desproxy Readme

desproxy - a TCP tunnel for HTTP proxies

(c) 2001 Miguelanxo Otero Salgueiro

desproxy is just an answer to a question I have been wondering, for about a year: ¿Is there any way to make TCP connections trought HTTP proxies? Short answer: YES! Long answer: YES, but at the expense of decreased flexibility. Maybe it isn't useful for you (I hope that's not your case), or its too difficult for you newbie. desproxy just stands between your proxy and your favourite TCP application, waiting for a connection to make a TCP tunnel trought the HTTP proxy. Let's see one example

Real life example

Imagine you're inside a corporation, with a HTTP/1.1 compliant proxy ( that is the only way to get out there... But, hey! you want to chat using your favourite irc server ( isn't that?) so you launch "desproxy" this way:

desproxy 6667 8080 6667

Now, desproxy is listening on your local port 6667, waiting for a connection (from your irc client). So you launch xchat, zircon... and type

/server 6667

xchat now tries to connect with your local port 6667, desproxy "hears the bell" and after accepting the incoming connection, makes a connection to the irc server ( 6667) trough the HTTP proxy ( 8080). When it gets the connection with the irc server, desproxy hooks the two sockets together, so xchat gets the wellcome message from the irc server as if it were connected to /server 6667 .


Usage: desproxy remote_host remote_port proxy_host proxy_port local_port

remote_host & remote_port: Address of the machine you want to connect to.
proxy_host & proxy_port : Address of the HTTP proxy.
local_port : The one in which desproxy will listen waiting for connections.

Programs reported to work using "desproxy"

  • telnet (OK)
  • ftp (not transfers, just basic commands)
  • ncftp (untested, should work in passive mode)
  • ssh & scp (OK)
  • popclient & fetchmail (OK)
  • sendmail (OK)
  • xchat, zircon, mIRC for windows (only basic behaviour, no DCC)

Programs that WILL NOT work using "desproxy"

Those that accept (or request) connections to start from the other side of the proxy (remote to local), like classic ftp (not passive).


desproxy-inetd is just a flavor of desproxy that doesn't bind to a local port but reads directly from standard input (and doensn't display anything beside the raw incoming "tunnelized" connection.

Usage: desproxy-inetd remote_host remote_port proxy_host proxy_port

NOTE the lack of local_host. desproxy-inetd is designed to work like any other inetd daemon. Here is my /etc/inetd.conf line for fetchmail:

pop3 stream tcp nowait mail /usr/bin/desproxy-inetd desproxy-inetd 110 8080

desproxy-inetd works great to test if your proxy supports TCP tunneling; just launch

desproxy-inetd 21 your.proxy your_proxy_port

and wait to see the FTP prompt! does it work? great! NO?...


desproxy-socks4server is a Socks version 4 server using desproxy . That means you can manage dinamic connections trough your HTTP proxy. For example you can use MSIE, MS Messenger, News readers, Irc clients... every application supporting a socks server/proxy.


desproxy-socks5server is a Socks version 5 server, just like desproxy-socks4server is a Socks version 4 server.


desproxy-dns is a dns forwarder using desproxy. It's used in conjuction with a socks server, because many clients need dns access to resolve names prior to passing them to the socks server. It supports UDP & TCP access, and forwards dns queries using TCP connections to public DNS servers. You can use any DNS server you wish, just search the web for one and give it a try!


A normal desproxy session looks like this:

miguel@Kosmos3000$ desproxy 21 4480 2222
desproxy 0.0.8

(c) Miguelanxo Otero Salgueiro 2001

Listening on port 2222
Connection request from, port 1227
Connecting to http proxy (
Bidirectional connection stablished
( <-> (localhost)
proxy -> local (72) bytes
local -> proxy (13) bytes
proxy -> local (35) bytes
local -> proxy (14) bytes
proxy -> local (447) bytes
End of connection.

Here, I connect to my local ftp server ( using my local proxy ( You can see were the connection from another session was accepted (from too :)), how after the connection is accepted desproxy connects to the proxy and some REAL interchange of bytes (a FTP login session).

"desproxy" is quite self explanatory about errors. "desproxy-inetd" is far more obscure, because the way inetd uses it (can't print error messages).

Basically there are two kind of errors:
  • Errors reported when connecting to the proxy: the http page showing the error is displayed.
  • Every other error: a short error message is displayed.
Errors reported by proxy may be the worse...

Some common HTTP errors (as reported by the proxy)

  • HTTP 400 Bad Request -> some versions of desproxy (0.0.21) cause this error (FATAL)
  • HTTP 403 Forbidden -> forbidden to do that (FATAL)
  • HTTP 404 Not Found -> Page not found, or resource not found (MINOR)
  • HTTP 405 Method not Allowed -> can do CONNECT method (FATAL)
  • HTTP 500 Internal Server Error -> maybe you're trying to connect to a closed port (conenection refused) (MINOR)
  • HTTP 503 Service Unavailable -> The proxy can't reach the site (MINOR)
  • HTTP 505 HTTP Version Not Supported -> CONNECT method not available (FATAL)
  • HTTP 502 Bad Gateway -> Stands for "DNS lookup error" (MINOR)
(FATAL) -> forget about using "desproxy", you can't surpass the proxy.
(TODO) -> To do, not yet implemented.
(MINOR) -> temporary fault or maybe YOUR fault!


desproxy is licensed using the GNU GENERAL PUBLIC LICENSE.
Please read GPL.html for more details.