10:23 AM
Connect Directly

Top 3 Tools For Busting Through Firewalls

Can't access a Web site thanks to employer or government censorship? Fortunately, there's a host of tools and techniques that can help you slip through the blockade. Here's an in-depth look at three of the best.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)

Installing Circumventor requires that you set up three different components in succession -- a copy of Perl (the language used for Circumventor's core scripts), the OpenSA Web server, and the Circumventor scripts themselves. The default Circumventor distribution is designed to be installed on Windows machines, but the core scripts can be run under Linux; they just have to be set up by hand.

Another way to make use of Circumventor without actually installing it is to use the StupidCensorship.com site. From there, a user can sign up for a mailing list that provides updates on public Circumventor sites, which change constantly. Since it's entirely likely that those who are in charge of managing block lists are themselves subscribed to the mailing list, users have to stay vigilant and try different proxies as they are added. The same site also works as a proxy itself, provided it's not blocked, and runs both PHProxy and Glype.

One point of concern about Circumventor: the software at the core of the project, CGIProxy, has not been updated since December 2008.


The Glype proxy has been created in the same spirit as Circumventor. It's installed on an unblocked computer, which the user then accesses to retrieve Web pages that are normally blocked. It's different from Circumventor in that it needs to be installed on a Web server running PHP, not just any old PC with Internet access. To that end, it's best for situations where a Web server is handy or the user knows how to set one up manually.

Setting up Glype itself is easy, though -- the admin unpacks the files into a folder on a Web server that supports PHP, and the rest is almost entirely self-configuring.

There are two basic ways to use Glype: as-is with minimal options, or with a configuration panel installed that lets you control a great many under-the-hood settings. The as-is version only lets you change a couple of basic options, such as whether or not to load cookies or embedded objects (e.g., Flash), or if the target URL or fetched pages should be encoded to avoid being intercepted by other filters. Most static Web pages -- e.g., Wikipedia, text-only news sites -- work fine without tinkering. If only one person is using Glype, this basic version should more than do the job.

The expanded options, though, typically come into play when setting up a Glype instance that's being used by others. Add the control panel -- which involves nothing more than uploading a few more pages to the Glype site -- and an admin can set policies on a great many things. The Glype instance can perform activity logging, local caching of retrieved Web pages, enforce load-limiting measures, add a footer to any retrieved document, block specific IP addresses, prevent direct hotlinking to proxied pages, or create unique URLs for each page visited, which increases privacy.

3 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/14/2014 | 8:06:39 PM
this really worcks yo have helped me get youtube back because my prents are sick of me watching kung fu panda and listening too dubstep
thancks again and do you have any other research sugjestions for hacking my firewall
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.