A while back, somebody suggested using the HTTP proxy CONNECT method
of "SSL proxies" to tunnel arbitrary services. I've started to notice
that more people are picking up on this, and now AOL even supports
connection to their network via this type of proxy.
Some administrators prevent users from exploiting this by only allowing
CONNECT's on port 443. This doesn't help the situation too much, since
a lot of secure servers out there are running on alternate ports -- and
AOL's services can listen on port 443 now too.
Why aren't these "proxies" actually looking at the SSL traffic? At least
check out the client and server hello messages, make sure they're legit.
I've put together some simple patches to Thede Loder's Simple SOCKS
Daemon to take advantage of these SSL proxies. Assuming your proxy
has not been configured just so, just run it on a unix host behind your
firewall and you can use SOCKS4 to make TCP connections out to the
Bye-bye meaningful audit trail.
It works rather nicely with the simple fwtk, Gauntlet, and CERN proxies
that I've tried it with.