10:23 AM
Connect Directly

Top 3 Tools For Busting Through Firewalls

Can't access a Web site thanks to employer or government censorship? Fortunately, there's a host of tools and techniques that can help you slip through the blockade. Here's an in-depth look at three of the best.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)

Installing Circumventor requires that you set up three different components in succession -- a copy of Perl (the language used for Circumventor's core scripts), the OpenSA Web server, and the Circumventor scripts themselves. The default Circumventor distribution is designed to be installed on Windows machines, but the core scripts can be run under Linux; they just have to be set up by hand.

Another way to make use of Circumventor without actually installing it is to use the StupidCensorship.com site. From there, a user can sign up for a mailing list that provides updates on public Circumventor sites, which change constantly. Since it's entirely likely that those who are in charge of managing block lists are themselves subscribed to the mailing list, users have to stay vigilant and try different proxies as they are added. The same site also works as a proxy itself, provided it's not blocked, and runs both PHProxy and Glype.

One point of concern about Circumventor: the software at the core of the project, CGIProxy, has not been updated since December 2008.


The Glype proxy has been created in the same spirit as Circumventor. It's installed on an unblocked computer, which the user then accesses to retrieve Web pages that are normally blocked. It's different from Circumventor in that it needs to be installed on a Web server running PHP, not just any old PC with Internet access. To that end, it's best for situations where a Web server is handy or the user knows how to set one up manually.

Setting up Glype itself is easy, though -- the admin unpacks the files into a folder on a Web server that supports PHP, and the rest is almost entirely self-configuring.

There are two basic ways to use Glype: as-is with minimal options, or with a configuration panel installed that lets you control a great many under-the-hood settings. The as-is version only lets you change a couple of basic options, such as whether or not to load cookies or embedded objects (e.g., Flash), or if the target URL or fetched pages should be encoded to avoid being intercepted by other filters. Most static Web pages -- e.g., Wikipedia, text-only news sites -- work fine without tinkering. If only one person is using Glype, this basic version should more than do the job.

The expanded options, though, typically come into play when setting up a Glype instance that's being used by others. Add the control panel -- which involves nothing more than uploading a few more pages to the Glype site -- and an admin can set policies on a great many things. The Glype instance can perform activity logging, local caching of retrieved Web pages, enforce load-limiting measures, add a footer to any retrieved document, block specific IP addresses, prevent direct hotlinking to proxied pages, or create unique URLs for each page visited, which increases privacy.

3 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/14/2014 | 8:06:39 PM
this really worcks yo have helped me get youtube back because my prents are sick of me watching kung fu panda and listening too dubstep
thancks again and do you have any other research sugjestions for hacking my firewall
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.