If your employer nixes non-work-related sites like Gmail, YouTube, and Facebook, you could try bypassing the blocks with a public proxy -- but those are typically blacklisted, too.
This article is a wiki. Got extra advice? Log in and add it.
Here's how to forge your own detour:
Download the PHProxy program from Sourceforge.net.
Unzip the file and upload the entire folder's contents to a Web host that can run PHP scripts (GoDaddy and Dreamhost offer plans for less than $10 a month).
Enter the host URL into your browser. When the proxy page pops up, type your actual destination into the blank address bar.
You're now free -- and free to poke away.
Contributed by Mathew Honan
Connecting to a ssh server with your webbrowser
If your problem is the reverse (ssh is blocked but surfing is possible) then surf to Webbased SSH, that site allows you to use ssh in your browser (http by default, https if you want to keep your traffic secret).
Contributed by Dale Jaylon
Use an SSH Server on port 443
Your corporate proxy knows nothing about what goes on over SSL/HTTPS connections. They simply allow any TCP connection to port 443 of any IP not blacklisted. So you run an SSH server on port 443 and connect to that to tunnel all your real connections.
If you are using your home internet connection for this, simply go into your router and port forward 443 to port 22 (the normal SSH port) of your computer. If you have a Mac, turn on remote administrator access in "sharing" and you'll be good to go. Or use a dedicated server you may have hired at a colo; Linux firewall rules can forward port 443 to 22 also. If someone knows how to run an SSH server on Windows, please add it here.
Contributed by Ray Carrender
On a windows computer you can add OpenSSH and Cygwin, as it takes quite a bit of information to create a seperate article will be created. installing sshd on windows
On your work computer, find out the IP address of the proxy. You'll likely find this in the connection settings for IE. You may have to download the "PAC" file it references to work out the rules.
Download PuTTY. In "Connection", add the proxy you just discovered as HTTP proxy. The proxy may require your username and password, usually in "domain\user" form. Then in "Connection>SSH>Tunnels" enter 8181 for source port, leave destination empty and select the "Dynamic" radio button and click add. Go back to "Session" and save this session.
Now try and open this session and see if you are in luck. If you are, you log into your server and the tunnel will be active.
Now all you need to do is change your browser to use "localhost:8181" as SOCKS proxy. Stuck on a locked down IE? FireFox installs just fine in your "Documents and Settings" folder without the need to admin rights on your computer.
If the connection failed, it could be that your company use Microsoft's proxy and it requires NTLM authentication, which PuTTY doesn't provide. In that case, download "ntlmaps" which sits between PuTTY and the proxy and takes care of the NTLM authentication.
This is not a step by step guide because the details will be slightly different for everyone. Work it out and prove you are a geek!
Yes, it's a lot of work but I have never not been able to escape the confines of any company, nor has any network security group detected this was happening. YMMV!
This article is a wiki. Got extra advice? Log in and add it.
Here's how to forge your own detour:
Download the PHProxy program from Sourceforge.net.
Unzip the file and upload the entire folder's contents to a Web host that can run PHP scripts (GoDaddy and Dreamhost offer plans for less than $10 a month).
Enter the host URL into your browser. When the proxy page pops up, type your actual destination into the blank address bar.
You're now free -- and free to poke away.
Contributed by Mathew Honan
Connecting to a ssh server with your webbrowser
If your problem is the reverse (ssh is blocked but surfing is possible) then surf to Webbased SSH, that site allows you to use ssh in your browser (http by default, https if you want to keep your traffic secret).
Contributed by Dale Jaylon
Use an SSH Server on port 443
Your corporate proxy knows nothing about what goes on over SSL/HTTPS connections. They simply allow any TCP connection to port 443 of any IP not blacklisted. So you run an SSH server on port 443 and connect to that to tunnel all your real connections.
If you are using your home internet connection for this, simply go into your router and port forward 443 to port 22 (the normal SSH port) of your computer. If you have a Mac, turn on remote administrator access in "sharing" and you'll be good to go. Or use a dedicated server you may have hired at a colo; Linux firewall rules can forward port 443 to 22 also. If someone knows how to run an SSH server on Windows, please add it here.
Contributed by Ray Carrender
On a windows computer you can add OpenSSH and Cygwin, as it takes quite a bit of information to create a seperate article will be created. installing sshd on windows
On your work computer, find out the IP address of the proxy. You'll likely find this in the connection settings for IE. You may have to download the "PAC" file it references to work out the rules.
Download PuTTY. In "Connection", add the proxy you just discovered as HTTP proxy. The proxy may require your username and password, usually in "domain\user" form. Then in "Connection>SSH>Tunnels" enter 8181 for source port, leave destination empty and select the "Dynamic" radio button and click add. Go back to "Session" and save this session.
Now try and open this session and see if you are in luck. If you are, you log into your server and the tunnel will be active.
Now all you need to do is change your browser to use "localhost:8181" as SOCKS proxy. Stuck on a locked down IE? FireFox installs just fine in your "Documents and Settings" folder without the need to admin rights on your computer.
If the connection failed, it could be that your company use Microsoft's proxy and it requires NTLM authentication, which PuTTY doesn't provide. In that case, download "ntlmaps" which sits between PuTTY and the proxy and takes care of the NTLM authentication.
This is not a step by step guide because the details will be slightly different for everyone. Work it out and prove you are a geek!
Yes, it's a lot of work but I have never not been able to escape the confines of any company, nor has any network security group detected this was happening. YMMV!
No comments:
Post a Comment