Bypassing proxy security

Anon

Hi,
Does anyone know a way that i can bypass the security on the proxy server [a program called igear] at school. I need a way which i can download .zip and .exe files, i was thinking that i could have a php script with a form on a server somewhere, i then type in the location of the blocked file i want, it downloadloads it on to that server, renames the file to something that is not blocked then i download it from there.

I'm not sure how to do this, or if php is the language to do this with. Any help would be very helpful.

BBG

toma42

Your solution will work fine and PHP will definatly do the job well.

Looks like you've found a great project to get you into programming php.

Good luck!

Anon

If you manage this PLEASE get in contact with me. I have the very same problem at my school, which uses igear as well. Please mail me. Id offer to help, but ive never touched php 🙂
Thanks
Onions.

toma42

BBG, did you ever do this? it's a very simple thing to code and if you need it done, I wouldn't mind putting in a few minutes to do it.

Later,
Tom

Anon

i haven't actually tried yet as i have been extremly busy with coursework and had actually fogoten about it. Also i wasn't too sure how to do it.

If you do know please tell me, it would be great if you could help.

BBG

Anon

Im a dunce but am interested in this! Someone do it and tell me how to run it!! I will be very greatful. Also the php will run from some server somewhere but whats stops that being banned?

Anon

Well,

Say your local firewall/proxy won't allow .mp3 files into the LAN (ie the school network) from the internet. (when you try to download them it says something like "SORRY BLOCKED FILE TYPE").

My idea downloads a file from the server where the blocked file lives (server A) on to the server where the PHP script itself lives (Server B, most likley my ISP/hoster or something that the school can't control/find out about).

It then renames the new file (as it is now on the same server) to a file with a non-block file name. I can then now download the non-blocked file onto the school machine and not get detected by the proxy. Then just rename it back to the origanal file extension when its finally downloaded onto the schools machine.

The basic idea is that you're just renaming a file to get past security, but on a remote server. The PHP script isn't actually downloaded its self, instead just run like any other server-side script (alla perl, asp ...)

I really should get round to doing it sometime!!! (i need to get back into PHP!!!)

BBG

Anon

Hey Tom... I kind of need this, too... If you wouldn't mind throwing it together for me, and telling me how to use it??? Purty pwease??? It'd be a great help.

toma42

Ok, here is something to start you with:

http://db.etree.org/wddx/anti_filter.phps

Anon

Ok, could you gimme a little help here as to what to do???

Anon

Hi iv read everyones posts, they all seem very interesting. Are you REALLY trying to download EXE and ZIP files? or are you actually trying to get access to web sites that are blocked? The latter I think. The bypass for that is quite simple, and can possibly be altered to work with files also.

In simplified terms, you find a CGI redirector, and direct yourself to the blocked page. By nature of CGI, it creates files 'on the fly' and is not scanned by IGear. So there is your answer for accessing blocked pages, find a web redirect, and bounce yourself off of it to the page that you want access to.

With EXE and ZIP files, the MIME type is checked, so renaming the file extension would be pointless, as it will still be recognised as an EXE or ZIP file. A simple way around this would be SIMPLE encryption. Maybe bitwise, i.e. every character in the blocked file has its ASCII character number shifter one binary place to the left/right. So, for example, "a", which is ASCII 97, becomes ASCII 194. SO a filtered item such as EXE, turns from 69 88 69, to 138 176 138. This cannot be filtered, as the outcome code is twice the value of EXE.

It would be worth noting that the former method, the one with the blocked websites, has been tried and tested. IT WORKS! The latter is still in its testing stages. Any help would be appreciated.

It should be also noted that I made these myself. These are all my ideas, and I am 15 years old. This is DANGEROUS! I have no qualifications, no nothing, I am completely self taught. So how can this 'IGear' be used to protect people of my age and younger, when I can break through it?

Feel free to visit my website, or email me, I may not be able to write back at the moment, as I have exams, and am learning ASP.

This post is by MrUnique14. Visit the website at www.run.to/bobsite.

Chris Maze wrote:

Ok, could you gimme a little help here as to what to do???