Welcome, Guest. Please login or register.
Amiga Kit Amiga Store Iridium Banner AMIStore App Store A1200/A600 4xIDE Interface

AuthorTopic: A challenge..  (Read 1789 times)

0 Members and 1 Guest are viewing this topic.

Offline pyrre

A challenge..
« on: March 25, 2011, 01:29:06 PM »
I just received a challenge from my It manager.

At my work we have client computers located behind a firewall and an iron gate server.
The computers do not have admin accounts local. All is managed by active directory.
And certain websites are blocked at request from management.

The servers are intelligent enough to identify any http traffic outside the ordinary. Like http tunnel traffic.

However, my challenge.

Set up a HTTP tunnel server at home.
and run the traffic via the https protocol and encrypt it.

The purpose of this is to be able to browse any website i want.
And of course, the challenge of  braking through the irongate. :D

can this be done?
Amiga 1200 Tower Os 3.9
BPPC 603e+ 040-25/200, 256MBram, BVIsionPPC, Indivision AGA MK2.
Amiga 2000 (rev 4.0) Os 1.2/1.3
2088 bridgeboard, 2MB ram card, 2091 SCSI.
Amiga 500+ Os 2.1
Derringer 030, 32MBram, Buddha in sidecar, Indivision ECS.
Amiga CD32
Video decoder
 

Offline whabang

Re: A challenge..
« Reply #1 on: March 25, 2011, 09:48:37 PM »
Of course it can be done. Set up a server that fetches web pages and then passes them on over an encrypted connection, scrambling the names of pages and files in the process. Obviously, this could still be detected if someone detected unusual amounts of encrypted traffic to one specific server.
Beating the dead horse since 2002.
 

Offline Franko

Re: A challenge..
« Reply #2 on: March 25, 2011, 10:54:50 PM »
Sounds more like your boss was getting some unpaid work from you and you fell for it... :)
 

Offline Kesa

  • Ninja Fruit Slasher
  • Hero Member
  • *****
  • Join Date: Sep 2010
  • Posts: 2408
  • Total likes: 0
Re: A challenge..
« Reply #3 on: March 26, 2011, 03:13:32 AM »
All this effort just to download some porn at work... :rolleyes:
Even my cat doesn\'t like me.
 

Offline Zac67

Re: A challenge..
« Reply #4 on: March 26, 2011, 10:18:50 AM »
Exactly where is the challenge in that?
 

Offline pyrre

Re: A challenge..
« Reply #5 on: March 26, 2011, 11:04:04 AM »
@ all

No it is not for porn. i do that at home :D
And my boss has nothing to do with it. at all...
it is just me and the it management.
The IT dude meant it could not be done. the irongate would scan the datastream and detect http tunneling and discard the traffic.

I claimd if i did it over https and encrypted the stream it would not detect it. and would not discard the transmissions...
I have no clue to how to do it. which is why i asked...
Amiga 1200 Tower Os 3.9
BPPC 603e+ 040-25/200, 256MBram, BVIsionPPC, Indivision AGA MK2.
Amiga 2000 (rev 4.0) Os 1.2/1.3
2088 bridgeboard, 2MB ram card, 2091 SCSI.
Amiga 500+ Os 2.1
Derringer 030, 32MBram, Buddha in sidecar, Indivision ECS.
Amiga CD32
Video decoder
 

Offline Zac67

Re: A challenge..
« Reply #6 on: March 26, 2011, 04:44:42 PM »
He should be looking out for a new job...

As long as HTTP connections are not completely blocked or 'whitelist only' you can certainly circumvent ANYTHING. Those irongates are smart but not omniscient.

You could obfuscate the real URL you're querying into some wild session-id like number and put the response into, say a GIF image. Locally (behind the irongate) you'd run a rather simple proxy that obfuscates the URLs and extracts the responses from the GIFs. At home you'd have a proxy doing exactly the opposite. All the irongate would be seeing is you retrieving GIF images from some server.

If the irongate allows for HTTPS then everything is VERY simple: set up a standard HTTP proxy with an SSL listening port and connect to that. Done.
 

Offline pyrre

Re: A challenge..
« Reply #7 on: March 27, 2011, 02:27:27 PM »
Quote from: Zac67;624829
He should be looking out for a new job...

As long as HTTP connections are not completely blocked or 'whitelist only' you can certainly circumvent ANYTHING. Those irongates are smart but not omniscient.

You could obfuscate the real URL you're querying into some wild session-id like number and put the response into, say a GIF image. Locally (behind the irongate) you'd run a rather simple proxy that obfuscates the URLs and extracts the responses from the GIFs. At home you'd have a proxy doing exactly the opposite. All the irongate would be seeing is you retrieving GIF images from some server.

If the irongate allows for HTTPS then everything is VERY simple: set up a standard HTTP proxy with an SSL listening port and connect to that. Done.

There is only one problem:
You have to use the internal proxy. If you change any proxy settings, the irongate blocks all of your traffic, even Lan activity.
You can only mask any traffic within the http(s) protocol.
Amiga 1200 Tower Os 3.9
BPPC 603e+ 040-25/200, 256MBram, BVIsionPPC, Indivision AGA MK2.
Amiga 2000 (rev 4.0) Os 1.2/1.3
2088 bridgeboard, 2MB ram card, 2091 SCSI.
Amiga 500+ Os 2.1
Derringer 030, 32MBram, Buddha in sidecar, Indivision ECS.
Amiga CD32
Video decoder
 

Offline Zac67

Re: A challenge..
« Reply #8 on: March 27, 2011, 04:54:05 PM »
No problem - just change the internal proxy (your tunneling proxy) to use the IG proxy for connecting out. It'll haul the data without knowing what it's about.
 

Offline odin

  • Colonization had Galleons
  • Hero Member
  • *****
  • Join Date: Feb 2002
  • Posts: 6795
  • Total likes: 0
Re: A challenge..
« Reply #9 on: March 29, 2011, 08:55:26 PM »
Setup SSH tunneling to your home server running a webproxy for port 80 or 443 or whatever port is allowed to go outside your company's network?