This is my very first attempt to build an HTTP tunnel for android. The HTTP tunnel allows you to wrap any protocol you want in an HTTP like connection that can pass restrictive firewalls. Thus you can connect at home through SSH from Hot Spots without restrictions. In other words, you can use any protocol you want while acting just like a standard browser would do. Only HTTP requests comes out of your mobile.
Description
The tunnel is made of two parts:
- The client part (AFreeMyNet source) is meant to be run on your android device;
- The server part (JFreeMyNet source) is meant to be run on your home computer.
Remember you need the AFreeMyNet on your Android device and JFreeMyNet on your home computer connected H24 to the internet.
The examples below are done under Linux. However since JFreeMyNet is 100% java it should work as well under any other closed source OS.
Since AFreeMyNet is still in development the current version expired in november.
If you find this application useful, please considere giving a few bucks using paypal to help improve it.
How does it work ?
The JFreeMyNet, the server part runs on your home computer. It listen to an internet accessible port and acts as an HTTP server. So this port should sounds like it is a web server (e.g. 80 or 8080). AFreeMyNet runs on your android device and communicates with JFreeMyNet by performing only HTTP requests.
JFreeMyNet forwards a service from your home computer to your android device. I would advise you to forward a ssh service which will provides:
- Encrypted communications;
- Ability to set up as many tunnels as you want on top of the HTTP tunnel (confusing isn’t it ?).
Example
An example will be much more simple to understand.
On your home computer (Public IP=111.222.333.444):
java -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
Listen on port 8080 accessible from the internet. It tunnels your home computer’s ssh service.
Don’t forget to configure your box/routeur to forward (NAT) port 8080 from Internet to your home computer. Configure as well you firewall to open port 8080/tcp.
On your android device:
Local port is the other end of the tunnel on your android device. The server URL is your home computer IP address.
You can set your own User-Agent to fool the firewall.
Now you can use ConnectBot (available from the Android Market) and connect to you@127.0.0.1:8000
And voila:
[you@home_sweet_home ~]$
It’s not very efficient but at least you can connect from anywhere.
In addition, if you have the android SDK on your laptop, you can use the tunnel from your laptop connected to your android device with the USB cord:
[root@laptop ~]# adb forward tcp:8000 tcp:8000
[you@laptop ~]$ ssh -p 8000 you@laptop
results in a prompt at home :
[you@home_sweet_home ~]$
So you can use your android device as a “modem” to connect your laptop to the internet through your home.
Please considere that this is prohibited by some operators contracts even if they use “Unlimited Internet” in their ads.
Here is a figure showing the different connections:
Let’s imagine your running squid or tinyproxy on your home computer, you can forward port like this
[you@laptop]$ ssh -p 8000 -L8888:localhost:8888 you@laptop
Configure your browser to use the localhost:8888 proxy and that’s it.
From java compatible devices:
JFreeMyNet comes with the client part for Java. You can use it on a laptop running linux… Ok or windows or mac…
java -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Client 8000 http://111.222.333.444:8080/
HTTPS
This part might be Linux only.
Since version 0.4 AFreeMyNet and JFreeMyNet support HTTPS protocol. On AFreeMyNet side, all you have to do is to type in the URL with HTTPS protocol. On JFreeMyNet side it’s a bit more complicated. You need to install and setup stunnel to add the SSL layer on top of JFreeMyNet.
Using HTTPS make things much more difficult for the firewall or proxy to figure out you’re not doing WWW browsing from your android device.
Here’s a sample stunnel.conf file:
cert = /etc/stunnel/stunnel.pem
sslVersion = TLSv1
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
[443]
accept = 443
connect = localhost:8080
And you can generate the stunnel.pem file like this:
openssl req -new -x509 -days 3650 -nodes -config /usr/share/stunnel/stunnel.cnf -out stunnel.pem -keyout stunnel.pem
Warning
In order to use this application you need to understand the technical and legal issues behind. You might break your contract with your mobile phone operator, get extra charges and so…
Use it at your own risk.
Remember, for your operator (at least in France), “Unlimited Internet” means, “Watching a few web sites up to the limit of 250MB”.
WAR IS PEACE, FREEDOM IS SLAVERY, and IGNORANCE IS STRENGTH.
Limitations
The HTTP tunnels requires a stable internet connection to work. Loosing the internet connection from time to time will break the protocol embedded in HTTP tunnel. For instance you can suffer SSH deconnection if your using SSH protocol.
Which protocol to run in the HTTP tunnel ?
I would strongly encourage you to use SSH inside the HTTP tunnel because it gives you lots of interesting capabilities. I do use SSH to forward:
- My own HTTP proxy (tinyproxy)
- Connection to smtp and pop3 servers from my ISP
- My SVN server
- …
You can tunnel only an HTTP proxy server but there are lots of other simpler solutions to do so.
