You can defeat most web filters by spending
around 8 cents/hr on Amazon EC2. (It’s usually worth the money. It’s a fraction of the cost a phone call or a sandwich. And I usually end up wasting that money anyway on calling someone or eating my way out of the misery of corporate proxies.)
since all the traffic that passed through the tunnel is supposed to be SSL encrypted (so as to form an unhindered SSL session between the browser and the HTTPS server), there are little or no access controls possible on such a tunnel
That means web filters can’t really block HTTPS traffic. So we can redirect web traffic to a local HTTPS server, and set up a server outside the firewall that redirects them back to the regular servers.
So here’s a 16-step recipe to bypass your web filter. (This is the simplest I could make it.)
In Steps 1-7, we’ll launch a server on Amazon EC2 with 2 tweaks. Step 1 enables Port 443, and step 6 re-configures SSH to run on Port 443 instead of on Port 22. (Remember: most proxies block all ports other than 80 and 443). Alestic’s article on how to Automate EC2 Instance Setup with user-data Scripts and this thread on running SSH on port 443 are invaluable.
In steps 14-16, we’ll configure the browser to use the Putty as the SOCKS server.
- Amazon AWS account (sign up for free – you won’t be charged until you use it)
- Putty (which may be available on your Intranet, if you’re lucky)
- On the AWS EC2 Console, click on Security Groups and select the default security group. At the bottom, select HTTPS as the connection method, and save it.
- Click on Key Pairs, select Create Key Pair and type in some name. Click on the Create button and you’ll be asked to download a key file. Save it somewhere safe.
- Run PuttyGen (it comes with Putty), click Load and select the key file you just saved. Now click on Save private key and save it as privatekey.ppk.
- Back on the AWS EC2 Console, click on Launch Instance.
- Select Community AMIs and find ami-ccf615a5. It’s a Ubunty Jaunty 9.04 instance that’s been customised to run scripts passed as user-data. You may pick any other alestic instance. (The screenshot below picks a different instance. Ignore that.)
- Continue until you get to Advanced Instance Options. Here, copy and paste the following under User Data. Do not make a mistake here!
#!/bin/bash mv /etc/ssh/sshd_config /etc/ssh/x sed "s/^#\?Port.*/Port 443/" /etc/ssh/x > /etc/ssh/sshd_config /etc/init.d/ssh restart
- Keep pressing Continue and Launch the instance. Once launched, click on “Instances” on the left, and keep refreshing the page until the status turns green (running). Now, copy the Public DNS of the instance.
- Run Putty. Type in root@<the-public-DNS-you-just-copied> as the host name, and 443 as the port
- Under Connection > Proxy, set HTTP as the proxy type. Type in the Proxy hostname and Port you normally use to access the Internet. Select Yes for Do DNS name lookup at proxy end. Type in your Windows login ID and password.
- Under Connection > SSH, select Enable Compression.
- Under Connection > SSH > Auth, click Browse and select the privatekey.ppk file you’d saved earlier.
- Under Connection > SSH > Tunnels, type 9090 as the Source port, Dynamic as the Destination, and click Add.
- Now click Open. You should get a terminal into your Amazon EC2 instance.
- Open your Browser, and set the SOCKS server to localhost:9090. For Internet Explorer, go to Tools – Options – Connections – LAN Settings, select Use a proxy …, click on Advanced, and type localhost:9090 as the Socks server. Leave all other fields blank.
- For Firefox, go to Tools – Options – Advanced – Network – Settings and select Manual proxy configuration. Set the Socks Host to localhost:9090 and leave all other fields blank.
- Also, go to URL about:config, and make sure that network.proxy.socks_remote_dns is set to true.
ec2-authorize default -p 443
set EC2_JVM_ARGS=-DproxySet=true -DproxyHost=yourproxy \
-DproxyPort=yourport -Dhttps.proxySet=true \
-Dhttps.proxyHost=yourproxy -Dhttps.proxyPort=yourport \
-Dhttp.proxyUser=yourusername -Dhttps.proxyUser=yourusername \
ec2-run-instances ami-ccf615a5 --key mykeypair --user-data-file your-startup-file-containing-lines-in-step-6