Recents in Beach

Proxy Avoidance, Blocked Proxies - another installment.

Many, many people search on the internet for ways and means to access different sites from work. They'll find loads on the internet on proxy blocking and avoidance techniques, try them at work and school and find they fail dismally. This is because often avoiding content filters or proxies can actually be a little tricky sometimes and each situation is potentially different.

Why Blocked Proxies are not the Only Problem

If you do search, you'll generally be directed to one of the thousands of web based proxies, that exist on the internet. These are generally just little scripts usually written in perl or php that rewrite your web request. They sometime work ok but are often blocked and any basic content filter will stop you using these. Most of the web based proxies are also a pain to use as they usually can't handle SSL and many sites will crash or load very slowly. Besides I don't really want a 14 year old with a web proxy to be in control of all my web traffic either !

I have touched on some of the many problems on my earlier post on proxy avoidance , here I'll explain one of the reasons that these web based proxies or any basic proxy service won't work.

The reason is that the leading content filters now are actually a little bit more sophisticated, there's more to just allowing or blocking requests through for specific URLS. The content filtering technology used by companies like Websense actually filter all the traffic at the packet level. You'll find these filtering devices filtering all the internet traffic for instance through a span port. Websense will actually look at the content of the packet and look for the urls and get requests, that's why proxies don't work, the URLS and IP addresses are still visible in most proxy traffic.

There really is only one way to bypass a correctly configured and set up Websense type content filter and that's to encrypt your connection. If the device cannot read the packet, it won't find the GET request or be aware of the URL, and hence your data will be allowed through safely and securely.

Of course there are many ways of doing this depending on your IT skills and resources. The most basic way of proxy avoidance with encryption is to use a VPN back to your home PC and surf through there. This does require a little technical skill but there are plenty of tutorials out there, again though you may find lack of administrative rights on your PC a problem. Changing the proxy to (your local machine) might sound simple but if your access to proxy settings is blocked it becomes yet another challenge.

In many environments even getting access to the command prompt can even be difficult !

Here's a little trick in this instance, if your access to the command prompt is blocked.
  1. Open Microsoft Word
  2. Start a New Document
  3. Select Insert Object
  4. Select Create from File tab
  5. Type in Command.exe as file name
  6. Select Display as Icon and OK
  7. Click on Icon in Word Document for Command Prompt
This method works most of the time, it can be blocked using standard Windows Group Policy Settings but Technical staff rarely understand these very well.  Anyway here's the screen shots you should see similar to get access and its useful in your proxy avoidance efforts !

Proxy Avoidance Illustration
But to return to the subject, encryption is the key to bypass the likes of Websense.  However you do it, using TOR, your own VPN or some SSL or VPN tunnelling (search my posts I've highlighted some other options)

This is why Identity Cloaker has always worked in every locked down environment I've ever been in, the ability to run it from a USB key and no admin rights requirements is a big advantage, but also Identity Cloaker encrypts your connection and actually tunnels through your work or school proxy.   This also bypasses firewall rulesets which enforce IP address restrictions for internet access.

It is possible Identity Cloaker could be blocked by a firewall and even a tightly configured websense set up, which focussed more on protocols rather than URLs.  However Identity Cloaker has always worked in my tests in many websense environments.

But here a word of caution, make sure you are aware of your works Internet access and information policies, if you break them you may be disciplined, sacked or whatever your organisation decides.  Many will have policies that stipulate what you can do, of course many won't prefering the simple draconian censorship of Websense, et al.

Bring some privacy and freedom to your internet surfing, to see how incredible it works try a cheap trial of Identity Cloaker for your laptop or a USB key and control your own internet access.  Here's a video of it working.

No more blocked facebook, blocked Youtube or those proxy avoidance blues! You can even use it to bypass Geotargeting where web sites are restricted to a specific country like BBC Iplayer and Hulu.

Post a Comment


Anonymous said…
Yes people should be aware that very often restrictions in IT systems are not just there to stop you visiting a page rather they are there to protect the internet network.

The consequences to your career in 'blasting' your way through a corporate firewall could be very dire indeed!
Welshgadgets said…
This is of course a very good point. Access to virus filled and dangerous sites are blocked by your proxy or content filter mainly to protect the internal network.

Encryption hides your connection and the sites you visit, but it offers no direct protection against viruses and malware.