Home-made proxy?

joeyjojo · 8 May 2007 at 16:43

The usual get-around-the-school-filter scenario: what is the best way to make a proxy out of my home pc?

The aim is to be able to connect to my ip from a remote (school) computer, and browse the internet without the filter picking anything up. This means the address bar can't be used as that is filtered too.

So I'm thinking: router forwards a port to stunnel, which makes a secure connection. Then stunnel forwards to squid or maybe tor (or rather privoxy and vidalia) which makes the request to the interweb. The data is then passed back to the remote machine which requested it.

But how? And what about the lack of address bar functionality (as anything passed through with that will trigger the filter).

Perhaps running something on IIS would be best? A little php page with a form, address to browse goes into the form (after a password to verify it's me), iis looks it up and passes it back to the remote machine.

Rambling. Any ideas anyway?

Edit: might do this http://www.webstuffscan.com/2006/12/21/accessing-blocked-websites-use-your-own-proxy-server-at-home/

csmager · 8 May 2007 at 16:51

I'd stick to your link. I don't think you're going to get a lot of help - any thread I've seen like this gets closed pretty fast.

joeyjojo · 8 May 2007 at 17:10

csmager said:
I'd stick to your link. I don't think you're going to get a lot of help - any thread I've seen like this gets closed pretty fast.

Really? Why? Seems a bit harsh.

Trifid · 8 May 2007 at 17:14

Thats the one I use. I have it on my home PC and my web hosting. Works well.

Can I also point you to http://lifehacker.com/software/down...-set-up-a-personal-home-web-server-124212.php

And set passwords on your HTTP server for added security.

Use Apache over IIS.

joeyjojo · 8 May 2007 at 17:34

Trifid said:
Thats the one I use. I have it on my home PC and my web hosting. Works well.

Can I also point you to http://lifehacker.com/software/down...-set-up-a-personal-home-web-server-124212.php

And set passwords on your HTTP server for added security.

Use Apache over IIS.

Ok good stuff. Got it all working with password etc.

Although it looks like cgiproxy uses the address bar for its urls. This might be a problem.

Trifid · 8 May 2007 at 17:51

Yeah, you should get something like this:

/nph-proxy.cgi/010110A/http/www.google.co.uk/

This isn't a problem for me. As long as a specific word isn't blocked then it is fine. I did have a problem with proxy being in the URL, all that was needed was a name change (keeping the nph-part).

joeyjojo · 8 May 2007 at 18:08

This will be a problem then, since the filter picks up on individual words in the address bar. Perhaps changing to html characters will still work but will not trigger the filter? Or passing it as a hidden field? (Does it still appear in the address bar that way...?)

Trifid · 8 May 2007 at 18:10

The only other thing I can suggest is a webhop that you use instead of your IP. Something like http://www.dyndns.com where you set your IP with that and you get something like prox.webhop.net

Setup this as well and see if it works tomorrow.

c00kie · 9 May 2007 at 14:18

joeyjojo said:
This will be a problem then, since the filter picks up on individual words in the address bar. Perhaps changing to html characters will still work but will not trigger the filter? Or passing it as a hidden field? (Does it still appear in the address bar that way...?)

take a look at the sub proxy_encode { section of nph-proxy.

joeyjojo · 9 May 2007 at 23:05

c00kie said:
take a look at the sub proxy_encode { section of nph-proxy.

zomg! Bravo thank you very much that's perfect

Please accept this cookie

One for each of you

Looks like one last thing. To get a secure connection I'm using stunnel and pointing the browser at https://my-ip/nph-proxy.cgi however when submitting the form it loses the https. Any ideas there?

Edit: lol your name is cookie, bizarre. Subconcious skimming of page I assume.

Fast edit as I'm stupid: $RUNNING_ON_SSL_SERVER does it

Edit 3: nope, it goes to the wrong port now, eg. https://localhost:1230/nph-proxy.cgi/0101... Maybe as I am on localhost currently?

This is getting messy

joeyjojo · 9 May 2007 at 23:19

New post for neatness. Port mix up there. 1230 was the apache port I chose. It was being passed back in the url when submitting the form.

Which ports to use for which then? I need 443 on the router, which is passed to an arbitrary port in stunnel, which is passed to 443 on apache sounds logical right...? Or must stunnel be 443 too...?

Think I sorted it. Accepting 443 on router. stunnel then accepts 443 and connects to 1000, which is the apache listening port. All good, and should be totally filter proof.

allllec · 10 May 2007 at 21:57

Should be.

However i know personally at my school they filter the CGIProxy web page.. i assume because someone's already done it. However a even better way of getting around it... remote desktop.. a little bit laggy (ie cant watch you tube or anything but still) ofc i cant (well i can but rather not) install in RD software.. so i use Remotelyanywhere.. web based remote control 10/10 imo. Well worth it for anyone interested. Failing that another method is install Torpark. Its firefox except it uses a tunnel.. locked @ 20kbps bbut gets the job done. Although does have problems with posting web forms on myspace.. and one or two other sites..

just some backup ideas anyway :-)

Ta

Alec

waso_dude · 10 May 2007 at 23:41

I work at a School its great fun banning these site

just written a code that stops all secure proxy sites and the proxy code running

joeyjojo · 12 May 2007 at 23:07

allllec said:
so i use Remotelyanywhere.. web based remote control 10/10 imo. Well worth it for anyone interested.

Looks good, thanks

waso_dude said:
I work at a School its great fun banning these site

just written a code that stops all secure proxy sites and the proxy code running

What about my effort though? Would you pick up my request to my home ip in logs? Even though it's https:// surely you would be able to see the request has been made, and add the ip to a custom list?

I have another question, though it might have to be reposted in another forum. How do I add a perl module, specifically Net::SSLeay to my activeperl/apache setup?

re: http://www.jmarshall.com/tools/cgiproxy/#SSL and http://symlabs.com/Net_SSLeay/

Any help or tips gratefully received

joeyjojo · 12 May 2007 at 23:09

I forgot to mention, it works perfectly. Boot the machine into safe mode so that netsupport can't load (ie. they cant see what youre doing remotely), hit the proxy up and view whatever you please

Shoseki · 5 Jun 2007 at 11:42

waso_dude said:
I work at a School its great fun banning these site

just written a code that stops all secure proxy sites and the proxy code running

I'm pretty sure that making a list of banned sites is inherently flawed. Any IP could be used to host a proxy, which means you are faced with two options :

1) Make a list of allowed websites (unsustainable, too many to be interesting, domains etc).
2) Make a list of banned websites (unsustainable, too many to ban, millions of possible IPs).

Which means that it is pretty much impossible for you to block proxies based on IP alone.

The internet was deliberately designed to beat the type of filter you are applying. Even my ISP tries to ban certain websites, but its v easy to get around them, and if I can beat an ISP without "leet skillz", I am sure kids in your school can beat your restrictions.