Overclockers

=ACID RAIN= · 05-05-09, 03:42 PM

First and foremost, please use these powers for good! While you can use this to bypass all sorts of filtering, it doesn't mean you should. I use this while at client sites that use websense, if I need to download something that websense blocks such as freeware.

Serverside:
1) First, you'll need an SSH server with web access. I use my freeBSD box. You can of course use ubuntu if you like. You could set this up at work if you are on the IT staff and it is approved, or you can set this up at home.

2) At your option, allow X11 forwarding so you can also run apps in GUI from the SSH tunnel. edit sshd_config. Find:

#X11Forwarding yes
make it:
X11Forwarding yes

3) Forward the SSH port. I have a router that allows separate external ports and internal ports to be mapped to the same service.
Outside port: 6000
Inside port: 22

If your router can't do this, then port 22 is fine. You can also change the port for SSH on the server, but I am not covering that right now.

4) Find your external IP at www.network-tools.com.

Local test client (windows):
5) Go download PuTTY on another computer on the local LAN.

6) Create a new entry, whatever you want to name it. We'll call it FRONTDOOR.
Point it to the external IP.
Make the port 6000 (or 22, depending on how you forwarded the port).
Connection Type SSH.

7) Expand the SSH tree item.
Enable compression
Preferred SSH protocol 2 (or 2 only)
(optional) X11 - Enable X11 forwarding
Tunnels - Source port 6000, Dynamic, then Add. The entry will be D6000

8) Scroll back up to Session, and save the entry again.

9) Now try opening the entry. You should pop up a terminal with login required. If so and you can log in, you have now done the same thing as logging in from anywhere else in the world. Basically you have routed the traffic to the gateway, the gateway has sent it back to your router, the router has allowed the port request, and you are logged in.

10) If you elected for X11 forwarding, now go download xming. Once you run xming, the libraries you need are loaded. Only while it is running, however.

11) Once you have xming running, in the terminal try typing xclock or firefox, and hit enter. You should have a program window on your desktop.

Remote client:
12) You can, if you want to and you own a U3 capable USB drive, go download PuTTY for U3 and Firefox for U3.

13) Set up U3-PuTTY like before. This can be run from any windows computer you plug it into.

For Firefox and U3-Firefox, the setup will be the same:
14) in Firefox, go to Tools / Options / Advanced tab, then the Network subtab. Click settings.

15) In Connection Settings, choose Manual proxy configuration. Only fill in the SOCKS Host, and use 127.0.0.1, port 6000. Set No Proxy for: localhost, 127.0.0.1, LL
where LL is optional and means Local Lan, and the value would be, for instance, 192.168.1.0/24 (example under this field, you'll see).

For true avoidance of detection, you'll need to forward DNS as well.
16) in Firefox, type about:config in the address bar. In the filter bar, type proxy.socks
At this point you should see network.proxy.socks_port as 6000. Leave it be.
Double click network_proxy.socks_remote_dns. This will change the value to true (notice it goes bold when changed from default config).

If on a U3 drive, you now have all traffic in Firefox going to the SSH tunnel and then to your remote machine. If a local install, the same applies but it is not portable.

Enjoy your browsing freedom

gangaskan · 05-06-09, 08:34 AM

great article acid

very strait to the point!

please keep in mind everyone this is NOT to bypass security implemented by your IS staff. the filters are there for a reason, not only for work performance related tasks, but from a security / Tech support point of view, filters are invaluable.

i cant tell you how many times i've had to clean countless machines till we got our filtering in place. now its on occasion when something slips through

=ACID RAIN= · 05-06-09, 08:48 AM

Yes, this is for IT staff that need to bypass a filter to download something like crimson editor, visit a site that is blocked, etc. It is not to look at porn at work...LOL.

I've had to use this at a couple of sites, like I said. I've shown a couple of my administrators so they know how this works, both for usefulness and so they can monitor the network for SSH if they wish. Not that many users would have any clue how to do this (or what SSH is) but it's more for the sake of information in the admins' case.

gangaskan · 05-06-09, 09:24 AM

either way, its good to know in the event its needed and or needing to be monitored.

