.  Thank-you.
* CryptoLib4Pascal's Ugochukwu Mmaduekwe
* Ralf 'Delphi Inspiration' Junker
* The Free Pascal and Lazarus team
* Everyone in the community here who helped with questions


[0] Message Index

Go to full version