Proxytunnel is a utility that establishes TCP connections through HTTP and HTTPS proxies, bypassing firewall restrictions and proxy-based access controls. Essential for penetration testers and security professionals working in restrictive network environments, it enables SSH tunneling, VPN connections, and general TCP traffic through standard HTTP/HTTPS proxies. Proxytunnel works by implementing the HTTP CONNECT method to create tunnels through proxy servers.
# Debian/Ubuntu
sudo apt-get update
sudo apt-get install -y proxytunnel
# Verify installation
proxytunnel --version
# Check binary location
which proxytunnel
# Clone repository
git clone https://github.com/proxytunnel/proxytunnel.git
cd proxytunnel
# Build from source
./configure
make
sudo make install
# Verify installation
proxytunnel --help
# Using Homebrew
brew install proxytunnel
# Build from source
git clone https://github.com/proxytunnel/proxytunnel.git
cd proxytunnel
./configure --prefix=/usr/local
make
sudo make install
# Download precompiled binary
# From https://github.com/proxytunnel/proxytunnel/releases
# Extract and add to PATH
# Or place in C:\Program Files\proxytunnel\
# Verify installation
proxytunnel.exe --version
| Command | Description |
|---|
proxytunnel -p proxy:port -d destination:port -a | Create tunnel through proxy |
proxytunnel --help | Display help information |
proxytunnel --version | Show version information |
proxytunnel -h | Verbose help output |
# Tunnel through HTTP proxy to remote host
proxytunnel -p proxy.example.com:8080 -d target.example.com:22
# Tunnel through proxy with verbose output
proxytunnel -p proxy.example.com:8080 -d target.example.com:443 -v
# Connect through HTTPS proxy
proxytunnel -p proxy.example.com:443 -d target.example.com:22 -S
# HTTPS proxy with authentication
proxytunnel -p proxy.example.com:443 -d target.example.com:22 -S -u username:password
# Basic authentication
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -u username:password
# NTLM authentication
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 --user username --passwd password
# Kerberos authentication (with heimdal)
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -H
| Flag | Description |
|---|
-p | Proxy host and port |
-d | Destination host and port |
-u | Username and password (user:pass) |
-S | HTTPS/SSL proxy |
-H | Kerberos authentication |
-v | Verbose output |
-a | Ask for password interactively |
# Listen locally and forward through proxy
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -l 9999
# Access tunneled connection locally
ssh -p 9999 localhost
# Add proxy headers for authentication
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 \
-H "Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ="
# Multiple headers
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 \
-H "User-Agent: Mozilla/5.0" \
-H "Accept: */*"
# Set connection timeout
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -t 30
# Keep-alive for persistent connections
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -k
# Start proxytunnel for SSH
proxytunnel -p proxy.example.com:8080 -d ssh.internal.com:22 -l 22222 &
# SSH through tunnel
ssh -p 22222 user@127.0.0.1
# Kill tunnel when done
kill %1
# Add to ~/.ssh/config
Host internal-server
HostName server.internal.com
User username
Port 22
ProxyCommand proxytunnel -p proxy.example.com:8080 -d %h:%p
# SSH using config
ssh internal-server
# Tunnel SSH back through proxy for remote access
ssh -R 9999:localhost:22 -o ProxyCommand="proxytunnel -p proxy:8080 -d ssh.example.com:22" user@ssh.example.com
# Access local SSH from remote
ssh -p 9999 user@remote-ip
# Tunnel MySQL through proxy
proxytunnel -p proxy.example.com:8080 -d mysql.internal.com:3306 -l 3306 &
# Connect to MySQL through tunnel
mysql -h 127.0.0.1 -u username -p
# Tunnel RDP through proxy
proxytunnel -p proxy.example.com:8080 -d rdp-server.internal.com:3389 -l 3389 &
# Connect via RDP
rdesktop 127.0.0.1:3389
# Tunnel VNC through proxy
proxytunnel -p proxy.example.com:8080 -d vnc-server.internal.com:5900 -l 5900 &
# Connect via VNC
vncviewer 127.0.0.1:5900
# Tunnel web service through proxy
proxytunnel -p proxy.example.com:8080 -d web.internal.com:8080 -l 8888 &
# Access through browser
firefox http://127.0.0.1:8888
# Tunnel HTTPS
proxytunnel -p proxy.example.com:8080 -d https.internal.com:443 -l 8889 -S &
# Tunnel through multiple proxies (chained)
proxytunnel -p proxy1.com:8080 -d proxy2.internal.com:8080 -l 8888 &
proxytunnel -p 127.0.0.1:8888 -d final-target.internal.com:22 -l 9999 &
