A) Not that way. You will be violating HTTP protocol and that
wont get through proxy. Even an IDS might rise an alarm, if target network use such a device.
Easy detectable, generaly not working.
But there is a solution. Split TCP stream to a 'packets' of data and then
transfer these data as a 'CGI script' arguments. Maybe like this:
/cgi-bin/covert.pl?data=34a5c7ef04
/cgi-bin/covert.pl?data=20374a53752042
The back channel will be the 'CGI' response. This way you are efectively making a covert channel, practicaly undetectable.
But very slow one :-)
B) look for httunel on freshmeat