Showing posts with label SSH. Show all posts
Showing posts with label SSH. Show all posts

Friday, November 21, 2008

retested: HTTP proxy bypassing


Today the division REtested the  (SSH tunnel through Proxy) method to bypass HTTP proxy,

CODENAME: "74" successfully blocked our test with "ssl_handshake: Input/output error"

That are good news for the division and bad news for bad people.

Posted by at No comments:
Labels: , , ,

Wednesday, September 17, 2008

HTTP proxy bypassing: SSH (Part b)

HTTP proxy bypassing: SSH (Part b)

The division was assiduously and tried also a setup without an insane "outbound allow ssh"-packetfilter rule on its firewall config to bypass it's proxy. All the traffic should go through the proxy.

What does the division installed and configured therefor?

The tool for this purpose is called proxytunnel and the config is quite easy.

The division setup (/root/.ssh/config):

"
Host mybypasssystem

ProxyCommand /usr/local/bin/proxytunnel -p BIGACMEPROXYSERVER:8080 -d ip-address-of-ssh-server-which-is-owned-by-me:80

"

The division had to setup their outside SSH Server (ip-address-of-ssh-server-which-is-owned-by-me)

to listen for SSH at port 80,

this is because the proxy will normaly olny allow outgoing traffic via CONNECT to Port 80 and 443.

The last things man needs is to configure on his machine

shell: ssh -D 666 mybypasssystem

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy over the HTTP Proxy itself (in our test)?: yes

and with some ulterior motives we can do even more than HTTP traffic ....

Posted by at No comments:
Labels: , , , ,

Tuesday, September 16, 2008

HTTP proxy bypassing: SSH (Part a)

second technique tested: SSH

Today the division tested another method to bypass HTTP proxy:

a) with SSH

The only thing man needs is to configure on his machine

shell: ssh -D 666 username@ip-address-of-ssh-server-which-is-owned-by-me

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy (in our test)?: yes,

because the division does have an insane "outbound allow ssh"-packetfilter rule on its firewall config.

All the HTTP-traffic form the bowser will be forwarded through port 666 to our SSH-Server and this server connects us to the www.

But there are more possibilities! Please stay tuned for Part b) of this article.

The division will check more and let you know

Posted by at No comments:
Labels: , , , , , ,

Friday, September 12, 2008

HTTP proxy bypassing techniques disclosed

Today the division got non-anonymous hints about HTTP proxy bypassing:
  • "cached"-mark requests not inspected again - mmhh... ??? (maybe a flaw in a prehistoric SQUID-based HTTP proxy)
  • TOR support built in in Firefox: nope... but there are 3 extensions, actually only 2
  • SSH-based tunnel (yeah, not really new)
  • extra-install-tools (for all those who think squid is something you can eat, tor is the reverse of rot and SSH is the secret service of Elbonia)
The division will check it and let you now.

(If you have some secret information about HTTP proxy bypassing: let us (geheimp@mailservice from google) know, we are the right division for it.
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)