Let's be honest: for many of us, our work computer is a little island of home outside of the home. This is probably only fair, considering that our home computer often a branch office outside the office. So in between writing reports and thinking about spreadsheets with calculations, we use our work computers for our personal lives. We buy groceries for our birthday, watch funny clips on YouTube and chat with friends via ICQ or email.
And very often, some things are easier to do with consumer technology than with often clunky enterprise technology - just compare Gmail with a corporate mailbox.
This raises one problem: our employers are unhappy with our behavior in the workplace. Partly because they want us to work in the workplace. And partly they are afraid that what we are doing jeopardizes the company's internal networks. So they ask the IT department to stop us dragging our personal lives from home to work.
So, is the fairy tale over? Well no, not so fast. To find out whether it is possible to bypass the IT department's restrictions, we turned to experts in network resources. Namely, we asked them to find the top 10 secrets that people from the IT department are hiding from us. For example, how to access a blocked site without leaving a trace, or how to chat in real time without downloading a prohibited program.
However, to keep things fair, we also reached out to security experts to find out what we're risking by doing these workarounds.
For tips on hacking, we turned to Gina Trapani, editor of the online guide to productive use of the network Lifehacker.com, Leon Ho, editor of the blog Lifehack.org, and Mark Frauenfelder, founder of the blog BoingBoing.net and editor of Make magazine, which provides technology advice. in a do-it-yourself format.
To assess the risks, we spoke to three experts who make their living helping IT departments write rules and track down bad actors who want to break them. This is John Pironti, chief information threat strategist at the Amsterdam-based consulting firm Getronics, a specialist in information security Mark Lowbel of PricewaterhouseCoopers; and Craig Shmugar, a threat specialist at security software company McAfee.
So here are 10 secrets your IT department is hiding from you, the dangers associated with them, and tips to protect yourself and avoid losing your job when you put them into practice.
1. How to send giant files
Problem: We all need to send large files from time to time, ranging from presentation slides to vacation photos. But if you're sending anything larger than a few megabytes, you risk receiving a message that says you're over your company's limit.
Companies may limit the amount of data their employees can send by mail for one simple reason: they want to avoid overloading their servers, which will slow them down. And approaching management with a request to increase your limit on sent files can be a very tedious process.
Workaround maneuver: Use online services like YouSendIt, SendThisFile or DropSend, which allow you to send large files—sometimes up to several gigabits—for free. To use their services, you usually need to register by providing personal information such as your name and email address. You can then enter the recipient's email address and a message for him or her, and the site will give you instructions on how to download the file. In most cases, a link is sent to the recipient's address, following which he can download the file.
Risk: Since these service sites send your files over the Internet, they are beyond the control of the company. This makes it easier for wily hackers to intercept these files in transit.
How to protect yourself: Some of these sites have a better reputation than others. For example, YouSendIt - new company, which is run by the former head of Adobe Systems and is funded by well-known venture capital firms. Other such sites offer little information about themselves and are therefore more likely to create security holes that hackers can exploit to steal your information.
If the owners of a site are not obvious, there are other benchmarks by which to evaluate it. Look for safety icons - in Internet Explorer This icon looks like a small padlock at the bottom of the screen - which means that this site uses an encryption system to protect the privacy of information from visitors.
2. How to use software, which your company prohibits you from downloading
Problem: Many companies require employees to get permission from the IT department before downloading software. However, this can be problematic if you want to download a program that the IT guys have blacklisted.
Workaround maneuver: There are two easy ways to solve this problem: find an alternative to this program on the Internet or bring the program to external media.
The first method is easier. Let's say your company doesn't allow you to download the popular real-time chat program AOL Instant Messenger. You can still communicate with your friends and colleagues using an online version of the program called AIM Express (AIM.com/aimexpress.adp). Google also has a real-time communication service, Google Talk, available at Google.com/talk. Such programs as music players and video games also have their own Internet versions - usually they are somewhat stripped down compared to the original programs.
The second approach to solving the problem is more complex, but with its help you get access to that very program on your computer. All three of our experts named the company Rare Ideas LLC (RareIdeas.com), which offers free versions popular programs, such as Firefox and OpenOffice. You can download programs to portable devices, such as an iPod or flash drive, through the Portable Apps service (PortableApps.com). After that, you connect this device to your work computer and you're done. (True, if your company prohibits the use external devices, consider yourself unlucky.)
