How to Break Through a Proxy of Firewall
by unformed
There are different reasons for breaking through firewalls/proxies.
1.) Get completely unfiltered access to the Internet. 2.) Get unmonitored
, or secure, access to the Internet. 3.) Access services normally disallowed
by the firewall.
This article will demonstrate various ways to get by most implementations
of firewall/proxies. In absolutely no way am I responsible if you do anything
you're not suppose to (or even suppose to) be doing. If you get caught and
fired, tough shit. If you access illegal information, tough shit. If you open
up a hole and somebody breaks into your computer, tough shit. I'm not
responsible. (This is for the lawsuit-happy bastards out there.)
Anyways, let's begin.
For all methods, it is expected that you have access to a machine on the
other side of the firewall and that it has access to whatever you need. Your
machine will be the client and the machine on the other side of the firewall
will be the tunnel. The accessed machine will be the server.
Furthermore, this article also assumes you have a basic knowledge of your
browser's configuration, installing software on your client and tunnel machines,
and logging in via SSH
A Linux/UNIX box is preferable for the tunnel, but not required by any
means. The software is freely available for any system.
HTTP Tunneling Through SSH
Often only some ports will be firewalled (80, 21, etc.) for caching,
filtering, and monitoring purposes. However, they leave direct access available
for other ports (25, 23, etc.).
If your browser must use a proxy to get access to the web, but you don't
require a proxy to get mail, this is probably the implementation.
If you have direct access to non-popular ports, you can access almost
any service as long as you change the port. Generally, the main purpose of
bypassing this firewall is to have unfiltered and/or unmonitored web access.
The method can of course be modified to meet your needs.
Install a proxy server (i.e., tinyproxy) on the tunnel machine. For
security purposes, set the listening port to an odd port (i.e., 8999,
REMOTE_PROXY_PORT) or set access rights to only 'localhost'. Install a SSH
(i.e., sshd) server on the tunnel. For security purposes, also set the
listening port to an odd port. Do not set access rights to only
'localhost' because you'll access the proxy through SSH.
Install a SSH client on the client machine.
Select a random port (LOCAL_PORT) and then set the browser's proxy to:
localhost:LOCAL_PORT
Run 'ssh' with LOCAL_PORT forwarded to REMOTE_HOST:REMOTE_PROXY_PORT:
ssh -L LOCAL_PORT:REMOTE_HOST:REMOTE_PROXY_HOST -l USERNAME REMOTE_HOST
Once connected and logged in, if the proxy and tunnel are working
correctly, you've got completely unfiltered web access.
(Using a SOCKS5 compliant proxy would offer an almost completely unfiltered
and unmonitored connection, as long as the application supported SOCKS proxies.)
SSH Tunneling Through HTTP
Some implementations allow only HTTP access while blocking all other
ports. Check out Corkscrew at agroman.net/cork-screw.
Corkscrew is a tool to allow full SSH access through a strict HTTPS
session. Then through the SSH access, you can create another tunnel to
allow access to all other programs.
Conclusion
Hopefully this allows some of the people out there to worry a little less
about getting caught doing things they're not suppose to. The reason for using
SSH in both cases is because it's encrypted. In the event you are caught,
at least you're only caught for breaking the rules. There's nothing
additionally incriminating.
SSH can also be used for a lot more interesting things. Using Windows,
you can install Cygwin, SSH into a UNIX box and tunnel over X11 connections,
and end up working as if you were actually at the machine.
Anyways, that's my story, and I'm sticking to it.
Return to $2600 Index