sábado, 10 de septiembre de 2011

Bypassing webfilters

There are several occasions where you will be at a public terminal, and require access to a particular website that is blocked for some reason or another. How to bypass these restrictions is a very common question, and will be covered here.
Lets pretend for a moment that the Internet is made up of 26 websites, A-Z. The web filter blocks your browser from accessing sites X-Z, but not sites A-W. Simply make the browser think you’re going to A-W. There are a variety of ways to do this:

Proxy Servers:
This is a list of http proxies. These sites may not be up forever, so you may need to search for “free http proxy” or “public proxy servers” or other similar terms.

Proxy server lists:
http://www.aliveproxy.com/
http://www.multiproxy.org/
http://www.publicproxyservers.com/index.html
http://www.tehbox.com/proxy
http://www.proxz.com/
http://www.proxy4free.com/index.html
http://free-proxies.com/

Now that you have a list of proxies, you would open IE (internet explorer) and click on Tools > Internet Options > Connections > LAN Settings > Advanced. Enter the address and port of one of the servers from the list in the proper area (http) and make sure the “use a proxy server for your LAN” option is selected. Remember to replace the proxy and port at your terminal to the original when you're done.
*Note: Some proxies listed may not work, and this method may decrease your surfing speed. By trying various entries, you’ll find one that works, or works faster.

The infamous translation trick:
Go to a web page translation site and use their services to “translate a page to English” thus accessing the blocked page through their trusted site.
You’ll notice that several translation sites are blocked, but by using less popular ones, this method can still be effective. Here is a list of some translation services. Again, these sites may not be up forever, so you may need to search for them.
http://babelfish.altavista.com/
http://world.altavista.com/
http://translation.langenberg.com/
http://freetranslation.com/web.htm

Url Scripting:
Url scripting is the easiest method. It works on a select few web filters and is based on the same principal as the translation trick. By typing an address like “www.yahoo.com@www.restricted_site.com" the filter will not go into effect as it recognizes the trusted site (in this case yahoo.com)

Other tricks:
Simply open the command prompt and type:
Ping restricted.com
restricted.com obviously being the restricted site
At this point you can take down the IP address (ex. 216.109.124.73) and enter it into the browser. If access to the command prompt is also restricted, see “How to bypass restrictions to get to the command prompt.” If this article has been taken from information leak, then know that it involves anything from opening the browser, selecting view > source, then saving it as X.bat and opening it to opening a folder or browser and typing in the location of cmd.exe depending on the OS. I will not go into further, as this a completely different topic.

Use https://restrictedsite.com/ as referring to it as a secured site may confuse the filter.

Note: These are ancient methods that many new filters defend against, but still may be applicable in your situation. If not, a little history never hurt anyone.

Web based Proxies:
Another one of the easier, yet effective methods include web based proxies. These are simple in the fact that you just enter the restricted address and surf! Some of these have some restrictions, like daily usage limits, etc but you can also use another proxy (perhaps one that sucks, like a text only) to bypass their restrictions as well. Here is a list of some:
http://proxify.com/
http://www.anonymizer.com/index.cgi
http://www.guardster.com/
http://anonymouse.ws/anonwww.html
http://www.the-cloak.com/login.html
https://www.megaproxy.com/freesurf
http://www.anonymizer.ru/
https://nadaily.com/cgi-bin/nph-proxyb.cgi
http://www.userbeam.de/cgi-bin/nph-userbeam.cgi
http://www.free2.surffreedom.com/nph-free.cgi

Proxy Programs:
There are many proxy programs that allow you to surf anonymously that are more or less based on the same topics we’ve covered here. I’ve added them just to cover the topic thoroughly:
http://www.hotscripts.com/Detailed/28480.html
http://www.inetprivacy.com/a4proxy/anonymous-grc.htm
http://www.orangatango.com/home/index.ie.html
http://www.steganos.com/
http://www.anonymization.net/ (toolbar that requires admin rights to install)

Making your own CGI proxy server:
Making your own proxy server may come in handy, but I personally find that simply uploading a txt file/w a list of proxies to a free host makes for a much easier and headache free solution. If you don’t know PERL, there is code out there to help you set it up. Check out these sites for more info:
http://httpbridge.sourceforge.net/
http://www.jmarshall.com/tools/cgiproxy
http://www.manageability.org/blog/stuff/open-source-personal-proxy-servers-written-in-java/view

Admin Access:
When all else fails, you can simply take over the PC and alter or delete the damn filter. This method varies according to the OS (operating system) you are dealing with. Please see “Hacking Windows NT/2k/XP” on http://www.informationleak.com/ for more information. I will go as far as to say it can involve booting the PC in another OS, copying the SAM file and cracking it using a program like saminside or LC5 rather than start a whole new topic within this one.

There are obviously more ways to bypass filters than this, and I plan to update this article eventually. For the time being, Ive included quite a few methods for you to use either individually or in conjunction with each other.
Well, I hope that you enjoyed this tutorial and found it helpful. Carpe system.

0 comentarios:

Publicar un comentario