Change Log
Version 0.2 runs the tunnel in a service and the application can be sent to background.
Version 0.3 brings improvements and prettyness.
Version 0.4 adds HTTPS support.
Goob job !
Thank you. Can you elaborate a little. On which device did you try it ?
I just tested out your software on a Galaxy S running a custom 2.2 rom. Works well for its purposes and I thank you for contributing it to the community.I think it would be a huge bonus if you can use it in reverse…like assume the android phone has an unreachable IP because it is using a 3G connection, once it connects to the home server you can use the tunnel to connect back to the phones SSH service. Just my two cents.
Hi.
I have installed AFreeMyNet on my HTC desire HD. and set a server .
when i click “Start tunnel” . no response.
the tunnel is always stopped.
Are you sure your network setup is correct ? Sounds like a NAT or Firewall problem to me.
I just run the following command like you said.
#java -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
and I check the tcp listen:
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
and I use web browser to visit the following URL from another computer
http://my-server-ip-address:8080/
It said “Not found”
is this correct?
Sorry, when I use WiFi on android ,it works very well .but when I use wap ,it can not work.
I think my cell–phone SP broke my connection.
Thanks for your help. and thank you for sharing this very useful software.
The “Not Found” message is OK. It’s just that while browsing the URL you don’t provide the required parameters. But if you do it from an outside computer, then you network connection is correctly configured.
I can get “Not found” on my HTC desire HD via WAP connection .
But AFreemyNet can’t start the tunnel.
Browsing other website and download is ok.
Please translat my comment……….
J’ai un samsung I5700 android, AFreeMyNey est bien sur, mais mais le connection marche pas, j’ai mis un site gratuit mon operateur sur le url server mais aucun connection reussi. Pouvez vous m’aider?
The JFreeMyNey n’ouvre pas (toujour heureur), les autre application java marche bien
Sorry, can you try in english ?
I guess you have a NAT problem or something.
When I try to run this on a Debian server with Java 1.5.0.22 installed, I get this:
$ java -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
Exception in thread “main” java.lang.NoClassDefFoundError: com/lordikc/JFreeMyNet/Server
Any ideas?
Hi,
Yes, I think you should remove ‘-cp’ and replace with ‘-jar’.
Regards
Thanks but that wasn’t it. First I had the wrong filename. Then, with the right name it wouldn’t run because the httpserver class wasn’t available so I had to upgrade Java to version 6. Now I can actually run JFreeMyNet (with -cp) but when I try to connect with the AFreeMyNet (still wireless, both on the same subnet) I see this:
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.(Socket.java:375)
at java.net.Socket.(Socket.java:189)
at com.lordikc.JFreeMyNet.Server$RequestHandler.handle(Unknown Source)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:527)
at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:119)
at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:349)
at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:321)
at java.lang.Thread.run(Thread.java:662)
Then I get the same again when I try to connect via ConnectBot. The android app says “Tunnel is running” but ConnectBot hangs forever at “Connecting to 127.0.0.1:8000 via ssh” so it’s not working. AFreeMyNet shows 0B/0B so I guess no data has been transmitted. I tried another port (51234 instead of 8080) but the same result. Tried to run JFreeMyNet as root but same result.
The JFreeMyNet part does 2 things :
- Open a port in Listen mode for the tunnel between your phone and your home. This one must be NATed.
- Connect to a local port (SSH for instance).
I guess the local port is rejected by firewall or there is no service running.
Duh! Yes, I am running SSH on another port, and with that it works! Thank you very much!
However, it looks like I also need HTTPS. I set up stunnel according to your instructions and I can start the deamons (/etc/init.d/stunnel4 restart). I added debug=7 and logging to the .conf file and when I start it the log looks like this:
2011.07.20 20:08:38 LOG5[20848:3074313088]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2011.07.20 20:08:38 LOG6[20848:3074313088]: file ulimit = 1024 (can be changed with ‘ulimit -n’)
2011.07.20 20:08:38 LOG6[20848:3074313088]: poll() used – no FD_SETSIZE limit for file descriptors
2011.07.20 20:08:38 LOG5[20848:3074313088]: 500 clients allowed
2011.07.20 20:08:38 LOG7[20848:3074313088]: FD 10 in non-blocking mode
2011.07.20 20:08:38 LOG7[20848:3074313088]: FD 11 in non-blocking mode
2011.07.20 20:08:38 LOG7[20848:3074313088]: FD 12 in non-blocking mode
2011.07.20 20:08:38 LOG7[20848:3074313088]: SO_REUSEADDR option set on accept socket
2011.07.20 20:08:38 LOG7[20848:3074313088]: 443 bound to 0.0.0.0:443
2011.07.20 20:08:38 LOG7[20854:3074313088]: Created pid file /stunnel4.pid
However, nothing happens when I try to connect from AFreeMyNet via https://... I don’t see anything in the log, or the JFreeMyNet output, and I cannot connect. This is still all with a direct network connection on the same subnet. I think I am close, but am lost at where to look.
