Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: connect method through a https proxy

  1. #11
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    well ... i've came to the conclusion that there is no transparent proxy set up

    although I type in a browser myip I get the sshd banner, I still cannot connect to my sshd:80 from command line

    Quote Originally Posted by lupin View Post
    Your best bet then is to tunnel your traffic over the allowed protocols, once you work out what those are by testing.
    I could make my sshd listen on 443 and then use proxytunnel with ssh's ProxyCommand ... but I dont know where to get a "good" proxy account ..

    what do you suggest, lupin ?

  2. #12
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by bluerratiq View Post
    what do you suggest, lupin ?
    No transparent proxying or application level filtering should mean that any TCP connection should pass through the firewall unaffected. This should mean that a protocol like ssh would just work, assuming correct configuration of both the client and server.

    Assuming that your ssh server on your home pc and the client at work are both working correctly (you have confirmed this right?), the fact that it doesn't work over an apparently open port suggests that some sort of filtering above layer 4 is occurring. If you can do packet captures from inside the work network you may want to attempt an ssh connection and compare the results to a successful ssh connection that you have performed from outside the work network. You should see a TCP handshake, some clear text communication as the systems send banners and negotiate encryption, and then encrypted traffic. If the handshake succeeds, and some data is received but then responses stop or the connection is suddenly torn down with a RST, its likely some additional filtering is occurring.

    Assuming that additional filtering is occurring, Id suggest testing that you can connect to a http/s website running on your system, and if that works use something like one of the following methods to encapsulate your ssh traffic inside http/s

    http://www.nocrew.org/software/httptunnel.html
    http://dag.wieers.com/howto/ssh-http-tunneling/
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #13
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    According to dag.wieers.com how to ... I need a static ip address, don't I ?
    Since I have a dynamic IP address I am using a dynamic dns client which updates my ip address and resolves it to a hostname (no-ip)
    I am stuck when configuring apache:
    <VirtualHost 10.1.2.3> #this is the static ip ? whatif I have dinamic ip ?

    I hit quick reply and I cannot see it
    Disregard my previous post ... I am looking through httpd documentation.

  4. #14
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    In the past I've used OpenVPN to get through an extremely strict firewall (I'm talking a serious firewall here, it was the firewall that managed my entire college). I set up my home computer to receive HTTPS on TCP port 443, and then within the OpenVPN client program I set it to go through a proxy server. Finally, I edited my routing table so that all internet-bound traffic went through my home computer, meaning I had full internet access to whatever site I wanted and on whatever port I wanted.

    If you're interested, I can fish out my config files for OpenVPN, they're lurking around somewhere on my hard disk. . .

    Oh yeah, I also used DynamicDNS to keep track of my home computer's IP address.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •