Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: HTTP tunneling to bypass proxy filter

from [Brandon Louder] Network Security [Permanent Link]
Subject: RE: HTTP tunneling to bypass proxy filter
Date: Mon, 21 Apr 2008 13:05:17 -0500 
I am interested in hearing comments about this as well. I believe there
are some newer web security appliances that do deep inspection at the
application layer that would catch this, hopefully someone else can
contribute.

Another scenario in relation to your custom http tunnel client is a
socks based proxy to an SSH server. If you have an internet facing SSH
server and set it to listen on port 443 you should be able to tunnel
your web traffic over HTTPS. For instance with putty you can do:
putty -D 8080 -P 443 -ssh "ip address"

And then set your web browser to use socks proxy of localhost on port
8080.

All of the web traffic would then show up as https to the remote IP. If
you have a web security appliance that does HTTPS decryption and deep
inspection it may not work, similar as with the HTTP tunnel client.  

-brandon
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of uglyhunK
Sent: Saturday, April 19, 2008 8:39 AM
To: security-basics
Subject: HTTP tunneling to bypass proxy filter


Recently I was challenged by network admin to bypass corporate HTTP
proxy
filter. Easier option would have been to download one of many HTTP
tunnel
clients but that is ruled out as all the sites are blocked. I didn't
want to
email the installation file as there is a strict monitoring policy to
using
email and "leaving no traces" is one of the primary conditions.

Only option left was to write my own HTTP tunneling client and being a
developer I have access to JDK. Server component is written in PHP and
it
works like a charm; all the communication is encoded in base64 (though
not
the best way to obfuscate data). It took me just 10 days to successfully
bypass the proxy filter and access literally all the websites except
https
ones. Just for the info, this is @ one of the largest American banks.
So, I
won the first round and now I threw a challenge @ him to identify this
kinda
of tunneled data and block it successfully.

I'm not sure if he can do this, but, would like to know from you guys if
there is any way for the admin to block me from using custom tunnel
client.


-uglyhunK






-----------------------------------------
Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any
unauthorized review, use, disclosure, or distribution is
prohibited. If you are not the intended recipient, please contact
the sender by reply e-mail and destroy all copies of the original
message.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewall for Windows Server 2003, sirfids
Next by Date:  Re: VMware ESX, Robert Taylor
Previous by Thread:  HTTP tunneling to bypass proxy filter, uglyhunK
Next by Thread:  RE: HTTP tunneling to bypass proxy filter, Hayes, Ian
Indexes:  [Date] [Thread] [Top] [All Lists]