Thursday, March 23, 2006

Break out of the office using the proxy server!

Most corporations today have proxy servers governing the access to the internet. Restricting and tracking your access to sites as well as other services the powers at be deem acceptable. I find that it’s actually pretty easy to bypass these restrictions thanks to the way most proxy servers are configured.


So lets have some fun and breaking out of the corporate network! First determine what your proxy server address is. If your internet is working currently, just go to IE’s internet options and take note of your proxy settings. Actually if you didn’t know how to do this already you might want to stop here.

For starters lets just try to access my Unix box at home without any proxy information.

eel3# ssh mjohnson@home

This just hangs since it can’t get out of the network. FYI: I added the ip address of my home system to the hosts file of the server im on.

So now lets take a look at a nice program from Philippe "BooK" Bruhat E (book at cpan.org) called connect-tunnel. Connect tunnel takes advantage of the HTTP connect command which most proxy administrators allow. It acts as a simple port forwarder. So lets give it a try to access my home system again!

Kickoff connect-tunnel in the backgroud.
eel3# ./connect-tunnel.pl --proxy webproxy.mycorp.com:8080 --tunnel 2222:home:22 &

Now lets attempt to ssh to port 2222. This should forward to port 22 on my home server.

eel3# ssh mjohnson@home -p 2222
mjohnson@home's password:
Last login: Thu Mar 23 11:38:37 2006 from mycorpproxy
[mjohnson@home mjohnson]$ hostname
home


Bingo we’re through the proxy with any port we need in this case to my home server. Its important to note if the site or server you are attempting to go to is usually blocked by the content filters then you won’t be able to connect to it. Using ssh to a server of your own we can get around that though!

If your running windows this is much easier with putty. Recent versions of putty come with an option to use proxy servers. This replaces the steps where connect tunnel is used. I want to be able to script all this stuff though, not just get outside the network to surf the web.

Lets focus on the surfing the web though since thats probably what most people are looking for. At this point its easy. We just setup a proxy server of our own such as squid on the home pc. The n open up a tunnel via ssh when we ssh to the home server for the proxy server as well. After that its just pointing whatever you want to use the proxy server port locally defined on your machine.

So we end up with a connect-tunnel going through the proxy server. Then a number of other tunnels for the services you want going over ssh!

For the few admins reading this. You can block the Connect method, but be weary that lots of applications use this and it might just break a number of things!

Happy Surfing!



Read more!

Last posts