Geheimpläne

retested: HTTP proxy bypassing

2008-11-21T02:40:00.000-05:00

Today the division REtested the (SSH tunnel through Proxy) method to bypass HTTP proxy,

CODENAME: "74" successfully blocked our test with "ssl_handshake: Input/output error"

That are good news for the division and bad news for bad people.

tested new portscanner called: portbunny

2008-09-18T02:40:00.004-04:00

The division tested a new portscanning tool called portbunny,

PortBunny 1.0 is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner...

The division results:

Yes it's fast, but dramaticly slows down the initiating pc and freezes the division-initiating-pc two times!

But we warned: it might be an illegal hacker tool...

success information regarding secret plan: project code E

2008-09-18T02:40:00.002-04:00

Today the division had success!

Phase1 from project code E is completed,

we successfully cloned the hdd and can now start the root-geeting-process,

Please stay tuned.

HTTP proxy bypassing: SSH (Part b)

2008-09-17T02:40:00.005-04:00

HTTP proxy bypassing: SSH (Part b)

The division was assiduously and tried also a setup without an insane "outbound allow ssh"-packetfilter rule on its firewall config to bypass it's proxy. All the traffic should go through the proxy.

What does the division installed and configured therefor?

The tool for this purpose is called proxytunnel and the config is quite easy.

The division setup (/root/.ssh/config):

"
Host mybypasssystem

ProxyCommand /usr/local/bin/proxytunnel -p BIGACMEPROXYSERVER:8080 -d ip-address-of-ssh-server-which-is-owned-by-me:80

The division had to setup their outside SSH Server (ip-address-of-ssh-server-which-is-owned-by-me)

to listen for SSH at port 80,

this is because the proxy will normaly olny allow outgoing traffic via CONNECT to Port 80 and 443.

The last things man needs is to configure on his machine

shell: ssh -D 666 mybypasssystem

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy over the HTTP Proxy itself (in our test)?: yes

and with some ulterior motives we can do even more than HTTP traffic ....

HTTP proxy bypassing: SSH (Part a)

2008-09-16T02:40:00.004-04:00

second technique tested: SSH

Today the division tested another method to bypass HTTP proxy:

a) with SSH

The only thing man needs is to configure on his machine

shell: ssh -D 666 username@ip-address-of-ssh-server-which-is-owned-by-me

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy (in our test)?: yes,

because the division does have an insane "outbound allow ssh"-packetfilter rule on its firewall config.

All the HTTP-traffic form the bowser will be forwarded through port 666 to our SSH-Server and this server connects us to the www.

But there are more possibilities! Please stay tuned for Part b) of this article.

The division will check more and let you know

Addition to the TOR setup test (HTTP proxy bypass)

2008-09-15T16:20:00.000-04:00

So what happen if you surf over HTTPS? (yes, some people would like to do so...)

A simple outbound rule "from:Client to:ANY service:HTTPS" will help but also open TOR (there are only a few TOR router listening on 443, but enough for a successful connect). Also a simple HTTP proxy which just forwards the HTTPS connection does the job: TOR will work.

But what if you UTM solution filters also HTTPS traffic?
The division will test and let you know.

HTTP proxy bypassing: TOR

2008-09-14T16:20:00.000-04:00

First technique tested: TOR
Because there is no Firefox extension with TOR support built in, the division installed the TOR package first, which includes a TOR based HTTP proxy: Privoxy.

The only thing man needs then is to configure the network settings in Firefox to 127.0.0.1:8118 - that's it.
Why installing an additional extension like Torbutton or FoxyProxy? (btw: Tor-Proxy.NET forwards all traffic to 1 private server and later to TOR... (al least they claim so))

So, does TOR help to bypass a HTTP proxy (in our test): nope.

The division does not have an insane "outbound allow all"-packetfilter rule on its firewall config, and that makes it very hard for the local tor-daemon to get a connect to his network. Configuring port 80 and activate "My firewal only lets me connect to certain ports" does not help, because the HTTP proxy of the UTM device does what it should do: filter out non-HTTP traffic.
Last chance: activate "My ISP blocks connections to the TOR network" and configure a TOR-bridge.
So, how should that work without "outbound allow all"...

HTTP proxy bypassing techniques disclosed

2008-09-12T16:20:00.000-04:00

Today the division got non-anonymous hints about HTTP proxy bypassing:

"cached"-mark requests not inspected again - mmhh... ??? (maybe a flaw in a prehistoric SQUID-based HTTP proxy)
TOR support built in in Firefox: nope... but there are 3 extensions, actually only 2
SSH-based tunnel (yeah, not really new)
extra-install-tools (for all those who think squid is something you can eat, tor is the reverse of rot and SSH is the secret service of Elbonia)

The division will check it and let you now.

(If you have some secret information about HTTP proxy bypassing: let us (geheimp@mailservice from google) know, we are the right division for it.

New secret project sketched

2008-09-11T16:20:00.000-04:00

Today the division sketched a new secret project (see whiteboard screen shot): project code "R"
Its not a security project, but security appliances, vile: UTM / XTM (Unified Threat Management / Extensible Threat Management) are involved.

Please stay tuned.

Secret network tool

2008-09-10T16:20:00.000-04:00

Today the division disclosed our top secret network packet generation tool: Scapy
But we warned: it might be an illegal hacker tool...