Thanks for all your help so far!
Setting it up to work with HTTPS is very difficult. I guess you need to add key in your java keystore or something like that.
Have you never tried it? In any case, I would like to try.
I guess you are talking about the AFreeMyNet part, because on the server, stunnel takes care of the https part, correct? So on the client, where would I store the key, and in which format (e.g. pem)?
I did try and succeed… Some time ago… You’re right, the key thing is handled by stunnel and on the client part it’s configure to accept any key. Purpose is only to have encryption not strong authentication.
OK, do I have to add the key to the keystore in the project when I build AFreeMyNet, or can this be added to the Android device? Do you have any pointers you are willing to share?
my i pls ask cowardly that what’s the meaning 22 on the end of the java command line? is it a port? why 22? thank you lordikc.
This is the local ssh port. So you can connect to your ssh and in turn use ssh tunneling.
this worked perfectly on my winXP machine.
Is there anyway to make JFreeMyNet.jar work in a mips router running tomato firmware or dd-wrt? I have an asus rt-n16 running tomato firmware with optware. I tried running it with phoneme-advanced, jamvm, and sablevm. These are the results.
root@n16:/opt# sablevm -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
java.lang.ClassNotFoundException: JFreeMyNet.jar not found in java.lang.ClassLoader$1{urls=[file:/opt/p], parent=null}
at java.net.URLClassLoader.findClass (URLClassLoader.java:870)
at java.lang.ClassLoader.loadClass (ClassLoader.java:359)
at java.lang.ClassLoader$1.loadClass (ClassLoader.java:1333)
at java.lang.ClassLoader.loadClass (ClassLoader.java:310)
at java.lang.VirtualMachine.main (VirtualMachine.java:99)
root@n16:/opt#
root@n16:/opt# jar-sablevm -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
/opt/bin/jar-sablevm: exec: line 22: /opt/bin/fastjar: not found
root@n16:/opt#
root@n16:/opt# cvm -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
java.lang.UnsupportedClassVersionError: com/lordikc/JFreeMyNet/Server (Unsupported major.minor version 50.0)
at sun.misc.Launcher$AppClassLoader.findContainer(Native Method)
at sun.misc.Launcher$AppClassLoader.access$400(Unknown Source)
at sun.misc.Launcher$AppClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.misc.Launcher$AppClassLoader.doClassFind(Unknown Source)
at sun.misc.Launcher$AppClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.CVM.runMain(Unknown Source)
root@n16:/opt#
root@n16:/opt# jamvm -cp JFreeMyNet.jar com.lordikc.JFreeMyNet.Server 8080 127.0.0.1 22
java.lang.NoClassDefFoundError: com/lordikc/JFreeMyNet/Server
<>
Caused by: java.lang.ClassNotFoundException: com.lordikc.JFreeMyNet.Server not found in java.lang.ClassLoader$1{urls=[file:/opt/lib/JFreeMyNet.jar], parent=null}
at java.net.URLClassLoader.findClass(URLClassLoader.java:531)
at java.lang.ClassLoader.loadClass(ClassLoader.java:341)
at java.lang.ClassLoader$1.loadClass(ClassLoader.java:1112)
at java.lang.ClassLoader.loadClass(ClassLoader.java:293)
root@n16:/opt/lib#
Hi, great job !
One request if you can possible:
i’m developing cheaps devices using tablets. i auto-impose me one rule: only html and/or javascript, nothing more.
The question is: exist or if possible to change your application and use it like a bridge between an http-request and the USB port where i put a Silabs usb-232 bridge ?
if you can do it a new world between the html inside the tablets and custom electronics outside is possible.
Excuse my bad english, please.
The example:
into my javascript i launch an httprequest to 127.0.0.1 or eny other local ip listened by your application, then your app send this data to the usb device, the answer from the 232 side of the usb adapter must be packed into a http answer to be displayed by the javascript code.
http://127.0.0.1?data1=123&data2=123— —->YourApp——>USB—->SilabsUsbto232—>data1=123&data2=123
and back from the 232 or timeout answer.
Hi and thanks.
I really don’t know. From what you I’d rather go for cgi of things like that.
Does this require rooting your device?
No it doesn’t.
hello, looks very promising project.
i try to connect to hts (httptunnel server), but no success.
is possible to make it work (maybe it will not be so hard, both JFreeMyNet and hts accept http connections) ?
thank you.