What is Bypassing Firewall??
Introduction:
Firewall may be a hardware or software that blocks incoming or outgoing traffic through a network. It acts as a wall between the internal and external network.
Reason to bypass firewall:
In school, college, company’s etc. we are not allowed to access certain ports/services/websites as they are may be blocked by the firewall. Hence, in order to access them the firewall needs to be bypassed.
Methods for bypassing:
1. Outbound Bypassing: Tunnelling through HTTP Proxies:
· To check if there are any proxies in your browser:
Open the Advanced Tab in the browser
Locate network
Proxy settings window appears
Check for any proxy in the browser.
· There are two types of HTTP Proxies:
HTTP Proxy:
Uses HTTP CONNECT that opens a private tunnel for the browser to use
Easier to bypass as there is no content inspection of the HTTPS and we can create a good tunnel witl HTTP Tunnel
HTTPS Proxy:
Does full proxy of the HTTPS protocol
There is no end to end encryption between the client and the server
The encryption breaks in between , and hence the firewall/ censoring device is able to filter based on contents
Working:
A certificate is placed on the browser of the client
Whenever the Browser tries to connect to the server, it first creates an SSL connection to the proxy
And here the connection gets broken
Filtering takes place
A second SSL tunnel is creates to the final destination
Hence, to view all the data of the server, there needs to be a certificate on the client side.
But, there are many tools to bypass this.
· Tools for Bypassing:
Corkscrew
Proxy Tunnel
HTTP Tunnel
Barba Tunnel Monitor
Super Network Tunnel
2. Outbound Bypassing –Port Sharing and Knocking
· Sometimes when we are being censored the one censoring will do active probing to determine where you are going or where you are coming from to make sure that you are genuine
· Example:
o If a data is passed through openVPN through UDP port 53 on the firewall because the port is open onto the openVPN Server , The administrator can easily notice if they look at the traffic and it doesn’t look anything like DNS Request. There would be far too much traffic that will be going over that UDP connection than would be normal for the DNS Request. If the administrator of the firewall probes the openVPN server that is being connected to, then he would be able to see that it’s an OpenVPN server and it is obvious that the firewall is being bypassed
o Another example: Maybe the destination is blocking the VPN and if the destination sees the request is coming from the VPN server it will block the IP Address.
· One way to confuse probing is using PORT SHARING
· Port sharing means running multiple services on the same port. In this example we can run HTTPS, SSH and OpenVPN all on the same server
· Ways to implement Port Sharing
sslh
Sslh is an Application protocol multiplexer
Free open source
Accepts connection in HTTP, HTTPS, TINC, SSH, OPENVNCetc.
Command in debian:
· Aptitude search sslh
· Port share command:
o Feature of openvpn
o Making the webserver listen on different port
· Port Knocking
Send the server a special request of character that may allow you to access certain service.
3. Outbound Bypassing –Cloaking and Obfuscating
· These techniques perform deep packet inspection
· They are designed to encrypt the traffic to evade content filters and alter the traffic so it looks like allowable traffic
· STUNNEL: It is Proxy designed TLS encryption to existing client and server without making any changes to the code of the program
· The client and the server should both have the stunnel software running on their systems.
· In the above diagram stunnel is used to wrap the traffic we want to send out of the firewall. We wrap the VPN traffic into stunnel to bypass the it so that it becomes genuine as SSL/TLS traffic is a trusted one.
· Other Tools that can be used:
o Psiphon
o Cabbage router
o Dnscat2- to send DNS Traffic over DNS port to bypass the firewall ( DNS Tunnelling )
4. Outbound Bypassing -Remote Login — VNC and RDP
· Remote logon tools can be used to bypass the firewall
· The remote logon tools connects directly to a port that is running on the server
· So it will have to go straight through the firewall out to what is connecting to remotely
· Example:
o VNC
§ Port number : 5900, 5800 needs to be connected to those who need to go through the firewall
o RDP
Port number : TCP port 3389 and UDP port 3389
5. Inbound Bypassing — Reverse Shell, SSH remote tunnelling and remote login
· Sometimes we are outside a network and want go inside a network through a firewall such as the internet
· Eg. In an office network , a private network such as a school or university where we are not able to change the rules
· It isn’t a problem as long as we can run some code on a machine that is within the network
· Then we can communicate to this from even when inbound connections are blocked
· We will require outbound connections to work through port 80 and 443
· Something needs to be allowed out when connections aren’t allowed through the firewall in one direction
· We instead use the connections that are allowed opposite way in order to create reverse connections
· Many remote access tools such as Team viewer and log me in use this reverse connection technique in order to provide with remote administration of your devices that are behind the networks and Network Address Translations
· Reverse connections will also bypass NAT
· We can also initiate a reverse connection
o SSH remote port forwarding
o Using netcat (nc) tool
o Using python
If you liked the story and want to appreciate us you can clap as much as you can. Appreciate our work by your constructive comment and also you can connect to us on….
Youtube: https://www.youtube.com/channel/SocietyOFAI
LinkedIn : https://www.linkedin.com/company/society-of-ai
Facebook: https://www.facebook.com/societyofai/
Website : https://www.societyofai.in/