Risk: The use of online services may place undue strain on company resources. And programs on external media create a security risk. IT people prefer to keep control over the software used by employees so that if a virus or other problem occurs, they can easily fix it. If you bring programs with you, the degree of control over them is reduced.
Another thing to keep in mind is that some less secure programs, especially file-sharing programs, may contain spyware.
How to protect yourself: If you bring the program on external media, Lowbell says, at least change the settings antivirus program on your work computer so that it scans your device for potential threats. This is easy to do by going to the “settings” or “options” menu. Likewise, if you use file sharing services, configure them so that others cannot access your files, also through “settings” or “options”.
3. How to access sites blocked by your company
Problem: Companies often restrict their employees' access to certain sites, ranging from the truly obscene (porn sites) and the likely less-than-scrupulous (gambling sites) to the practically innocent (email sites).
Workaround maneuver: Even if your company does not allow you to access these sites, by typing their address in the top line, you can sometimes still get to them in a roundabout way. You go to a site called a “proxy” and type the Internet address you need in the search bar. Then the proxy site goes to the site you need and gives you its image - this way you can see it without going to it directly. For example, Proxy.org serves more than 4 thousand proxy sites.
Frauenfelder and Trapani suggest another way to achieve the same result: use Google Translate and ask it to translate the site name from English to English. Just enter the following text: "Google.com/translate?langpair=en|en&u=www.blockedsite.com", replacing "blockedsite.com" with the address of the site you need. Google essentially acts as a proxy server, finding the mirror site for you.
Risk: If you use a proxy site to view email or YouTube videos, the main danger is that you will be caught by your superiors. But there are also more serious security threats. Sometimes Internet bad guys buy website addresses that are just a letter or two away from popular sites and use them to infect visitors' computers with viruses, Lowbell warns. Often companies block these sites too - but if you use a proxy, you will be defenseless against them.
How to protect yourself: Don't make using proxy sites a habit. Use this method only to access certain sites that your company has closed access to in order to improve productivity - for example, YouTube. And be more careful with spelling.
4. How to cover your tracks on a corporate laptop
Problem: If you use a company-owned laptop to work from home, it's likely that you use it for personal purposes: organizing family vacations, buying books to read on the beach, compiling online photo albums, and so on. Many companies reserve the right to track everything you do on that computer because it is technically the property of the company. What will happen if... uh... your friend accidentally wanders onto a porn site or searches on the Internet for a cure for some shameful disease?
Workaround maneuver: Latest versions Internet browsers Explorer and Firefox allow you to cover your tracks. In IE7, select Tools, then Delete Browsing History. Here you can either erase your entire browsing history by selecting Delete All, or select multiple links that you want to erase. In Firefox, simply press Ctrl-Shift-Del or click on Clear Private Data in the Tools menu.
Risk: Even if you clear your history, surfing the Internet freely still puts you at risk. You could unintentionally pick up spyware on a shady site or create legal problems for your boss with your behavior. If you get caught, at best you could be in an awkward situation, and at worst, you could lose your job.
How to protect yourself: Clean up your personal data as often as possible. Better yet, don't use your work computer for anything you wouldn't want your boss to know about.
5. How to find work documents from home
Problem: You finish your work late at night or on the weekend - but the document you need is left on the office computer.
Workaround maneuver: Google, Microsoft, Yahoo and IAC/InterActiveCorp offer software for quick search documents on the computer desktop. In addition, some of them allow you to search from one computer for documents saved on the desktop of another. How it works? The search engine company stores copies of your documents on its server. This way it can scan these copies when you search remotely.
To use Google's software - one of the most popular - you need to follow these steps. First, set up a Google account on both machines by visiting Google.com/accounts. (Be sure to use the same account on both computers.)
Then go to Desktop.Google.com and download desktop search software. Once it's installed, again on both machines, click on Desktop Preferences, then on Google Account Features. Check the box next to the phrase Search Across Computers. From this point on, all documents you open on both computers are copied to Google servers, which will allow you to find them from both computers.
Risk: Enterprise technology professionals imagine a catastrophic scenario: You've stored highly sensitive financial information on your work computer. We installed a program to access these files from our personal laptop. And then the laptop got lost. Ah ah ah.
