HTTP tunneling for pen testers

SecurityFocus has published a nice article detailing the basics of HTTP tunneling. Tunneling is a technique that encapsulates network traffic inside other network traffic. In this case, you can encapsulate your attack traffic inside HTTP traffic, which is most likely allowed through your target's perimeter defenses.