Provided by: desproxy_0.1.0~pre3-6_amd64 bug


       desproxy - a TCP tunnel for HTTP proxies


         desproxy remote_host remote_port proxy_host proxy_port local_port




       HTTP proxies are network servers that are used to give HTTP (web) access to computers that
       are not connected to the Internet. This is a typical scenario in corporate networks and
       recently in home networks too. HTTP proxies connect to the Internet either directly or via
       a parent proxy (which in fact connects to the Internet directly or via another parent
       proxy, and so on...)

       HTTP clients (web browsers) use HTTP proxies to request web pages; the HTTP server just
       forwards those request to the destination server. All the negotiation is done via the HTTP
       protocol, which is designed just to carry HTTP requests and no generic (TCP/IP) traffic.
       That is why you can't (normally) use Internet applications beside your web server if you
       are behind a HTTP proxy.

       That is what desproxy is good for. Desproxy is a TCP tunnel, which means desproxy can
       forward TCP/IP traffic via a HTTP proxy. Desproxy uses a HTTP/1.1 method (CONNECT) to
       establish TCP/IP connections on demand. CONNECT is used for SSL connections when accessing
       to secure sites, so if you can access sites that support SSL ( for example)
       you can use desproxy.

       Not all IP (Internet) traffic is just TCP/IP. In fact there are two more protocols widely
       used in the Internet not supported by desproxy: UDP and ICMP:

       ·   ICMP is used to manage large IP networks. The only application using ICMP you may miss
           is ping.

       ·   UDP is an unreliable connection-less fast transport protocol, mostly used in network
           games and other applications that need low latency network traffic. Notably DNS uses
           UDP packets for fast delivery.

   Will desproxy work with my HTTP proxy?
       Short answer: just give it a try

       Long answer: desproxy should work with every HTTP proxy, with the following exceptions:

       ·   MS Proxies with NTLM authentication. NTLM is a proprietary authentication method from
           Microsoft, not a standard authentication method. Maybe in the future desproxy will
           support NTLM authentication, but currently it doesn't.

       ·   HTTP/1.0 Proxies. Desproxy needs the CONNECT method, which is only available from
           HTTP/1.1 protocol version. It's very unlikely your proxy doesn't accept HTTP/1.1

       ·   HTTP/1.1 Proxies without the CONNECT method. Maybe your network administrator
           deactivated CONNECT support in the proxy, or maybe CONNECT is restricted to the HTTPS
           port (443).

       Let's assume the following:

       ·   your HTTP proxy host name is "proxy" and its address is ""

       ·   your HTTP proxy port is "8080"

       ·   your HTTP proxy doesn't need authentication. It case you need HTTP authentication,
           please read [2]this.

       ·   your system console will be a terminal (xterm, the console or a virtual terminal) if
           you are running Linux, *BSD or other UN*X

   About connections
       Imagine you need a network application that uses only one TCP/IP connection with just one
       server. That's the case of IRC in which you connect to an IRC server or ssh where you
       tipically connect just to one UNIX computer at a time. That's what I called a "static

       Of course that's not the case of a web browser or a file sharing program, both of them
       doing several connections at a time to different computers. That's what I call "dynamic


   item How to use desproxy to connect to IRC
       Suppose you want to connect to IRC using port 6667 as your IRC server.
       First you have to start a system console (see Assumptions above for details) and type

           desproxy 6667 proxy 8080 1080

       That should start desproxy, giving you the copyright notice along with some information.
       The following is a screen capture from desproxy 0.0.23

           desproxy                     0.0.23

           (c) Miguelanxo Otero Salgueiro 2001

           This release brought to you patched
           by Rutger Nijlunsig.

           See RutgerWork.txt in documentation
           for details about new features.

           Great work guy!
           TCP port 1080 Binded & Listening
           Press ENTER to Quit

       Desproxy reports it is listening in local port 1080 ready for a connection.