In addition, experts found in Google program to search computers for vulnerabilities that could allow hackers to trick a user into giving them access to files, says McAfee's Shmugar. (Those problem areas have since been fixed, but there may be others, he says.)
How to protect yourself: If you have files on your work computer that should never be shared publicly, ask system administrator from IT to help you install Google Desktop in a way that avoids leaks.
6. How to store work files online
Problem: In addition to desktop searches, most people who often have to work from home have found their own solution. They save work files on portable devices or on the company network, from where they later retrieve them remotely. But portable devices can be bulky, and connections to your work network can be slow and unreliable.
Workaround maneuver: Use online storage services such as Box.net, Streamload or AOL's Xdrive. Most of them offer free storage of one to five gigabytes of information, and charge a few dollars a month for a package with additional storage. Another guerrilla method is to send yourself these files to your personal email, such as Gmail or Hotmail.
Risk: Bad guys could steal your password for one of these sites and steal copies of your company's sensitive materials.
How to protect yourself: When you are about to save a particular file on the Internet, ask yourself what will happen if it becomes widely available or falls into the hands of the head of a company that is your main competitor. If nothing bad happens, then continue.
Problem: Many companies have the ability to track emails employees both at their work address and at other email addresses, as well as communication via ICQ.
Workaround maneuver: When you send emails from your personal email box or from work email, you can encrypt them so that only the recipient can read them. IN Microsoft Outlook Click on Tools, then Options and select the Security line.
Here you can enter a password, and no one will be able to open the letter without knowing this password. (You must, of course, give this password to the people for whom these letters are intended in advance.)
For personal correspondence using postal services on the Internet, use Frauenfelder’s advice. When you check your email, add an s after "http" in the address bar of your email site - for example, https://www.Gmail.com. This way you will start a secure session and no one will be able to track your emails. However, not all web services support this.
To encode your communications in real time, use Cerulean Studios' Trillian service, which works with AOL Instant Messenger, Yahoo Messenger and other real-time chat programs and helps you encode your conversations so that no one else can read them.
Risk: The main reason companies monitor employee emails is to catch those who transmit confidential information. By resorting to all of the above tricks, you can provoke a false alarm and make it difficult for IT department employees to deal with a real threat.
How to protect yourself: Use the methods described only occasionally, and do not use them by default.
8. How to get remote access to work email if your company doesn’t want to go broke on a PDA
Problem: Anyone who doesn't have a PDA knows the feeling: you go to a restaurant for lunch or a beer after work, and everyone reaches into their pockets for their PDAs, and you're the only one forced to dangle a glass in your hand.
Workaround maneuver: You too can stay in touch with your work email using a variety of mobile devices. Simply set up your work email so that emails are forwarded to your personal email address.
In Microsoft Outlook you can do this by clicking on right button mouse when working with any letter, selecting "Create a rule" and asking that all letters be forwarded to you to another address. Then set up your mobile phone so that you can check your email using it, following instructions from your provider (the company that sends you your phone bills).
Risk: Now hackers can hack not only your computer, but also your phone.
How to protect yourself: There is a "correct" way to access work email using various personal mobile devices by obtaining the password and other information from the IT department.
9. How to access personal mail from a work PDA
Problem: If your company provided you with a PDA, you're probably facing the opposite problem. You want to check your personal email as easily as your work email.
Workaround maneuver: Pay attention to the "Settings" section of your personal mailbox and make sure that you have activated POP (postal protocol), which is used to receive mail through other addresses. Then go to your BlackBerry PDA service provider's website. Click on the "Profile" button, find the Email Accounts section there (" mailboxes") and select Other Email Accounts. Then click on Add Account and enter information about your personal email address. Now your personal mail will arrive in the same place as corporate mail.
Risk: Your company probably uses an arsenal of security and antivirus tools. spyware. When you receive personal email on your BlackBerry, it bypasses these security barriers. That means spyware or viruses could get into your PDA through your personal email, says McAfee's Shmugar.
What's worse, he says, when you plug your BlackBerry into your work computer, there's a chance that spyware will transfer to your hard drive.
How to protect yourself: Cross your fingers and trust that your ISP Email does everything it can to protect against viruses and spyware (it probably does).
10. How to pretend you're working
Problem: You're busy doing a vital Internet search when suddenly your boss appears behind you. Your actions?
