Internet filtering

Standard

Most schools and many workplaces filter and restrict their internet, this can be as basic as denying access to a few specified websites, often social media sites such as Facebook or Twitter and look that isn’t a bad thing, if you’re at school or work there is rarely a need for social media websites.

I don’t need access to blocked websites at school, however I’m hardly using my time well already, last week I made a 250 megapixel image of the Canadian flag. I might as well be wasting my time talking to other people on the internet. Basically I think internet filtering is necessary because people cannot just do what they are supposed to do, but hey, they aren’t gonna stop us anyway.

I first got around my schools internet filtering when I was in year 6 by creating a simple PHP script which was something similar to this.

echo file_get_contents($_GET[‘url’]);

I hosted this on my computer at home and opened port 80 on my router. Look I am aware how incredibly insecure that is, but really, if someone hacked me in year 6 what are they gonna find? Flash games and homework about basic addition.

I worked on this script over the next 18 months and eventually had a fully fledged PHP web based proxy, replacing urls, proxing REST requests etc, I have since learnt that there are scripts that do this perfectly which you can just download and run (http://www.glype.com/)

Our internet filtering now is much stricter, packet sniffing and inspecting all http traffic, you even have to install an SSL certificate so it can inspect your secure traffic (if a packet is encrypted without the certificate it is rejected) So after tethering to my phone for internet for a few weeks I found a flaw which I could exploit, and I’m using that flaw right now, port 21 (Unencrypted FTP) packets are all let through (they are filtered by protocol, http proxies never work) SSH works through this port, once I found this the solution was simple: a socks proxy through port 21. In system preferences on a mac you can make all traffic via a certion internet connection forward through a proxy, I have my computer set up forward all traffic on the school wifi through a socks proxy on localhost. I use sshd to create a local socks proxy, forwarding traffic through the ssh tunnel.

The command is a single line on the client machine is simple

ssh -D10800 -p21 [USERNAME]@[SERVERADDRESS]

Anyway, just thought I would share my solution to internet filtering here.

For anyone tl’rd’ing firstly don’t be an asshole I wrote this whole thing so you could do the wrong thing, otherwise heres the basic solution

  • Open ssh server over unfiltered port (port 21 for me)
  • Use sshd to create a socks proxy and tunnel the traffic through the ssh server
  • Forward machines traffic through this proxy server
Advertisements

3 thoughts on “Internet filtering

    • Good article, A little different to the intentions of this. Your article involves using third party software to proxy traffic, which is great because you aren’t paying for your proxy bandwidth however often those programs throttle connections or inject ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s