HOW TO: Bypassing content filters - Tilted Forum Project Discussion Community

Vigilante · 07-21-2009, 07:24 AM

Serverside:
1) First, you'll need an SSH server with web access. I use my freeBSD box. You can of course use ubuntu if you like. You could set this up at work if you are on the IT staff and it is approved, or you can set this up at home.

2) At your option, allow X11 forwarding so you can also run apps in GUI from the SSH tunnel. edit sshd_config. Find:

#X11Forwarding yes
make it:
X11Forwarding yes

3) Forward the SSH port. I have a router that allows separate external ports and internal ports to be mapped to the same service.
Outside port: 6000
Inside port: 22

If your router can't do this, then port 22 is fine. You can also change the port for SSH on the server, but I am not covering that right now.

4) Find your external IP at Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS.

Local test client (windows):
5) Go download PuTTY on another computer on the local LAN.

6) Create a new entry, whatever you want to name it. We'll call it FRONTDOOR.
Point it to the external IP.
Make the port 6000 (or 22, depending on how you forwarded the port).
Connection Type SSH.

7) Expand the SSH tree item.
Enable compression
Preferred SSH protocol 2 (or 2 only)
(optional) X11 - Enable X11 forwarding
Tunnels - Source port 6000, Dynamic, then Add. The entry will be D6000

8) Scroll back up to Session, and save the entry again.

9) Now try opening the entry. You should pop up a terminal with login required. If so and you can log in, you have now done the same thing as logging in from anywhere else in the world. Basically you have routed the traffic to the gateway, the gateway has sent it back to your router, the router has allowed the port request, and you are logged in.

10) If you elected for X11 forwarding, now go download xming. Once you run xming, the libraries you need are loaded. Only while it is running, however.

11) Once you have xming running, in the terminal try typing xclock or firefox, and hit enter. You should have a program window on your desktop.

Remote client:
12) You can, if you want to and you own a U3 capable USB drive, go download PuTTY for U3 and Firefox for U3.

13) Set up U3-PuTTY like before. This can be run from any windows computer you plug it into.

For Firefox and U3-Firefox, the setup will be the same:
14) in Firefox, go to Tools / Options / Advanced tab, then the Network subtab. Click settings.

15) In Connection Settings, choose Manual proxy configuration. Only fill in the SOCKS Host, and use 127.0.0.1, port 6000. Set No Proxy for: localhost, 127.0.0.1, LL
where LL is optional and means Local Lan, and the value would be, for instance, 192.168.1.0/24 (example under this field, you'll see).

For true avoidance of detection, you'll need to forward DNS as well.
16) in Firefox, type about:config in the address bar. In the filter bar, type proxy.socks
At this point you should see network.proxy.socks_port as 6000. Leave it be.
Double click network_proxy.socks_remote_dns. This will change the value to true (notice it goes bold when changed from default config).

If on a U3 drive, you now have all traffic in Firefox going to the SSH tunnel and then to your remote machine. If a local install, the same applies but it is not portable.

Enjoy your browsing freedom

Vigilante · 02-09-2010, 01:18 AM

I'm doing this now from the 40th floor of the sheraton in NOLA. I don't get nagged by their in-house DNS servers and I don't have to worry about passing passwords in plain text over HTTP since the tunnel is encrypted. Mods will be able to see my home IP for this post, starting with 75.

Merlocke · 03-08-2010, 11:41 AM

awesome post! thanks for the info.

Cynthetiq · 03-08-2010, 01:07 PM

nice! I'll have to try this one day.
75 is the right number!

Xerxys · 03-17-2010, 10:50 AM

Geez, I had glossed over this thread a while back but now I see it's usefulness. Thanks Vigilante.