Workaround maneuver: Quickly press Alt-Tab to minimize one window (like the one you're browsing in on ESPN.com) and open another (in preparation for today's presentation).
Risk: The good news is that there is no threat to the company's security.
How to protect yourself: Get to work.
Write an article for us
prompted by one of the questions on the Forum:
We have a LAN network at the university,
there is a proxy server through it and only
through it we go online, try
changing the proxy server does not lead to anything,
but only to one thing, “NO INTERNET”, and
The Internet has been made limited. Limitation
is as follows. They (somehow
way) they blocked access to mp3 files and, in my opinion, to porn (I’m not into that), but I, well
just need a few favorite songs (you
you know how girls love music 🙂). At
When I try to go to the site, mp3 pops up
message:
ACCESS TO THE SITE IS CLOSED BY THE ADMINISTRATOR
Question: How to get around this issue? What methods and
Are there any methods currently available? I'm with it
I encountered this for the first time, please advise me something,
otherwise my boyfriend (talker, and also calls himself
COOL HACKER) fooled my head with these
exploits (I'm not against them, even
on the contrary, I've just never dealt with it
case).
Such questions are received
periodically, so skip the topic
I just couldn’t lift my leg :).
How to fool a proxy
This idea came to me
when I configured squid to trim
banners and other counters. Proxy
filters traffic based on certain
keywords present in the message sent
request. To bypass the filter,
need to get rid of these key
words So, to cheat you will need:
1. Any remote shell,
allowing you to work with lynx (text www browser),
ftp client and connect to it via
ftp protocol.
2. Telnet or ssh client (as some
servers with free shells are allowed
connection only via ssh) on local
car. Telnet comes standard
Windows installation. Ssh client can be downloaded from
server http://www.openssh.com
3. /dev/hands :)
Shell can be obtained
quite simple. There are many
sites with a list of servers that allocate
free account. For example http://www.freebelt.com/freeshells.html.
Or you can use search engines like altavista or google
search for the key "free shell". All in all,
There are quite a few ways to get a shell. Yes,
one more thing. When choosing a shell, look at
disk quota (the amount of allocated disk space
memory for the account). It is advisable that he
reality is at least 10 MB. After registration and
connect to a remote shell, run
lynx and go ahead in search of the necessary information.
Here are a few Lynx commands that can
to be used during operation: G -
Going to the site Up, Down - moving around
links Left - return to the previous page
Right - follow the link D - download file O -
Setting options Q - output H - help. Having found
materials you need, download them to your
account, rename the downloaded files
into something neutral, after which
connect to your account using an ftp client and
calmly download all this crap to yourself
to the car. Then you rename it
back to the original names and boldly
giggle at the admin 😉
ZY If when working with Telnet
You close the window (without terminating your session), then
processes running on a remote shell (for example
downloading a large file) will
continue to execute.
Z.Y.Y. And your guy is really from the category of KUL hackers...
One of the best ways to bypass restrictions is to use an ssh connection to create a universal proxy server directly on your computer. Today I want to develop this topic and answer the following questions:
1) Where can I even get this “ssh access”? It is very difficult?
2) You are already behind a proxy server, which does not allow you to establish direct connections with other computers. How to use the proposed trick?
3) What, the owners of the proxy server really won’t see what resources I’m connecting to? Is this really a proxy bypass?
If you are interested in this topic, read on.
Access via ssh?
If you don’t know what it is at all, I suggest you read the article at the link. Roughly speaking, this is one through which you can establish a connection with another computer. So where can I get a computer that can handle this kind of treatment? I will offer 4 options.
- Think about where you could be and use a Linux-based computer (for example, some foreign institute). Do you have your username and password saved? Then, if they are not deleted, you will most likely be able to use the computer of this organization.
- Do you have your own website? Then it is very possible that the hoster provides access via ssh. If there is no website, then you can buy hosting and a domain (or hosting with a real IP) specifically for this purpose. For example, the cheapest tariff according to the previous link will cost about 50 rubles per month. It is not necessary to create a website.
- I already wrote about using a router for setup. So, if you follow this procedure and buy from a provider, then your home computer will become a good assistant
- Create an account on one of these services. It may be unstable, but it's free.
ssh due to proxy
And it is possible. I will once again send you to read my article about . As it says there, download the putty program and configure it by going to the Connection - SSH - Tunnels tab, type: Dynamic, source port: 8080 (screenshots are in the article at the link). Now all that remains is to configure putty so that it does not connect directly, but uses the proxy server that is interfering with us. To do this, go to the Connection - SSH tab and specify the proxy server settings.
