Bypass proxy server restrictions in the office
So, I think that everyone is more than familiar with the problem of closed sites and other troubles, vilely lying in wait for ordinary office workers.
The first aspect is, in fact, “closed” sites, i.e. those that are denied access. As a result, an unfortunateplankton office worker cannot open the address he needs.
The second is total control by Big Brother, respectively, the ability to intercept any transmitted data (for example, a password from the mail) and monitor what the employee at work does.
UPDATE . This, of course, is not only about sites, but also about all kinds of IMs (where ICQ, jabber, etc., are closed in many places). As for the fact that “we have to work at work”, this is certainly a fact. But personally I am annoyed by the ability of any person to track where I was on the Web, even theoretical.
UPDATE 2 . Gentlemen, I do not understand your negative attitude to this topic. If minus severe office administrators due to the fact that with these methods of circumvention protection is difficult to fight, comment, please.
')
What to do? Without panic, there are as many as two working solutions!
Let's start with the most reliable from the point of view of security, as well as an affordable option.
Tor is a system that allows users to connect anonymously, ensuring the transmission of user data in an encrypted form. With Tor, users can remain anonymous when they visit websites, publish materials, send messages, and work with other applications that use the TCP protocol. Traffic security is ensured through the use of a distributed network of servers called “multilayered routers” (onion routers). Tor also provides protection against traffic analysis mechanisms that threaten not only the user's anonymity, but also the confidentiality of business data, business contacts, etc. Tor operates on-router routers with network levels, allowing for two things: anonymous outgoing connections and anonymous hidden service.
To use Tor, no administrator rights are required on the client’s machine. Here you can download the portable version of the application, which will be easy to work with flash drives.
Next, launch the PortableTor.exe from the directory where you installed the application. The following window appears:
Click the "Settings" button, as a result of which the corresponding window is displayed. Go to the tab "Network" - here are exactly the settings we need. Put a tick to the left of “I use a proxy to access the Internet”, after which we enter a corporate proxy (if it is, of course; if it is not, you do not need to tick a tick), a port (as a rule, 3128, but better clarified) If necessary, the username and password to access the proxy. It is also better to put a tick on "My firewall does not allow connections to all ports," because in most cases it is.
Tor Settings
Pay attention also to the checkbox “My Internet provider is blocking ...” - if nothing works, deal with this option. But, most likely, it is not needed.
At the end of the shamanism with the setting, click "OK", and in the first window click "Start Tor". If everything goes well, you will see the message “Connecting to the Tor network”, after which the tray bulb will turn green, and you will receive the following message: “Tor is running”. The window can be closed.
In order for any application to use the just-configured Tor network, you need to set the following settings in it:
Proxy Type: HTTP
Proxy server address: 127.0.0.1
Port: 8118
Here, strictly speaking, that's all - you quite successfully bypassed the protection of your corporate proxy server.
The second method is much more convenient and flexible than the one described above, but in the process of its implementation there is one significant trick that can be seen on the scheme below:
Obviously, a significant difficulty in implementing this approach is the need for a home server and, accordingly, a fast channel. In addition to the standard port 22, it is necessary to “hang up” the SSH daemon on port 443, since It is unlikely that a corporate proxy will give access to a standard port.
If the above difficulty is not relevant in your case, feel free to download the portable version of Putty . The application also works without administrator rights and runs directly from a flash drive.
After installation, you must perform the following settings.
On the Session tab, enter in the “Host name” field the address of your home server, in the “Port” field, respectively, the port to connect to.
In the options tree on the left, select SSH, Tunnels. On this tab, specify port 7070, Destination - Dynamic, and then click the Add button.
In the options tree on the left, select Proxy. On this tab, specify the type of corporate proxy server (usually HTTP), proxy hostname (for example, proxy) and port (usually 3128).
Return to the Session tab and save the session in order not to override these settings again the next time, then click the Open button. Log in to the server using the login and password (it is better to do for this purpose an individual user). After you log in successfully, use the following data to configure applications:
Proxy Type: SOCKS5
Proxy server address: 127.0.0.1
Port: 7070
Thus, you again successfully bypassed the protection of the corporate proxy server.
