How to Break Through a Proxy of Firewall by unformed There are different reasons for breaking through firewalls/proxies. 1.) Get completely unfiltered access to the Internet. 2.) Get unmonitored , or secure, access to the Internet. 3.) Access services normally disallowed by the firewall. This article will demonstrate various ways to get by most implementations of firewall/proxies. In absolutely no way am I responsible if you do anything you're not suppose to (or even suppose to) be doing. If you get caught and fired, tough shit. If you access illegal information, tough shit. If you open up a hole and somebody breaks into your computer, tough shit. I'm not responsible. (This is for the lawsuit-happy bastards out there.) Anyways, let's begin. For all methods, it is expected that you have access to a machine on the other side of the firewall and that it has access to whatever you need. Your machine will be the client and the machine on the other side of the firewall will be the tunnel. The accessed machine will be the server. Furthermore, this article also assumes you have a basic knowledge of your browser's configuration, installing software on your client and tunnel machines, and logging in via SSH A Linux/UNIX box is preferable for the tunnel, but not required by any means. The software is freely available for any system. HTTP Tunneling Through SSH Often only some ports will be firewalled (80, 21, etc.) for caching, filtering, and monitoring purposes. However, they leave direct access available for other ports (25, 23, etc.). If your browser must use a proxy to get access to the web, but you don't require a proxy to get mail, this is probably the implementation. If you have direct access to non-popular ports, you can access almost any service as long as you change the port. Generally, the main purpose of bypassing this firewall is to have unfiltered and/or unmonitored web access. The method can of course be modified to meet your needs. Install a proxy server (i.e., tinyproxy) on the tunnel machine. For security purposes, set the listening port to an odd port (i.e., 8999, REMOTE_PROXY_PORT) or set access rights to only 'localhost'. Install a SSH (i.e., sshd) server on the tunnel. For security purposes, also set the listening port to an odd port. Do not set access rights to only 'localhost' because you'll access the proxy through SSH. Install a SSH client on the client machine. Select a random port (LOCAL_PORT) and then set the browser's proxy to: localhost:LOCAL_PORT Run 'ssh' with LOCAL_PORT forwarded to REMOTE_HOST:REMOTE_PROXY_PORT: ssh -L LOCAL_PORT:REMOTE_HOST:REMOTE_PROXY_HOST -l USERNAME REMOTE_HOST Once connected and logged in, if the proxy and tunnel are working correctly, you've got completely unfiltered web access. (Using a SOCKS5 compliant proxy would offer an almost completely unfiltered and unmonitored connection, as long as the application supported SOCKS proxies.) SSH Tunneling Through HTTP Some implementations allow only HTTP access while blocking all other ports. Check out Corkscrew at agroman.net/cork-screw. Corkscrew is a tool to allow full SSH access through a strict HTTPS session. Then through the SSH access, you can create another tunnel to allow access to all other programs. Conclusion Hopefully this allows some of the people out there to worry a little less about getting caught doing things they're not suppose to. The reason for using SSH in both cases is because it's encrypted. In the event you are caught, at least you're only caught for breaking the rules. There's nothing additionally incriminating. SSH can also be used for a lot more interesting things. Using Windows, you can install Cygwin, SSH into a UNIX box and tunnel over X11 connections, and end up working as if you were actually at the machine. Anyways, that's my story, and I'm sticking to it.
Return to $2600 Index