The correct settings can be found according to the instructions in my article about. If you enter everything without errors, putty should connect to the right server and create socks-proxy on your local computer with port 8080. I already wrote about its use in firefox in the article about .
Is it true that no one will know what resources I visit?
Yes and no. First, the hosts of the local proxy server will know that you have connected to your ssh computer. All. They will not know what resources you visit - all traffic will go through putty. But they will know about the presence of this traffic. If you are able to explain it or there is no strict control, then everything will be fine.
But there is another side. If you connect, say, through your home computer, then for everyone it will look like you connected from home. Whether this is good or bad is up to you to decide.
And one more very important point- you must not forget about permission. The fact is that the domain name you are interested in (for example, blocked by vkontakte.ru) must first be converted to an IP address. And with the default settings, it will be resolved not through the ssh tunnel, but directly. Anything will either be blocked or at least captured by the local proxy server. Therefore, we do the following: launch firefox, enter about:config in the address bar, click ok on the ominous warning that we can break everything. We are taken to a page where you can change additional firefox settings. In the filter line, enter proxy.
Most likely, the line network.proxy.socks_remote_dns will not be highlighted, and the value in it will be false. Double-click on it so that it becomes fat and the value changes to true. That's it, the setup is done. Now dns will also be resolved on that side of the tunnel.
Is there something unclear about proxy bypass? Ask questions. I hope this article will help you bypass proxy server restrictions.
How to bypass site blocking?
In this article, I will give you some tips on how to bypass the blocking of a site, visiting which is prohibited by the administration of the office where the computer is located, or by the authorities for political or other reasons. In general, I want to see it, but I can’t. Let's try to break the walls of prohibitions and obstacles on our way. However, I would like to emphasize that the tips below relate rather to the topic safe surfing online and anonymity, rather than being an opportunity to bypass the prohibitions of an office or school administrator.
LET'S AGREE RIGHT AWAY... BYPASSING LEGAL BLOCKS IS A VERY SLIPPERY TOPIC. I WOULD NOT WANT TO BE THE AUTHOR OF A RESOURCE THAT THOSE I AM SETTING YOU AGAINST WILL CAST THEIR LOOK AT. THERE ARE A LOT OF READY-MADE WAYS THAT THE ADMINISTRATION OF YOUR INSTITUTION WILL NOT COPE WITH. THERE ARE ALMOST NOT IN THE ARTICLE. HOWEVER, YOU WILL BE GIVEN PLENTY OF FOOD FOR THOUGHT.
STRAIGHTAWAY…
- The problem with the methods described here (as, indeed, with any) is that, no matter what settings on local machine were not exhibited barriers are installed on unattainable for you apparatus(switchers, routers) or a machine to which you simply do not have access.
- Having successfully tried any method of bypassing the blocking, remember that when using proxy services in any form (directly from a proxy server or through a built-in browser plugin) you are risking information transmitted through these services. So pay attention to visiting sites using a secure protocol https and select a SEPARATE BROWSER that does not work with a proxy to work with sites where you enter passwords and logins (especially those related to payment).
Some of the tips may not work. Prohibition against prohibition is discord. The resource may also be blocked by supervisory authorities. To do this, the most effective method is listed last in the article - the Tor browser. Although when working with a browser, problems arise when working with resources that use a secure connection. And this is almost all social networks. Admins don't sleep either, so try everything.
How to bypass the administrator's ban? Use a proxy.
This is the most easy way which comes to mind. Getting to your personal page on a social network will not be difficult. Here are the addresses of free proxy servers from where you can try to get to a site prohibited by the administrator:
https://proxyweb.net/
https://www.proxy4free.com/(there are a whole bunch of proxy servers here)
Here is the domestic list: http://www.freeproxylists.net/ru/
Just copy and paste the addresses into the address bar. And then on the proxy page enter the social network address. You need to enter the real name of the site:
- Classmates– https://ok.ru/
- In contact with– https://vk.com/
- Photo Country– https://fotostrana.ru/
- My world from Mail.ru – https://my.mail.ru/
...these resources are unlikely to help you. This method also has another disadvantage. The fact is that using a proxy server involves in some way deceiving the site you are visiting. But many sites and blogs (and almost no one) do not need this. This means you may have problems viewing some pages.