Vigilante · 03-18-2010, 04:30 AM

07-21-2009, 07:24 AM	#1 (permalink)
Vigilante Broken Arrow Location: US	HOW TO: Bypassing content filters Serverside: 1) First, you'll need an SSH server with web access. I use my freeBSD box. You can of course use ubuntu if you like. You could set this up at work if you are on the IT staff and it is approved, or you can set this up at home. 2) At your option, allow X11 forwarding so you can also run apps in GUI from the SSH tunnel. edit sshd_config. Find: #X11Forwarding yes make it: X11Forwarding yes 3) Forward the SSH port. I have a router that allows separate external ports and internal ports to be mapped to the same service. Outside port: 6000 Inside port: 22 If your router can't do this, then port 22 is fine. You can also change the port for SSH on the server, but I am not covering that right now. 4) Find your external IP at Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS. Local test client (windows): 5) Go download PuTTY on another computer on the local LAN. 6) Create a new entry, whatever you want to name it. We'll call it FRONTDOOR. Point it to the external IP. Make the port 6000 (or 22, depending on how you forwarded the port). Connection Type SSH. 7) Expand the SSH tree item. Enable compression Preferred SSH protocol 2 (or 2 only) (optional) X11 - Enable X11 forwarding Tunnels - Source port 6000, Dynamic, then Add. The entry will be D6000 8) Scroll back up to Session, and save the entry again. 9) Now try opening the entry. You should pop up a terminal with login required. If so and you can log in, you have now done the same thing as logging in from anywhere else in the world. Basically you have routed the traffic to the gateway, the gateway has sent it back to your router, the router has allowed the port request, and you are logged in. 10) If you elected for X11 forwarding, now go download xming. Once you run xming, the libraries you need are loaded. Only while it is running, however. 11) Once you have xming running, in the terminal try typing xclock or firefox, and hit enter. You should have a program window on your desktop. Remote client: 12) You can, if you want to and you own a U3 capable USB drive, go download PuTTY for U3 and Firefox for U3. 13) Set up U3-PuTTY like before. This can be run from any windows computer you plug it into. For Firefox and U3-Firefox, the setup will be the same: 14) in Firefox, go to Tools / Options / Advanced tab, then the Network subtab. Click settings. 15) In Connection Settings, choose Manual proxy configuration. Only fill in the SOCKS Host, and use 127.0.0.1, port 6000. Set No Proxy for: localhost, 127.0.0.1, LL where LL is optional and means Local Lan, and the value would be, for instance, 192.168.1.0/24 (example under this field, you'll see). For true avoidance of detection, you'll need to forward DNS as well. 16) in Firefox, type about:config in the address bar. In the filter bar, type proxy.socks At this point you should see network.proxy.socks_port as 6000. Leave it be. Double click network_proxy.socks_remote_dns. This will change the value to true (notice it goes bold when changed from default config). If on a U3 drive, you now have all traffic in Firefox going to the SSH tunnel and then to your remote machine. If a local install, the same applies but it is not portable. Enjoy your browsing freedom __________________ We contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle. -Winston Churchill

02-09-2010, 01:18 AM	#2 (permalink)
Vigilante Broken Arrow Location: US	I'm doing this now from the 40th floor of the sheraton in NOLA. I don't get nagged by their in-house DNS servers and I don't have to worry about passing passwords in plain text over HTTP since the tunnel is encrypted. Mods will be able to see my home IP for this post, starting with 75. __________________ We contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle. -Winston Churchill

03-08-2010, 11:41 AM	#3 (permalink)
Merlocke Location: Canada	awesome post! thanks for the info. __________________ -=[ Merlocke ]=-

03-08-2010, 01:07 PM	#4 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	nice! I'll have to try this one day. 75 is the right number! __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-18-2010, 04:30 AM	#6 (permalink)
Vigilante Broken Arrow Location: US	__________________ We contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle. -Winston Churchill

03-17-2010, 10:50 AM	#5 (permalink)
Xerxys Junkie Location: My head.	Geez, I had glossed over this thread a while back but now I see it's usefulness. Thanks Vigilante.