Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
In a fully firewalled (inbound and outbound connections restricted - except the webserver port)
The webshell can be used to connect to any service on the remote host. This would be a local connection on a local port at the remote host and should be allowed by the firewall.
The webshell will read data from the service port wrap them over HTTP and send it as an HTTP response to the local proxy.
The local proxy will unwrap and write the data to it's local port where the client program would be connected.
When the local proxy receives data on the local port, it will send them over to the webshell as an HTTP Post.
The webshell will read the data from the HTTP Post and put them on the service port
and repeat --^
Only the webserver port needs to be open (typically 80/443) The whole communication (Externally) is done over the HTTP protocol