Office bypass proxy restrictions

Published on February 24, 2009

Office bypass proxy restrictions

    So, I think that everyone is more than familiar with the problem of closed sites and other troubles, vilely awaiting ordinary office workers.
    The first aspect is, in fact, “closed” sites, i.e. those that are denied access. As a result, the unfortunate plankton office worker cannot open the address he needs.
    The second is total control by Big Brother, respectively, the ability to intercept any transmitted data (for example, the password from the mail) and monitor what the employee is doing at work.

    UPDATE. This, of course, is not only about sites, but also about all kinds of IMs (many of which close ICQ, jabber, etc.). As for the fact that “you need to work at work” - of course, this is a fact. But personally, it annoys me the ability of any person to track the places of my stay on the Web, even theoretical.

    UPDATE 2 . Gentlemen, I do not understand your negative attitude to this topic. If harsh office admins are being neglected due to the fact that it is difficult to deal with these methods of bypassing protection, please comment.

    What to do? Without panic, there are as many as two working solutions!

    Part one. Onion nets


    Let's start with the most reliable in terms of security, as well as affordable option.
    Tor is a system that allows users to connect anonymously, providing encrypted transmission of user data. Using Tor, users can remain anonymous when visiting websites, posting materials, sending messages, and working with other applications that use the TCP protocol. Traffic safety is ensured through the use of a distributed network of servers, called “multilayer routers” (onion routers). Tor technology also provides protection from traffic analysis mechanisms, which threaten not only anonymity of the user, but also the confidentiality of business data, business contacts, etc. Tor operates on the network levels of onion routers, allowing you to provide two things: anonymous outgoing connections and anonymous hidden service.
    To use Tor, you do not need administrator rights on the client machine. Here you can download the portable version of the application, which will easily work with a flash drive.
    Next, run PortableTor.exe from the directory in which you installed the application. The following window appears:

    image

    Click on the “Settings” button, as a result of which the corresponding window is displayed. Go to the “Network” tab - here we find the settings we need. Check the box to the left of “I use proxies for accessing the Internet”, then enter the corporate proxy (if there is one, of course; if it is not there, do not need to check the box), port (usually 3128, but it’s better to clarify) and, in if necessary, username and password for access to the proxy. It is also better to check “My firewall does not allow connections to all ports”, because in most cases this is the case.

    imageTor settings

    Pay attention also to the checkbox “My ISP is blocking ...” - if nothing works, deal with this option. But, most likely, she will not be needed.
    At the end of the shamanism with the setting, click “OK”, and in the first window click “Start Tor”. If everything goes well, you will see the message “Connecting to the Tor network”, after which the bulb in the tray will turn green, and you will receive the following message: “Tor is running”. The window can be closed.
    In order for any application to be able to use the just configured Tor network, it is necessary to register the following settings in it:

    Proxy type: HTTP
    Proxy server address: 127.0.0.1
    Port: 8118

    That's, actually, that's all - you quite successfully circumvented your protection corporate proxy server.

    Part two. Penguin


    The second method is much more convenient and flexible than the one described above, but in the process of its implementation there is one significant catch, which can be seen in the diagram below:

    image

    Obviously, the significant difficulty in implementing this approach is the need for a home server and, accordingly, fast channel. At the same time, in addition to the standard 22nd port, you need to “hang” the SSH daemon on the 443rd port, as hardly a corporate proxy will give access to the standard port.
    If the above complexity is not relevant in your case, you can safely download the portable version of Putty . The application also works without administrator rights and runs directly from a flash drive.
    After installation, you must make the following settings.

    On the Session tab, enter the address of your home server in the "Host name" field, in the "Port" field, respectively, the port for connection.

    image

    In the options tree on the left, select SSH, Tunnels. On this tab, specify port 7070, Destination - Dynamic, and then click Add.

    image

    In the options tree on the left, select Proxy. On this tab, specify the type of corporate proxy server (usually HTTP), proxy hostname (for example, proxy) and port (usually 3128).

    image

    Go back to the Session tab and save the session so as not to clog these settings next time again, then click the Open button. Log in to the server using the username and password (it is better to make a separate user for these purposes). After you successfully log in, use the following data to configure applications:

    Proxy type: SOCKS5
    Proxy server address: 127.0.0.1
    Port: 7070

    Thus, you again successfully bypassed the protection of the corporate proxy server.