New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help me smash through this firewall!
Alright, so I've been tasked with getting through a firewall that does the following:
- Blocks all ports except port 8080 where there is a HTTP proxy on a specific address.
- Blocks protocols such as SSH and RDP.
- Has a whitelist and filtering on which sites can be accessed.
- Blocks HTTPS on most sites.
It's probably a lot more restrictive than the GFW...
Can you guys recommend me a few different pieces of software for getting through this? Up to today I had shadowsocks working, but now it's not.
I'd also like to ask if anyone has managed to HTTP proxy through a HTTP Proxy?
Thanks!
Comments
This is much more restrictive than GFW...
GFW is just a detector, but this seems a real FIREWALL.
Maybe you can use a VPS to build a ShadowSocks via 8080.
Have you tried tunneling an SSH session over DNS?
Hmm.. didn't think of that. But SSH is actually blocked, as in they can detect the protocol and terminate the connection.
Sure, but they wouldn't be looking for SSH connections inside valid DNS packets. See http://blog.y3xz.com/blog/2011/11/01/setting-up-an-iodine-ip-over-dns-proxy or http://www.putdispenserhere.com/bypassing-captive-portalsairport-pay-restrictions-with-iodine-on-a-debian-vps-guide/
As @perennate said. They are probably only looking at the packet headers and how they are formed. It would bypass that.
This is assuming they resolve domains that are blocked...
Nope, they block according to a domain whitelist too. But it seems it's a little patchy, so I'm going to hope it works.
Was looking for something with a little more bandwidth, but I guess it'd work..
If you can use any external dns server like google or opendns, maybe you can use openvpn and configure it to listen on UDP 53
Perhaps I can do DNS lookups on the proxy end, that'd be the best option
Firefox seems to have this option in the network settings.
That's what I'm using right now
Does it allows ICMP pings? Then you can use ICMP tunnel: https://en.wikipedia.org/wiki/ICMP_tunnel
As for the HTTP proxy through HTTP proxy is pretty simple with proxychains: http://proxychains.sourceforge.net/
No ICMP pings permitted. Thanks for the link to proxychains!
However, I'm looking for something on Windows...
Wow, didn't even know that was a thing! Thank you!
Just throwing this out there but you can use spiped to create an encrypted tunnel between your PC and a VPS. It's an alternative if ssh isn't possible.
What are you trying to do? Access ssh sites outside? Want to access the LAN behind the firewall from outside?
Is it worth it? 3G internet is cheap nowadays, at least in most places. Don't know about Australia.
1GB at a minimum costs $10 not to mention the coverage is absolutely rubbish.
Access sites blocked by the firewall.
And why do you need more than 1GB? If you are not downloading movies, it's usually more than enough. How much traffic can a ssh connection use...
I'm going to be browsing the internet, hence why I'm proxying. 1GB goes pretty fast when you're running Spotify and browsing the internet.
Plus, like I said, coverage is rubbish. I mean most places are covered by EDGE. A SSH connection will not even start with that, not to mention the latency and speed.
Hahaha our mobile infrastructure sucks.. I really wish we were more condensed like the UK.. or more competitive like the US...
@rds100, it's honestly .. crap .. I can't justify $10 a month for 1GB when I can get a yearly VPS with 500x the bandwidth..
Find a place close by that has free WiFi (i.e. hotel, coffee shop, etc...) then go by a WiFi repeater/extender to make it reach whatever building you're in. If you have some spare routers laying around install DD-WRT on them for a free WiFi extender.
Depending on how long you're in the building with said firewall you can probably get a UPS or 2 and throw an extender in your or a friend's car and park it closer to either building to close the gap.
If it's private property where you can keep stuff outside without it being disturbed you can get some long ethernet cables to help close the gap between buildings also.
Just thinking outside the box here.
Most of this stuff will get the cops called on you here...
This definitely will..
Have you tried connecting to ssh via port 443?
I am using MindTerm (Java based ssh, can be executed in almost any environment) to connect to a machine running ssh on port 443 via the http proxy.
Then you can use MindTerm to forward ports from localhost to anywhere outside or use the SOCKS Proxy plugin of MindTerm to use the ssh connection as a SOCKS Proxy.
If you can install software you can also use LogMeIn Hamachi or Teamviewer VPN to create a vpn with a machine outside.
@trewq @0xdragon Seriously? Do you mean you'll get the cops called on you for doing something suspicious or is it against the law to expand a network or run a WiFi repeater?
Yes, it blocks SSH and port 443 unless you're going through the proxy.
Both. Expanding a network without permission and doing something suspicious. Our government is currently absolutely insane and wants to build a 2 year data retention facility for 400 Million (it'll end up being a lot more than that), and think about it this way.
We have 23,738,800 people in Australia as of 9 February 2015. That's about $16 dollars per person
Insanity at it's best.
If it allows only HTTP, HTTPS and DNS and only to whitelisted hosts then your chances are pretty bad (unless you manage to get one of your servers whitelisted, then it's easy).
You could try setting the HTTP Host header to something like google.com while connecting to your own IP (easy way to do this: redirect google.com to one of your own servers via your hosts file). If that works you can do pretty much anything.
Unless its his WiFi AP it would.