05-05-09, 03:42 PM	#1
=ACID RAIN= Member Join Date: May 2003 Location: Kingwood, TX	HOW TO: Bypassing content filters First and foremost, please use these powers for good! While you can use this to bypass all sorts of filtering, it doesn't mean you should. I use this while at client sites that use websense, if I need to download something that websense blocks such as freeware. Serverside: 1) First, you'll need an SSH server with web access. I use my freeBSD box. You can of course use ubuntu if you like. You could set this up at work if you are on the IT staff and it is approved, or you can set this up at home. 2) At your option, allow X11 forwarding so you can also run apps in GUI from the SSH tunnel. edit sshd_config. Find: #X11Forwarding yes make it: X11Forwarding yes 3) Forward the SSH port. I have a router that allows separate external ports and internal ports to be mapped to the same service. Outside port: 6000 Inside port: 22 If your router can't do this, then port 22 is fine. You can also change the port for SSH on the server, but I am not covering that right now. 4) Find your external IP at www.network-tools.com. Local test client (windows): 5) Go download PuTTY on another computer on the local LAN. 6) Create a new entry, whatever you want to name it. We'll call it FRONTDOOR. Point it to the external IP. Make the port 6000 (or 22, depending on how you forwarded the port). Connection Type SSH. 7) Expand the SSH tree item. Enable compression Preferred SSH protocol 2 (or 2 only) (optional) X11 - Enable X11 forwarding Tunnels - Source port 6000, Dynamic, then Add. The entry will be D6000 8) Scroll back up to Session, and save the entry again. 9) Now try opening the entry. You should pop up a terminal with login required. If so and you can log in, you have now done the same thing as logging in from anywhere else in the world. Basically you have routed the traffic to the gateway, the gateway has sent it back to your router, the router has allowed the port request, and you are logged in. 10) If you elected for X11 forwarding, now go download xming. Once you run xming, the libraries you need are loaded. Only while it is running, however. 11) Once you have xming running, in the terminal try typing xclock or firefox, and hit enter. You should have a program window on your desktop. Remote client: 12) You can, if you want to and you own a U3 capable USB drive, go download PuTTY for U3 and Firefox for U3. 13) Set up U3-PuTTY like before. This can be run from any windows computer you plug it into. For Firefox and U3-Firefox, the setup will be the same: 14) in Firefox, go to Tools / Options / Advanced tab, then the Network subtab. Click settings. 15) In Connection Settings, choose Manual proxy configuration. Only fill in the SOCKS Host, and use 127.0.0.1, port 6000. Set No Proxy for: localhost, 127.0.0.1, LL where LL is optional and means Local Lan, and the value would be, for instance, 192.168.1.0/24 (example under this field, you'll see). For true avoidance of detection, you'll need to forward DNS as well. 16) in Firefox, type about:config in the address bar. In the filter bar, type proxy.socks At this point you should see network.proxy.socks_port as 6000. Leave it be. Double click network_proxy.socks_remote_dns. This will change the value to true (notice it goes bold when changed from default config). If on a U3 drive, you now have all traffic in Firefox going to the SSH tunnel and then to your remote machine. If a local install, the same applies but it is not portable. Enjoy your browsing freedom

05-06-09, 08:34 AM	#2
gangaskan Join Date: Dec 2003 Location: Lorain, ohio	great article acid very strait to the point! please keep in mind everyone this is NOT to bypass security implemented by your IS staff. the filters are there for a reason, not only for work performance related tasks, but from a security / Tech support point of view, filters are invaluable. i cant tell you how many times i've had to clean countless machines till we got our filtering in place. now its on occasion when something slips through __________________ Main Rig: [Silverstone TJ06 painted hammer black] [Intel E6550 3.2 ghz 1.35v ] [4 gigs Gskil] [Asus P5k Premium Wifi/ap] [Soundblaster Audiguy ZS platinum] [ATI 3560 pro] [enhiem 1250 pump, Swiftech Storm, primoflex tubing, mcres micro, maze 4 gpu block][ Windows Vista x64 Ultimate sp1] HTPC: [LianLI V300B] [Opty 165 1.88 ghz] [Thermalright XP90] [2 gb OCZ Platinum DDR400] [Soundblaster X-FI Xtreme Music] [8600GT Stock] [Windows Vista Home Premium sp1] Server: [Rocketfish Tower] [c2d E6600][Scythe Ninja Jr] [4 gigs Gskil ddr2 800][ATI X850XT ] [Windows Vista B] Network: Cisco 851W uptime: forever Heatware

05-06-09, 09:24 AM	#4
gangaskan Join Date: Dec 2003 Location: Lorain, ohio	either way, its good to know in the event its needed and or needing to be monitored. __________________ Main Rig: [Silverstone TJ06 painted hammer black] [Intel E6550 3.2 ghz 1.35v ] [4 gigs Gskil] [Asus P5k Premium Wifi/ap] [Soundblaster Audiguy ZS platinum] [ATI 3560 pro] [enhiem 1250 pump, Swiftech Storm, primoflex tubing, mcres micro, maze 4 gpu block][ Windows Vista x64 Ultimate sp1] HTPC: [LianLI V300B] [Opty 165 1.88 ghz] [Thermalright XP90] [2 gb OCZ Platinum DDR400] [Soundblaster X-FI Xtreme Music] [8600GT Stock] [Windows Vista Home Premium sp1] Server: [Rocketfish Tower] [c2d E6600][Scythe Ninja Jr] [4 gigs Gskil ddr2 800][ATI X850XT ] [Windows Vista B] Network: Cisco 851W uptime: forever Heatware

Overclockers

Internet Services

Website Development

Tech Hardware

05-06-09, 08:48 AM	#3
=ACID RAIN= Member Join Date: May 2003 Location: Kingwood, TX	Yes, this is for IT staff that need to bypass a filter to download something like crimson editor, visit a site that is blocked, etc. It is not to look at porn at work...LOL. I've had to use this at a couple of sites, like I said. I've shown a couple of my administrators so they know how this works, both for usefulness and so they can monitor the network for SSH if they wish. Not that many users would have any clue how to do this (or what SSH is) but it's more for the sake of information in the admins' case.