How to bypass blocking using browser settings on an office computer?
Recently, a huge number of extensions have appeared for popular browsers that provide bypass for blocking by the office administrator. I think the best such plugins are:
They do not require installation on your computer; they will stick to your browser quickly and quietly. Worth a try.
How to use the Google search engine as a proxy server or how to bypass the administrator's ban and bypass site blocking.
Workers in the office are always bored and simply need to carve out a couple or three hours to communicate on social networks, which can no longer be counted. But the trouble is, evil administrators in their settings have imposed a ban on visiting popular sites. How to do this on your computer is described in this article. But you can’t just get to the computer administrator, and you can’t edit the list of prohibited addresses. And it's not necessary. There are many ways to bypass the administrator's ban on visiting social networks or bypass site blocking. In this article, I'll show you how to do it without using absolutely anything. Practice at home, it won't take much time. We will use search engine Google as a proxy server, that is, bypass all restrictions. We do it step by step; at work you can simply skip some steps.
- Record (purely for yourself) your real IP address. I think you already know how to do this. Maybe follow this link: whatismyipaddress . Do you remember? Close the page.
- Now comes the fun part. We go to the online translation site Google Translate .
- In the left field (of the language from which you will translate), select your native language (I chose, obviously, Russian). On the right is English.
- Now print or copy our website link:
https://whatismyipaddress.com
and paste it into the same field. It should look like this:
- Follow the link from the right window. I turned out to be a resident of India.
I chose the site to determine the IP address for clarity. You need to replace this address with the addresses of your favorite social networking sites and do not forget your registration data. If you do everything right, everything can work out. Then you clear your browsing history and that’s it. This trick will not protect you from anonymity on the network, but you can bypass the network administrator, or rather its settings. Everything, of course, depends on the sleight of hand of the system administrator.
How to bypass site blocking using a secure search engine StartPage Web Search
It is considered a good service in the field of ensuring anonymity. Moreover, you are free to customize the search engine in the same window to suit your needs. The button we need is on the right:
How to bypass website blocking using Google cache: a little cumbersome...
- If you once discovered that your favorite site has been banned, you can try reading cached copies of the site by Google. To do this, use the operator site: when entering the site address. For example, if one day you discover that my blog is blocked by the administration, type in search engine line (not address) Google address of the Computer76 blog in this manner:
site:www.site
The search engine will return cached blog pages that it managed to index and save in the database. Yandex can also do this. If the link to the page is not active, click the Cache or Cached link at the end of the address bar. You can read.
- Another option from old hacker Joni Long using a cache is to use cached information by adding some command to the address. But first, let's try to deceive everyone and everything. Take a look for yourself:
Find a website (let's take mine as an example). However, you do not need to enter his “official” address in the address bar. So look for it in the search bar:
Computer76
Google will return links that no one can block. However, do not rush to cross them. Look here - under the central link (the one in Russian) there is another one; it contains the cache - click on it:
What am I talking about... If you open both of these links in 2 tabs (which seem to lead to the same resource), look carefully at address lines. But it’s not that simple:
and here’s what the same page looks like in the cache:
and so - in the google cache
Do you want anonymity? Let's contact Google directly, without paying attention to the servers of the hosts of these sites. Add
&strip=1
to the right edge of the cache address, and now you can carry out manipulations on someone else’s behalf. However, further surfing on internal links will most likely be impossible.
How to bypass site blocking? TOR
The most effective option that will help you bypass site blocking is to use a special browser (I advise you to immediately get a portable version - in case the administrator has forbidden you to install the program on your machine and you have to run it from a flash drive or from a desktop). Browser Tor– a guarantee that you will see any site, no matter where it is located, and no matter who it is blocked. . It's worth it, believe me, although there's no speed here. With him, all borders will be open to you. The only thing is that you will have to adjust it a little. Lovers Mozilla Firefox recognize your browser without difficulty: TOR uses this particular engine. The default browser settings may be known to the administrator. So let's stick it to TOR proxy server, let's redirect it through a certain port and try it. A list of proxy servers can be found anywhere. Some of them are banned at the level of your admin, some at the level of the site itself. And this is the very case when I urge you not to use the easy way: the addresses of such proxies can be entered manually by your admins, giving an error with the text blk_BL_redirector inside. Contact foreign proxies (cut off Chinese ones).
