Protect yourself from someone looking over your shoulder |
Here's a great application that fits in perfectly with the theme of this page. It's called Ghostzilla; http://www.ghostzilla.com/ . The idea is that you want to surf the web, but have it look like you are doing normal work to people walking by your computer. Ghostzilla is a browser that hides itself in your normal work applications, like Excel, or Word, or Visual Studio... anything. With a swish of the mouse, Ghostzilla pops up and you can surf the web. If you see someone coming, simply move the mouse away, and it disappears, leaving no trace. Plus, you can easily configure it to use the shunnel as described here, for total privacy! |
A Simpler Solution |
Buzzsurf has teamed up with HTTP-Tunnel Corp to encourage users to try the HTTP-Tunnel Client as a simplier alterntive to the procedure described here. Using HTTP-Tunnel , you don't need a computer at home to leave turned on all day. And you don't need to know how to install SSH or Putty. All the network communication is encrypted and sent over standard webserver ports, just like I describe, so it offers just as much protection without the hassle. Try it for free at HTTP-Tunnel.com |
Friday, September 7, 2007
Voila
Configure Internet Explorer |
Now we have to configure Internet Explorer at work to use a SOCKS proxy server. First, at school/work, go to http://www.whatismyip.com . Write down the number. This is your IP address WITHOUT your shunnel enabled. In Internet Explorer;
If your intent is to access MySpace, and MySpace was blocked before, try it now. |
Configuring other applications to use the private connection |
Most applications that access the Internet can be configure to use the shunnel. For it to work, they have to support a SOCKS 4 or SOCKS 5 proxy connection. Instant messaging programs like AIM, ICQ, Yahoo IM, and mIRC all support this. Setup is different for all application, but the settings will be the same. You want to configure the application to use a SOCKS 4 or SOCKS 5 proxy server, Host should be 127.0.0.1, and Port should be 8080. |
Getting your hands dirty
Installation and configuration
Software
Before we start installing and configuring software, you need to find out the following things;
Software
We're going to be using 2 fairly simple pieces of software; an SSH Server and an SSH Client.
There are a few flavors of SSH Server's out there, but we're going to be using OpenSSH because it's free. The website for OpenSSH is http://www.openssh.com . But wait! OpenSSH doesn't run on Windows unfortunately... But there is a site that converted OpenSSH to run on Windows, which is what we want! http://sshwindows.sourceforge.net/ .
Download OpenSSH for Windows from http://sshwindows.sourceforge.net . The version I wrote this document using was 3.7.1p1-1. The latest version should work for you, plus it will have less security holes.
For the SSH Client I recommend using Putty. Putty is a small single executable SSH client with the ability to setup a tunnel. The newer version also support Dynamic Forwarding, which is essential. It's possible to use OpenSSH as your client as well as your server, but Putty is much easier to setup and use. Download putty.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .
- Your home IP Address
- Your work/school external IP Address
Software
We're going to be using 2 fairly simple pieces of software; an SSH Server and an SSH Client.
There are a few flavors of SSH Server's out there, but we're going to be using OpenSSH because it's free. The website for OpenSSH is http://www.openssh.com . But wait! OpenSSH doesn't run on Windows unfortunately... But there is a site that converted OpenSSH to run on Windows, which is what we want! http://sshwindows.sourceforge.net/ .
Download OpenSSH for Windows from http://sshwindows.sourceforge.net . The version I wrote this document using was 3.7.1p1-1. The latest version should work for you, plus it will have less security holes.
For the SSH Client I recommend using Putty. Putty is a small single executable SSH client with the ability to setup a tunnel. The newer version also support Dynamic Forwarding, which is essential. It's possible to use OpenSSH as your client as well as your server, but Putty is much easier to setup and use. Download putty.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .
Before we start installing and configuring software, you need to find out the following things;
Software
We're going to be using 2 fairly simple pieces of software; an SSH Server and an SSH Client.
There are a few flavors of SSH Server's out there, but we're going to be using OpenSSH because it's free. The website for OpenSSH is http://www.openssh.com . But wait! OpenSSH doesn't run on Windows unfortunately... But there is a site that converted OpenSSH to run on Windows, which is what we want! http://sshwindows.sourceforge.net/ .
Download OpenSSH for Windows from http://sshwindows.sourceforge.net . The version I wrote this document using was 3.7.1p1-1. The latest version should work for you, plus it will have less security holes.
For the SSH Client I recommend using Putty. Putty is a small single executable SSH client with the ability to setup a tunnel. The newer version also support Dynamic Forwarding, which is essential. It's possible to use OpenSSH as your client as well as your server, but Putty is much easier to setup and use. Download putty.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .
- Your home IP Address
- Your work/school external IP Address
Software
We're going to be using 2 fairly simple pieces of software; an SSH Server and an SSH Client.
There are a few flavors of SSH Server's out there, but we're going to be using OpenSSH because it's free. The website for OpenSSH is http://www.openssh.com . But wait! OpenSSH doesn't run on Windows unfortunately... But there is a site that converted OpenSSH to run on Windows, which is what we want! http://sshwindows.sourceforge.net/ .
Download OpenSSH for Windows from http://sshwindows.sourceforge.net . The version I wrote this document using was 3.7.1p1-1. The latest version should work for you, plus it will have less security holes.
For the SSH Client I recommend using Putty. Putty is a small single executable SSH client with the ability to setup a tunnel. The newer version also support Dynamic Forwarding, which is essential. It's possible to use OpenSSH as your client as well as your server, but Putty is much easier to setup and use. Download putty.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .
When won't this work?
Please notice the title of this page starts "How To Bypass Most Firewall Restrictions... I say most because the method I describe here will not work for everyone, even if you meet the pre-requisites above. If any of the following are true for you, you probably can't use this method successfully;
- You can not access any external Internet websites; only internal websites or none at all.
- You can access a few specific Internet websites, but no others at all.
If either of the 2 lines above apply to you, your network administrator is working hard because they are using a "pessimistic" blocking strategy. In other words, they have decided to block everything, and probably only allow specific access. The problem with that strategy however, is that it requires much more work and maintenance than using an "optimistic" strategy, in which they allow access to everything and block only certain "things".
The method I describe on this page will not work with a pessimistic blocking strategy because it depends on being able to access your home computer from work. 9 times of 10, if you can't get to www.amazon.com, you won't be able to your home computer either. If for some reason you CAN access your home computer, then great.. proceed If not, you may want to talk to your network administrator. Ask him if they would punch a hole in the firewall so you can SSH to your computer at home. Or come up with some excuse to get access to 1 port on your home computer, then run the SSH server on that port.
Or... maybe you ARE the network administrator and are just curious about how this works. :)
The method I describe on this page will not work with a pessimistic blocking strategy because it depends on being able to access your home computer from work. 9 times of 10, if you can't get to www.amazon.com, you won't be able to your home computer either. If for some reason you CAN access your home computer, then great.. proceed If not, you may want to talk to your network administrator. Ask him if they would punch a hole in the firewall so you can SSH to your computer at home. Or come up with some excuse to get access to 1 port on your home computer, then run the SSH server on that port.
Or... maybe you ARE the network administrator and are just curious about how this works. :)
Subscribe to:
Posts (Atom)