Protocol for secure communication over HTTP

Question

Inspired by this hot question: Is there any reason to block HTTPS?

Is there a way to setup an own server and encrypt all normal requests in the request body?

So for an outside person it would look like filling out a weird form with random data and getting random data back, but in reality it would be the same as the https traffic, or similarly encrypted?

Theoretically this should work, but does such a protocol exist? https over http?

Steffen Ullrich · Answer 1 · 2015-10-24T06:48:58.510

11

You ask for tunneling a protocol (like HTTPS) through plain HTTP. And yes, there is at least httptunnel which does this. From the descrition:

HTTPTunnel is a tunneling software that can tunnel network connections through restrictive HTTP proxies over pure HTTP "GET" and "POST" requests.

But note that if you work in an environment where use of HTTPS is restricted for security or productivity reasons, using such a tool to bypass the block is usually a violation of the policy. And usage of the tool can be detected because it shows abnormal traffic patterns.

edited Oct 24 '15 at 06:48

answered Oct 24 '15 at 05:44

Steffen Ullrich

184,332
29
363
424

another account glitch, so you only get +1 instead of accepted answer :( thank you! – guest Oct 24 '15 at 23:12

score -1 · Answer 2 · answered Oct 24 '15 at 00:41

-1

An encrypted VPN does exactly that.

answered Oct 24 '15 at 00:41

Rodrigo Murillo

1,927
11
17

A VPN usually does not transmit it's data through HTTP requests. – Steffen Ullrich Oct 24 '15 at 05:48

Protocol for secure communication over HTTP

2 Answers2