Breaking out of a proxy jail

Introduction

Proxy jails exist all throughout corporate networks. They serve two primary goals: to cache data (thus reducing bandwidth) and to protect the computers inside the local network from threats outside. Often you will have restricted access to only HTTP, and maybe HTTPS and FTP if you're lucky.

This will suit most casual web users fine, as they rarely would need to use the connection for anything more than web browsing. But sometimes you need me. Be it for legitimate reasons, or you are just a control freak. Maybe you want to download from a site that requires FTP access, or you need to SSH home to restart your web server. Or maybe you just want to go on MSN instead of doing what you're paid for. But you can't; your firewall wont allow it. Or will it?

This document details several tools you can use to bypass your firewall to do pretty much whatever you need. Not only will it describe how to get out of a firewall, but how to get back in (assuming you have inside access in the first place).

Important: This tutorial discusses how to bypass most any proxy/firewall arrangement your network has. It does not however, go into the moral issues behind doing such an activity. Sysadmins can get very angry if you try to break through their perfect system. In the worst case scenario this kind of thing can get you fired/suspended/beaten with a wet salmon. You have been warned.

To understand the information in this tutorial you must have a reasonable understanding of your OS and how sockets and proxies work.

I suggest you also read the introduction to how proxies work, to full understand what is going on.

The tools of the trade

Due to the way this tutorial has grown, I've decided to dedicate a separate page to each of the apps. Although there are may apps out there that do much the same thing, these are the ones I've have good experiences with.

• SSH - SSH is useful for creating secure tunnels between two machines. Works both ways.
• Desproxy - An HTTP proxy tunneler that utilises the CONNECT method. Works as a standalone server listening on a port and forwarding to another host via a proxy. Can also run as a SOCKS server.
• Proxytunnel - As above, except it doesn't include a SOCKS server. Can forward STDIN/OUT through a proxy, making it useful for OpenSSL SSH clients.
• SOCKS via HTTP - A Java app that acts as a tunneler between two SOCKS servers, via HTTP. No need for CONNECT method. Unsecure.
• Firepass - Same as above, written in Perl. Doesn't run as a SOCKS server. Server runs within httpd (such as Apache).
• Activate Port Forwarding - TCP/UDP gender bender. Allows port forwarding of a machine behind a firewall the outside. Secure.
• SOCKS - A Java SOCKS server. Useful in combination with both desproxy or APF to allow a full connection, as if you were inside/outside a network (VPN-esque).