In my post I showed a sample trace from using Identity Cloaker whilst browsing the web with Internet Explorer
Source Destination Protocol Info
192.168.1.2 Proxy IP Address SSL Continuation Data
The question was that Identity Cloaker uses an SSH tunnel to encrypt and protect your web browsing - so why was the data flagged as SSL ?.
Well that puzzled me at first - I was using Wireshark and I know that it easily detects and displays the SSH protocol so why show this as SSL? I had my ideas but just to make sure I asked Tomas France the Owner of Identity Cloaker for some clarification
IDC creates secure tunnel to the server through SSH, just like you do with Putty. The standard port used by SSH is 22. The standard port used by HTTPS/SSL is 443.
Many companies and even some ISPs (I suppose) block any uncommon port, they sometimes allow just a few such as port 80 (HTTP), 25 (SMTP, not always
allowed), 110 (pop3) etc.
However, SSH is not so common and mostly in corporate environment it could
be blocked because the companies do not want their employees to use SSH.
And even some firewall software could block it.
On the other hand, port 443 is (almost) always allowed because it's used
by HTTPS/SSL connections. So I moved SSH on the servers from port 22 to port
443 which confuses some software and makes them believe you are simply
accessing some https websites.
Another benefit of masking SSH as SSL is that both use encryption and the
encrypted data packets look so similar to each other, it is difficult for
network admins/ISPs to spot it "
Thanks Tomas for the clarification and allowing me to post it here ! Many users of Identity Cloaker use the software away from their home PC set up, so making sure that it works in as many environments as possible is important. Enabling the program to mimic the SSL protocol to allow it to operate through the majority of firewalls is actually very simple but also clever.
I've tried in a couple of corporate environments which are more secure than normal (dedicated firewall teams)and it has worked - the other main enabler is the facility to use Identity cloaker through the existing proxy. It certainly bypasses things like surf control and there is no identifiable web sites in the logs. (remember though if a careful search is conducted by a skilled techie - the dataflow could be idenitified as not SSL and the fact that your data was encrypted all the time could be suspicious)
So that's it - it just shows you the thought that has gone into this program. If you want to see this behaviour for yourself - just download the free demo of Identity Cloaker, you'll also need a network sniffer - a great free one is wireshark
Start the sniffer, fire up Identity Cloaker and browse to one of the allowed sites in the demo and you'll see exactly whats your connection looks like to the outside world :) - if you want secure anonymous web surfing there is only one choice on the Internet today in my opinion.