Tuesday, October 4, 2011

Yet more fun with SSH tunnels... accessing forbidden Web pages...

This is very interesting and simple hack, and analogous to SMTP one. or inverse version of Web access. Suppose that you want to access some Web site that is blocked by a firewall in your local network where you reside. In case you have some machine outside the local network (and of course, SSH isn't disabled) that you can access blocked Web site. I'll assume that the IP address of that outside machine is o.o.o.o. Furhtermore, suppose that the Web site in question is www.forbidden-web.com. Here is what you have to do:

Step 1. Find out which IP address this www.forbidden-web.com site has. You can use nslookup, host or dig commands for that, e.g.
$ nslookup www.forbidden-web.com
Server:        name_or_ip_address
Address:    some_ip_address_and_port

Name:    www.forbidden-web.com
Address: f.f.f.f
In this example, you are interested in the last line, i.e. IP address f.f.f.f.

Step 2. Edit your local /etc/hosts file and add the following line in it.
127.0.0.1      www.forbidden-web.com
Step 3. Create tunnel:
ssh -L 80:f.f.f.f:80 remoteuser@o.o.o.o
You have to be root in order to run that command. Furthermore, if the target site is accessed via https instead of http, change both number 80 into 443.

Step 4. Open Web browser and try to access forbidden Web site.

And that's it, you are done.

Of course there are some gotchas. For example, if the site you managed to access references some other forbidden site, then things won't fully work. Also, if it switches between protected (https) and unprotected (http) access you'll have problems using this simple method. Still, you can basically get around all those problems in many cases using variations of the previously given procedure.

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive