1

My school network has blocked a lot of webpages, including TeamViewer, which I need. The IT department told me to find a proxy, because it was their ISP who had blocked the sites. To connect to the internet all the school computers are set up like this: http://screencast.com/t/AQehWSxRk2N (I have scrolled the URL to the right.)

I have tried http://www.hidemyass.com/ and TORProject and everything, but they don't work. (They do work at home though.)

Do anyone know how to work this out. Maybe to set up my own proxy-server on my computer at home? I tried to find out how to do this once, but I didn't seem to find an easy solution as to how to make a proxy-server. (preferably with a password.)

Thanks! :D

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
Friend of Kim
  • 391
  • 2
  • 3
  • 12

3 Answers3

6

Assuming your home computer is internet-reachable, the easiest thing to do is run an SSH server on your home computer. Then connect to it from your school computer via:

ssh -D 8080 user@home

Then you can set SOCKS proxy of your browser at school to use localhost:8080 and everything will be proxied through the SSH tunnel to home.

There are some issues you'll have to work out:

  • make sure the port you're going to use isn't firewalled at your school
  • make sure your home sshd is set up as securely as possible (no root login allowed, disallow password logins, etc)
  • unless you have a static IP at home, the home computer will need to integrate with a dynamic DNS service so that you know how to reach it
bstpierre
  • 4,868
  • 1
  • 21
  • 34
  • Thanks! My problem is that I'm a webguy. Know everything about the web, but just the basics of CMD, terminal, socks and so on... So, do you know about a specific webpage where I can read more about SSH? – Friend of Kim Dec 05 '11 at 17:04
  • @50ndr33: Windows, linux, Mac, other? – bstpierre Dec 05 '11 at 19:04
  • I have a question about this process.. once you've set this all up, how does the other end know what to do with the request? I Would think that there would have to be some sort of daemon on the other end waiting for a request (like an HTTP GET request) and once it receives one through the tunnel, it acts on it. When the GET request gets to the other side of the tunnel, how does that end know what to do with it? And when it gets a response from whatever server it made the request to, how does it know to send the response back through the tunnel? – Safado Dec 05 '11 at 20:12
  • Windows XP (Professional) or Windows 7 (have two to choose between) – Friend of Kim Dec 05 '11 at 21:42
  • 2
    SSH knows how to tunnel as a SOCKS. All HTTP(S) traffic will reach the destination as you were connecting from remote machine, while this traffic seems to be an SSH connection to the firewall. – phil pirozhkov Dec 05 '11 at 21:56
  • My past experience has been with openssh on cygwin. But it's been a long time since I've used windows heavily. You might start with this: http://sshwindows.sourceforge.net/ -- or post a question (maybe on superuser or serverfault?) about windows ssh servers – bstpierre Dec 06 '11 at 02:27
1

You better force this with unblocked proxy, because your teacher might block your home computer in the future.

Do you check other than hidemyass proxy?

  • anonet2.biz/Open%20Proxies
  • proxy.org/cgi_proxies.shtml

Read this page about Tor Bridges. If you have an email box inside the school network, you can get new bridge by email, 3 IP addresses per ask.

Understanding bridges

As an example, you'll get a bridge entry that looks like the following:

bridge 141.201.27.48:443 4352e58420e68f5e40bf7c74faddccd9d1349413

The first element is the IP address: '141.201.27.48'

The second element is the port: '443'

The third element, the fingerprint, is optional: '4352e58420e68f5e40bf7c74faddccd9d1349413'

In this scenario, Tor will connect to this bridges. This is developed specially against restricted firewalls.

See also: https://trac.torproject.org/projects/tor/wiki/doc/BlockingDiagnostics

Anomalous Awe
  • 51
  • 3
  • The firewall is made by an external firewall company, and is extremely smart. It blocks Tor bridges by looking at the packages. It recognizes Tor traffic by its contents, and not the IP. Since it is automated setting up my own proxy without encryption will probably work. I resolved this by using Google Translate as a proxy :) – Friend of Kim Jan 27 '14 at 21:00
  • Try to use bridge with exotic port, like 22, or something. Are you sure that firewall recognize Tor by signatures in packets? – Anomalous Awe Jan 27 '14 at 21:56
  • I don't know, I just know that it is a good firewall that blocks practically everything the user wants. The bridges didn't work, and changing the port didn't work either. – Friend of Kim Jan 28 '14 at 15:00
  • See https://bridges.torproject.org/ You better to contact to support `help@rt.torproject.org` put `Log debug file /var/log/tor/debug.log` to `/etc/tor/torrc` and send this log to support. Tor project tries to solve all of this problems, there will be a couple of solution against your firewall. – Anomalous Awe Jan 29 '14 at 20:55
  • See https://trac.torproject.org/projects/tor/wiki/doc/BlockingDiagnostics – Anomalous Awe Jan 29 '14 at 21:04
  • Just try to setup Tor bridge at home, setup logging `tcpdump -v -i any -s 0 -w bridge.cap`. Test you brdige from another PC. After this, go to school and try to use your bridge. Come to home and `diff` valid and invalide tries. – Anomalous Awe Jan 29 '14 at 21:07
0

For my part, I bypassed my corporate proxy with a linux server, listening on port 443 (HTTPS) and I configured Bitvise to redirect my calls to my server through the proxy.

For setting up a Windows SSL server, I found that:

To make SSH listening on 443 port, it depends on what SSH implementation you installed on your private computer, but, if you install it through Cygwin, you have to search for sshd_config file, find the line #Port 22, remove the # and change 22 by 443.

On your school's computer's side, you can check for Bitvise as a portable app (you can call it from a USB key - no installation necessary) :

To configure Bitvise, I assume this website is okay (I cannot check it now):

  • www.sshour.com/how-to-connect-to-ssh-tunnel-with-bitvise-ssh-client.html

But, you just have to fill the "proxy settings" by the proxy adress and port you will find in "Internet Options". This will only work if the firewall is weak - without any verification of the actual header of the frames. Indeed, the header will prove that you are trying to connect using SSL on HTTPS port.

Ayanimea
  • 1
  • 1