       Open your favourite IRC client (install it first ;D) and connect to port 1080 as
       your irc server ( is a virtual IP, always referencing to your local machine).
       Then, your IRC client should connect to desproxy. It looks like

           Connection request from, port 1220
           Connecting to http proxy (proxy:8080)
           Bidirectional connection established

       Then you should be able to use your IRC client as if you were directly connected to

   How to use desproxy to log in a computer using ssh
       Suppose you have a shell account in a computer that supports secure connections via ssh.
       Let's assume it's called SSH uses port number 22 by default. So start
       a new system console and type:

          desproxy 22 proxy 8080 1080

       Then, tell your ssh client to connect to localhost ( port 1080 and you should
       get a ssh password prompt!

   How to use desproxy to use other static clients
       Let's assume you want to use network application X, which doesn't support HTTP proxies but
       use one TCP/IP connection (like IRC and SSH).  To make X work with desproxy, you just have
       to 1) Search for the default port of that application 2) Search for the default server of
       that application and 3) Start desproxy, passing that info as command line parameters.
       Format is

           desproxy remote_host remote_port proxy_host proxy_port local_port

       Just give a local_port of your desire, but always over 1023, cause lower ports may need
       administrator privileges.

   About HTTP Authentication
       Some HTTP proxies need for security reasons a method of checking client's identity. That's
       called HTTP authentication (or HTTP authorization).

       Despoxy now supports Basic HTTP authentication. If your proxy needs other kind of
       authentication (either Digest or NTLM) desproxy won't work.

       For desproxy to work with a HTTP proxy that needs authentication, you have to tell
       desproxy which username and password to use. Desproxy reads the environment variable
       PROXY_USER to get that info.

       Suppose your proxy username is "mayka" and your proxy password is "007sgotLTK". Then,
       before using any of the desproxy programs you should type this in your system console:

           set PROXY_USER=mayka:007sgotLTK

       Beware passwords can include some characters that should be escaped from the system
       console. For example, if your password is "moon!=sun", and you are running Linux, you
       should type

           export PROXY_USER=yourusername:moon\!\=sun

       Note characters "!" and "=" are escaped using the backslash "\". If you are running MS
       Windows, as long as I know, you don't have to escape any valid password character.

       head1 Troubleshooting

       A normal desproxy session looks like this:

           $ desproxy 21 4480 2222

           desproxy                  <version>

           (c) Miguelanxo Otero Salgueiro 2001

           Listening on port 2222
           Connection request from, port 1227
           Connecting to http proxy (
           Bidirectional connection stablished
           ( <-> (localhost)
           End of connection.

       Here, a connection to local ftp server ( is made by using local proxy
       ( You can see how, after the connection is accepted, desproxy connected to
       the proxy, interchanged some bytes (a FTP session) and terminates the connection.

       Desproxy is quite self explanatory about errors. Desproxy-inetd is far more obscure,
       because the way inetd uses it (can't print error messages) to the console.

       Basically there are two kind of errors:

       ·   Errors reported when connecting to the proxy: the http page showing the error is

       ·   Every other error: a short error message is displayed.

       Some common HTTP errors (as reported by the proxy)

            * HTTP 400 Bad Request - Some versions of desproxy (0.0.21) cause
              this error (FATAL)
            * HTTP 403 Forbidden - Forbidden to do that (FATAL)
            * HTTP 404 Not Found - Page not found, or resource not found (MINOR)
            * HTTP 405 Method not Allowed - Can't do CONNECT method (FATAL)
            * HTTP 500 Internal Server Error - Maybe you're trying to connect to
              a remote closed port (remote site reported connection refused)
            * HTTP 503 Service Unavailable -> The proxy can't reach the site
            * HTTP 505 HTTP Version Not Supported - CONNECT method not available
            * HTTP 502 Bad Gateway - Stands for "DNS lookup error" (MINOR)

       (FATAL) - Forget about using desproxy, you can't surpass the proxy.  (TODO) - To do, not
       yet implemented.  (MINOR) - Temporary fault or maybe your fault.


           An example:


           Beware passwords can include some characters that should be escaped from the system
           console. For example, if your password is "moon!=sun", and you are running Linux, you
           should type

           An example:


           Note characters "!" and "=" are escaped using the backslash "\".




       dnsproxy-dns(1), dnsproxy-inetd(1), dnsproxy-socksserver(1), connect(1)


       This manual page was written by Jari Aalto <>, for the Debian GNU
       system (but may be used by others). Released under license GPL v2 or, at your option, any
       later version.