mailing list archives
Re: HTTP tunneling to bypass proxy filter
From: p1g <killfactory () gmail com>
Date: Tue, 22 Apr 2008 21:51:28 -0400
all from a usb thumb drive:
first flash your home linksys router with dd-wrt
configure to use .key auth
configure port forwdaring on putty, lets use dynamic port 1000
from your thumb drive launch portable putty and connect vis ssh over port 443
configure portable firefox to connect using socks on port ??? well
1000 of course
create a bat.file:
plink.exe -switch to use putty session
if all is configured correctly,
you will have established a tunnel on 443 to your newly flashed home router
then you will have tunneled firefox over port 1000 via plink.exe
all cookies and session info is on your thumbdrive not your pc.
how do you stop it?
application layer inspection.
look for ssh protocol that is !22
On Tue, Apr 22, 2008 at 6:12 PM, Francisco Neira Basso
<fneira () defensoria gob pe> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Siddharth Upmanyu wrote:
The firm I work with have recently upgraded their web content
filtering system... earlier it was a weak DNS filtering but now
various new masures and a shining websense installation...
I am doing a similar test on possibilities to gain unrestricted access
to internet bypassing all the content filtering mechanism...
HTTPtunnelV3.3 was an option to test but your home grown solution is
sounding even better to test with..
Another option to test (and to keep users away from) is TOR.
Francisco Neira B.
Seguridad de la Informacion
Defensoria del Pueblo
Lima, Peru -05:00 UTC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+
o" )~ oink oink
' ' ' '
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke