Watch Ethical Hacking: Evading Ids, Firewalls, And Honeypots Course -

The instructor loaded up a tool called HTTPtunnel . "If a firewall allows HTTP outbound, tunnel everything inside HTTP. But not normal HTTP— weird HTTP. Headers out of order. Chunked encoding with false lengths. Firewall's protocol decoder will give up and pass the raw stream to the web server. And the web server? It's yours."

Most firewalls allow outbound SSH (port 22) and DNS (port 53). He showed her how to tunnel a reverse shell over DNS requests. "Firewalls trust DNS," he said. "After all, how else will users resolve google.com?" The instructor loaded up a tool called HTTPtunnel

She connected to a "Linux server" provided in the lab. It looked perfect—Ubuntu banner, bash prompt. She typed the test command. Then she tried to ls /tmp/ . No directory. Honeypot. She disconnected immediately. Headers out of order