Friday, November 21, 2008

retested: HTTP proxy bypassing


Today the division REtested the  (SSH tunnel through Proxy) method to bypass HTTP proxy,

CODENAME: "74" successfully blocked our test with "ssl_handshake: Input/output error"

That are good news for the division and bad news for bad people.

Thursday, September 18, 2008

tested new portscanner called: portbunny


The division tested a new portscanning tool called portbunny,

"

PortBunny 1.0 is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner...

"

The division results:

Yes it's fast, but dramaticly slows down the initiating pc and freezes the division-initiating-pc two times!

But we warned: it might be an illegal hacker tool...

success information regarding secret plan: project code E



Today the division had success!

Phase1 from project code E is completed,

we successfully cloned the hdd and can now start the root-geeting-process,

Please stay tuned.

Wednesday, September 17, 2008

HTTP proxy bypassing: SSH (Part b)

HTTP proxy bypassing: SSH (Part b)

The division was assiduously and tried also a setup without an insane "outbound allow ssh"-packetfilter rule on its firewall config to bypass it's proxy. All the traffic should go through the proxy.

What does the division installed and configured therefor?

The tool for this purpose is called proxytunnel and the config is quite easy.

The division setup (/root/.ssh/config):

"
Host mybypasssystem

ProxyCommand /usr/local/bin/proxytunnel -p BIGACMEPROXYSERVER:8080 -d ip-address-of-ssh-server-which-is-owned-by-me:80

"

The division had to setup their outside SSH Server (ip-address-of-ssh-server-which-is-owned-by-me)

to listen for SSH at port 80,

this is because the proxy will normaly olny allow outgoing traffic via CONNECT to Port 80 and 443.

The last things man needs is to configure on his machine

shell: ssh -D 666 mybypasssystem

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy over the HTTP Proxy itself (in our test)?: yes

and with some ulterior motives we can do even more than HTTP traffic ....

Tuesday, September 16, 2008

HTTP proxy bypassing: SSH (Part a)

second technique tested: SSH

Today the division tested another method to bypass HTTP proxy:

a) with SSH

The only thing man needs is to configure on his machine

shell: ssh -D 666 username@ip-address-of-ssh-server-which-is-owned-by-me

browser-setup: socks proxy with 127.0.0.1:666

So, does this help to bypass a HTTP proxy (in our test)?: yes,

because the division does have an insane "outbound allow ssh"-packetfilter rule on its firewall config.

All the HTTP-traffic form the bowser will be forwarded through port 666 to our SSH-Server and this server connects us to the www.

But there are more possibilities! Please stay tuned for Part b) of this article.

The division will check more and let you know

Monday, September 15, 2008

Addition to the TOR setup test (HTTP proxy bypass)

So what happen if you surf over HTTPS? (yes, some people would like to do so...)

A simple outbound rule "from:Client to:ANY service:HTTPS" will help but also open TOR (there are only a few TOR router listening on 443, but enough for a successful connect). Also a simple HTTP proxy which just forwards the HTTPS connection does the job: TOR will work.

But what if you UTM solution filters also HTTPS traffic?
The division will test and let you know.

Sunday, September 14, 2008

HTTP proxy bypassing: TOR


First technique tested: TOR
Because there is no Firefox extension with TOR support built in, the division installed the TOR package first, which includes a TOR based HTTP proxy: Privoxy.

The only thing man needs then is to configure the network settings in Firefox to 127.0.0.1:8118 - that's it.
Why installing an additional extension like Torbutton or FoxyProxy? (btw: Tor-Proxy.NET forwards all traffic to 1 private server and later to TOR... (al least they claim so))

So, does TOR help to bypass a HTTP proxy (in our test): nope.

The division does not have an insane "outbound allow all"-packetfilter rule on its firewall config, and that makes it very hard for the local tor-daemon to get a connect to his network. Configuring port 80 and activate "My firewal only lets me connect to certain ports" does not help, because the HTTP proxy of the UTM device does what it should do: filter out non-HTTP traffic.
Last chance: activate "My ISP blocks connections to the TOR network" and configure a TOR-bridge.
So, how should that work without "outbound allow all"...