What is Bypassing Firewall??

Introduction:

Firewall may be a hardware or software that blocks incoming or outgoing traffic through a network. It acts as a wall between the internal and external network.

Reason to bypass firewall:

In school, college, company’s etc. we are not allowed to access certain ports/services/websites as they are may be blocked by the firewall. Hence, in order to access them the firewall needs to be bypassed.

Methods for bypassing:

1. Outbound Bypassing: Tunnelling through HTTP Proxies:

· To check if there are any proxies in your browser:

Open the Advanced Tab in the browser

Locate network

Proxy settings window appears

Check for any proxy in the browser.

· There are two types of HTTP Proxies:

HTTP Proxy:

Uses HTTP CONNECT that opens a private tunnel for the browser to use

Easier to bypass as there is no content inspection of the HTTPS and we can create a good tunnel witl HTTP Tunnel

Firewall/Censoring Device

HTTPS Proxy:

Does full proxy of the HTTPS protocol

There is no end to end encryption between the client and the server

The encryption breaks in between , and hence the firewall/ censoring device is able to filter based on contents

Working:

A certificate is placed on the browser of the client

Whenever the Browser tries to connect to the server, it first creates an SSL connection to the proxy

And here the connection gets broken

Filtering takes place

A second SSL tunnel is creates to the final destination

Hence, to view all the data of the server, there needs to be a certificate on the client side.

But, there are many tools to bypass this.

· Tools for Bypassing:

Corkscrew

Proxy Tunnel

HTTP Tunnel

Barba Tunnel Monitor

Super Network Tunnel

2. Outbound Bypassing –Port Sharing and Knocking

· Sometimes when we are being censored the one censoring will do active probing to determine where you are going or where you are coming from to make sure that you are genuine

· Example:

o If a data is passed through openVPN through UDP port 53 on the firewall because the port is open onto the openVPN Server , The administrator can easily notice if they look at the traffic and it doesn’t look anything like DNS Request. There would be far too much traffic that will be going over that UDP connection than would be normal for the DNS Request. If the administrator of the firewall probes the openVPN server that is being connected to, then he would be able to see that it’s an OpenVPN server and it is obvious that the firewall is being bypassed

o Another example: Maybe the destination is blocking the VPN and if the destination sees the request is coming from the VPN server it will block the IP Address.

· One way to confuse probing is using PORT SHARING

· Port sharing means running multiple services on the same port. In this example we can run HTTPS, SSH and OpenVPN all on the same server

· Ways to implement Port Sharing

sslh

Sslh is an Application protocol multiplexer

Free open source

Accepts connection in HTTP, HTTPS, TINC, SSH, OPENVNCetc.

Command in debian:

· Aptitude search sslh

· Port share command:

o Feature of openvpn

o Making the webserver listen on different port

· Port Knocking

Send the server a special request of character that may allow you to access certain service.

3. Outbound Bypassing –Cloaking and Obfuscating

· These techniques perform deep packet inspection

· They are designed to encrypt the traffic to evade content filters and alter the traffic so it looks like allowable traffic

· STUNNEL: It is Proxy designed TLS encryption to existing client and server without making any changes to the code of the program

· The client and the server should both have the stunnel software running on their systems.

· In the above diagram stunnel is used to wrap the traffic we want to send out of the firewall. We wrap the VPN traffic into stunnel to bypass the it so that it becomes genuine as SSL/TLS traffic is a trusted one.

· Other Tools that can be used:

o Psiphon

o Cabbage router

o Dnscat2- to send DNS Traffic over DNS port to bypass the firewall ( DNS Tunnelling )

4. Outbound Bypassing -Remote Login — VNC and RDP

· Remote logon tools can be used to bypass the firewall

· The remote logon tools connects directly to a port that is running on the server

· So it will have to go straight through the firewall out to what is connecting to remotely

· Example:

o VNC

§ Port number : 5900, 5800 needs to be connected to those who need to go through the firewall

o RDP

Port number : TCP port 3389 and UDP port 3389

Firewall/Censoring Device

5. Inbound Bypassing — Reverse Shell, SSH remote tunnelling and remote login

· Sometimes we are outside a network and want go inside a network through a firewall such as the internet

· Eg. In an office network , a private network such as a school or university where we are not able to change the rules

· It isn’t a problem as long as we can run some code on a machine that is within the network

· Then we can communicate to this from even when inbound connections are blocked

· We will require outbound connections to work through port 80 and 443

· Something needs to be allowed out when connections aren’t allowed through the firewall in one direction

· We instead use the connections that are allowed opposite way in order to create reverse connections

· Many remote access tools such as Team viewer and log me in use this reverse connection technique in order to provide with remote administration of your devices that are behind the networks and Network Address Translations

· Reverse connections will also bypass NAT

· We can also initiate a reverse connection

o SSH remote port forwarding

o Using netcat (nc) tool

o Using python

If you liked the story and want to appreciate us you can clap as much as you can. Appreciate our work by your constructive comment and also you can connect to us on….

Youtube: https://www.youtube.com/channel/SocietyOFAI

LinkedIn : https://www.linkedin.com/company/society-of-ai

Facebook: https://www.facebook.com/societyofai/

Website : https://www.societyofai.in/

--

--

Society of AI has an vision to educate people how Artificial Intelligence can change their life!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Society of AI

Society of AI has an vision to educate people how Artificial Intelligence can change their life!