Actually, the idea came to think of a scheme for accessing via TOR not to all resources, but only to sites blocked by Rospotrebnadzor and .onion resources. Driving all traffic into tor is not the best idea since the speed and stability of communication there is not so great, but sending requests to.onion and sites like rutraker.org and kinozal.tv to tor is a good idea.
You can, of course, redirect the traffic instead of TOR to OpenVPN and then to vps hosting somewhere in Europe, but we are not terrorists who would like to completely disguise ourselves, and let my honest movements be monitored and recorded. I’m still not doing anything illegal, I just download Dontsova from the root tracker a couple of times, and then delete it, so don’t read it.
So, whoever is without sin here, let him be the first to throw a stone over there somewhere, and we will begin. The diagram of the shaitan machine will look like this:
Let's start by setting up the block responsible for TOR. Here we use a scheme that I have already described in previous posts.
Install the necessary packages:
# apt-get update
# aptitude install tor
After installing the packages, TOR works in SOCKS 5 proxy server mode and accepts connections on port 9050. If you have an application that works using the SOCKS protocol and needs an anonymous connection, then you can safely specify it in the connection parameters:
Protocol: socks5
Host: localhost
Port: 9050
If you try to configure Firefox to use SOCKS5-proxy and give it these parameters, you will receive the following message for any request:
It appears you have configured your web browser to use Tor as an HTTP proxy.
This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.
Please configure your client accordingly.
Firefox (as well as Chrome in principle) cannot work normally with a SOCKS proxy and they need another layer. Privoxy is used as this layer, and it is not only a proxy server, but also a filter that increases the level of your privacy. Let's install the package:
# aptitude install privoxy
Add the line to the /etc/privoxy/config file:
forward-socks5t/127.0.0.1:9050 .
This way we will redirect all requests to TOR. Privoxy accepts connections on port 8118.
To test functionality, add a connection to your browser settings using an HTTP proxy to the local host (127.0.0.1) and port 8118.
Restart Privoxy with the command:
# /etc/init.d/privoxy restart
Launch your browser and go to the website http://2ip.ru. Your IP address and country should be something random, not your ISP. For example like this:
If everything worked out for you, then you have successfully configured access to the TOR network and you can proceed with the settings. To access the Privoxy settings, enter http://config.privoxy.org/ or http://p.p/ in your browser, which will take you to the Privoxy management web interface:
You won’t be able to control much through the Web interface, and there’s not much to change there; in most cases, the default configuration will do.
Now we need to separate the wheat from the chaff and send calls to only a number of resources to the TOR network; for this we will use the Squid proxy server. As usual, install it with the command:
# aptitude install squid3
Our task, according to the presented scheme, is to configure the redirection of some requests to TOR (list of domains in the file /etc/squid3/redirect-to-tor.dat) and sending others to the provider’s network. Configuration file for such a scheme it will look like this:
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#List of domains to which requests are sent to TOR (Take from file)
acl redirect-to-tor dstdomain "/etc/squid3/redirect-to-tor.dat"
acl redirect-to-onion dstdomain .onion
#Settings where we send requests to TOR
cache_peer 127.0.0.1 parent 8118 0 no-query proxy-only default name=tor-proxy-01
never_direct allow redirect-to-tor
never_direct allow redirect-to-onion
always_direct allow all !redirect-to-tor !redirect-to-onion
# We prohibit caching of the web interface of privoxy and 2ip.ru (for tests)
acl disable-dom-cache dstdomain config.privoxy.org p.p 2ip.ru
cache deny disable-dom-cache
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3/
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
Please note that I have disabled caching of 2ip.ru and the privoxy web management interface. This was done for testing purposes and may be disabled in a real configuration.
List of files accessed from using TOR is located in the file /etc/squid3/redirect-to-tor.dat, the file looks like a regular list with line-by-line transfer:
config.privoxy.org
p.p.
2ip.ru
cinemazal.tv
rutracker.org
Configure the browser to use the squid proxy server on localhost (127.0.0.1) and port 3128 And that’s all.
Now we go to sites prohibited by Rospotrebnadzor via tor, and to regular ones directly. Well, as a bonus to the .onion network, naturally through TOR.