# Connect through chained proxies
ssh -p 9999 user@127.0.0.1
# Create SOCKS proxy through HTTP proxy
ssh -D 9050 -o ProxyCommand="proxytunnel -p proxy:8080 -d jump.internal.com:22" user@jump.internal.com &
# Use SOCKS proxy for routing
curl --socks5 127.0.0.1:9050 http://internal.service.local
# Tunnel to multiple backend servers
for i in {1..3}; do
proxytunnel -p proxy.example.com:8080 -d backend$i.internal.com:8080 -l $((8080 + i)) &
done
# Round-robin to different backends
curl http://127.0.0.1:8081
curl http://127.0.0.1:8082
curl http://127.0.0.1:8083
# Check if proxy is accessible
proxytunnel -p proxy.example.com:8080 -d google.com:80 -v
# Test proxy authentication
proxytunnel -p proxy.example.com:8080 -d example.com:80 -u user:pass -v
# Determine proxy type
proxytunnel -p proxy.example.com:8080 -d 1.1.1.1:53 -v 2>&1 | grep -i "proxy"
# Check system proxy settings (Linux)
grep -r "proxy" /etc/environment /etc/profile.d/ 2>/dev/null
# Check for proxy PAC file
wpad-detect
# Test PAC file
curl http://wpad.example.com/wpad.dat
# Prompt for password during execution
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -u username -a
# Or pipe password
echo "mypassword" | proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -u username
# Create credential file
echo "username:password" > proxy_creds.txt
chmod 600 proxy_creds.txt
# Use credential file in script
read -r CREDS < proxy_creds.txt
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -u "$CREDS"
# Set proxy credentials in environment
export PROXY_USER="username"
export PROXY_PASS="password"
# Use in command
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -u "$PROXY_USER:$PROXY_PASS"
#!/bin/bash
# proxytunnel_connect.sh
PROXY_HOST="${1:-proxy.example.com}"
PROXY_PORT="${2:-8080}"
TARGET_HOST="${3:-target.example.com}"
TARGET_PORT="${4:-22}"
LOCAL_PORT="${5:-9999}"
echo "[*] Setting up tunnel..."
proxytunnel -p "$PROXY_HOST:$PROXY_PORT" -d "$TARGET_HOST:$TARGET_PORT" -l "$LOCAL_PORT" -v
echo "[*] Tunnel established on port $LOCAL_PORT"
echo "[*] Connect with: ssh -p $LOCAL_PORT user@127.0.0.1"
#!/bin/bash
# auto_ssh_proxy.sh
PROXY="proxy.example.com:8080"
TARGET="internal-server.example.com:22"
LOCAL_PORT=2222
USER="username"
# Start tunnel
proxytunnel -p "$PROXY" -d "$TARGET" -l "$LOCAL_PORT" > /dev/null 2>&1 &
TUNNEL_PID=$!
# Wait for tunnel
sleep 2
# SSH through tunnel
ssh -p "$LOCAL_PORT" "$USER@127.0.0.1"
# Clean up
kill $TUNNEL_PID
# Verbose logging to file
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 \
-l 9999 -v > tunnel.log 2>&1 &
# Monitor tunnel activity
tail -f tunnel.log
# Log connection attempts
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -v | tee tunnel_activity.txt
# Test proxy reachability
nc -zv proxy.example.com 8080
# Test target reachability
nc -zv target.example.com 22
# Check firewall rules
sudo iptables -L -n | grep -E "proxy|target"
# Test credentials
proxytunnel -p proxy.example.com:8080 -d example.com:80 -u username:password -v
# Try without password
proxytunnel -p proxy.example.com:8080 -d example.com:80 -v
# Check proxy auth type
curl -v -x proxy.example.com:8080 http://example.com 2>&1 | grep -i "proxy"
# Increase timeout
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -t 60
# Add keep-alive
proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -k
# Monitor for timeouts
timeout 30 proxytunnel -p proxy.example.com:8080 -d target.example.com:22 -v
- Authorization: Obtain explicit authorization before tunneling through proxies
- Logging: Enable verbose mode to troubleshoot connection issues
- Credentials: Never hardcode credentials in scripts; use environment variables
- Clean Up: Kill background tunnel processes after use
- Testing: Test connectivity before complex operations
- Documentation: Record proxy settings for future reference
- Security: Restrict access to local listening ports
- Monitoring: Monitor for suspicious tunnel usage
| Flag | Description |
|---|
-p | Proxy server:port |
-d | Destination server:port |
-l | Local port to listen on |
-u | Username and password (user:pass) |
-a | Ask for password interactively |
-S | HTTPS/SSL proxy |
-H | Kerberos authentication |
-t | Connection timeout (seconds) |
-k | Enable keep-alive |
-v | Verbose output |
--help | Display help |
--version | Show version |
- socat — Relay and tunneling utility
- SSH Tunneling — OpenSSH port forwarding
- stunnel — SSL/TLS tunneling proxy
- Chisel — TCP/UDP tunneling over HTTP
- WireGuard — VPN tunnel alternative
- OpenVPN — Full VPN solution
- ngrok — Reverse proxy tunneling