The first aspect is, in fact, “closed” sites, i.e. those that are denied access. As a result, an unfortunate
The second is total control by Big Brother, respectively, the ability to intercept any transmitted data (for example, a password from the mail) and monitor what the employee at work does.
UPDATE . This, of course, is not only about sites, but also about all kinds of IMs (where ICQ, jabber, etc., are closed in many places). As for the fact that “we have to work at work”, this is certainly a fact. But personally I am annoyed by the ability of any person to track where I was on the Web, even theoretical.
UPDATE 2 . Gentlemen, I do not understand your negative attitude to this topic. If minus severe office administrators due to the fact that with these methods of circumvention protection is difficult to fight, comment, please.
')
What to do? Without panic, there are as many as two working solutions!
Part one. Onion Net
Let's start with the most reliable from the point of view of security, as well as an affordable option.
Tor is a system that allows users to connect anonymously, ensuring the transmission of user data in an encrypted form. With Tor, users can remain anonymous when they visit websites, publish materials, send messages, and work with other applications that use the TCP protocol. Traffic security is ensured through the use of a distributed network of servers called “multilayered routers” (onion routers). Tor also provides protection against traffic analysis mechanisms that threaten not only the user's anonymity, but also the confidentiality of business data, business contacts, etc. Tor operates on-router routers with network levels, allowing for two things: anonymous outgoing connections and anonymous hidden service.
To use Tor, no administrator rights are required on the client’s machine. Here you can download the portable version of the application, which will be easy to work with flash drives.
Next, launch the PortableTor.exe from the directory where you installed the application. The following window appears:
Click the "Settings" button, as a result of which the corresponding window is displayed. Go to the tab "Network" - here are exactly the settings we need. Put a tick to the left of “I use a proxy to access the Internet”, after which we enter a corporate proxy (if it is, of course; if it is not, you do not need to tick a tick), a port (as a rule, 3128, but better clarified) If necessary, the username and password to access the proxy. It is also better to put a tick on "My firewall does not allow connections to all ports," because in most cases it is.
Tor SettingsPay attention also to the checkbox “My Internet provider is blocking ...” - if nothing works, deal with this option. But, most likely, it is not needed.
At the end of the shamanism with the setting, click "OK", and in the first window click "Start Tor". If everything goes well, you will see the message “Connecting to the Tor network”, after which the tray bulb will turn green, and you will receive the following message: “Tor is running”. The window can be closed.
In order for any application to use the just-configured Tor network, you need to set the following settings in it:
Proxy Type: HTTP
Proxy server address: 127.0.0.1
Port: 8118
Here, strictly speaking, that's all - you quite successfully bypassed the protection of your corporate proxy server.
Part two. Penguin
The second method is much more convenient and flexible than the one described above, but in the process of its implementation there is one significant trick that can be seen on the scheme below:
Obviously, a significant difficulty in implementing this approach is the need for a home server and, accordingly, a fast channel. In addition to the standard port 22, it is necessary to “hang up” the SSH daemon on port 443, since It is unlikely that a corporate proxy will give access to a standard port.
If the above difficulty is not relevant in your case, feel free to download the portable version of Putty . The application also works without administrator rights and runs directly from a flash drive.
After installation, you must perform the following settings.
On the Session tab, enter in the “Host name” field the address of your home server, in the “Port” field, respectively, the port to connect to.
In the options tree on the left, select SSH, Tunnels. On this tab, specify port 7070, Destination - Dynamic, and then click the Add button.
In the options tree on the left, select Proxy. On this tab, specify the type of corporate proxy server (usually HTTP), proxy hostname (for example, proxy) and port (usually 3128).
Return to the Session tab and save the session in order not to override these settings again the next time, then click the Open button. Log in to the server using the login and password (it is better to do for this purpose an individual user). After you log in successfully, use the following data to configure applications:
Proxy Type: SOCKS5
Proxy server address: 127.0.0.1
Port: 7070
Thus, you again successfully bypassed the protection of the corporate proxy server.
Source: https://habr.com/ru/post/52688/
All Articles