iGFW

Web search:
http://f00ja79.co.tv/802k.php
http://q7mqo.qby.be/ond/

(2011年06月19日)

1. http://scot.tk/bypasscensors.htm
“1. Introduction

1.1 About Internet censorship
1.2 My reasons for writing this
1.3 How to get this file
1.4 License

2. Possible weaknesses

3. Different kinds of censorship

3.1 Blocked URL’s via the DNS-server
3.2 Forced proxy server / transparent proxy
3.3 Keyword filter
3.4 Blocked ports
3.5 Software on the client (child protection e.t.c)
3.5.1 NetNanny
3.5.2 CyberSitter
3.5.3 AOL Parental Control
3.5.4 CyberPatrol
3.5.5. SurfWatch / SurfControl
3.6 Censorware on the server (inside of networks)
3.6.1 Bess/N2H2
3.6.2 DansGuardian
3.6.3 WebSense
3.6.4 WebWasher
3.6.5 SmartFilter
3.6.6 squidGuard
3.7 Whitelist
3.8 IP blocking on the routers

4. Different ways to bypass censorship

4.1 Using a different ISP
4.2 Using a not censoring DNS-server
4.3 Using a non censoring proxy server
4.3.1 Standard proxy
4.3.2 Uncommon port proxy
4.3.3 Socks proxy
4.3.4 Set up an own proxy server
4.3.5 Special proxy / tunnel tools
4.3.5.1 JAP
4.3.5.2 Httport
4.3.5.3 Localproxy
4.3.5.4 HttpTunnel
4.3.5.5 Hopster
4.3.6 Wingates
4.3.7 Using a Shell
4.4 Using a Web-2-phone service
4.5 Using a webproxy
4.5.1 Standard cgiproxies
4.5.2 Cgiproxies with encrypted URL’s
4.5.3 Cgiproxies on a secure SSL-connection
4.5.4 Standard CECID proxies
4.5.5 CECID proxies on a secure SSL-connection
4.5.6 Translators, warpers, e.t.c that can be used as a proxy
4.6 Get Webpages via eMail
4.7 Using steganography
4.7.1 Camera/Shy
4.8 Using a special proxy like peer-2-peer program
4.8.1 Peek a Booty
4.8.2 Freenet
4.8.3 MojoNation
4.8.4 TriangleBoy
4.8.5 Six/Four
4.8.6 Freenet China
4.8.7 Entropy
4.9 Special Services
4.9.1 Usenet
4.9.2 Games
4.9.3 FTP
4.9.4 Instant Messenger
4.9.4.1 ICQ
4.9.4.2 MSN Messenger
4.9.4.3 AIM
4.9.4.4 Yahoo Messenger
4.9.5 Filesharing Programs

5. Howto publish information

6. Appendix

6.1 Links
6.1.1 Other bypass tutorials
6.1.2 Other sites about censorship
6.1.3 Where to get proxies

……………………………………………………………………….”

2.https://www.youtube.com/watch?v=oiuEzb_Jv9U

(node-tls-proxy — 在Node.js上架设一个HTTP [S]代理路由所有HTTP流量安全地访问外部网络)

https://forum.eviloctal.com/thread-23893-1-1.html
http://sshwindows.sourceforge.net/
http://www.openssh.com/
http://sourceforge.net/search/?type_of_search=soft&words=openssh
http://sourceforge.net/projects/sshwindows/

(node-tls-proxy — 在Node.js上架设一个HTTP [S]代理路由所有HTTP流量安全地访问外部网络)

http://think-security.com/ip-over-dns/
“IP over DNS
By gmoskov, on September 5th, 2010
Sometimes while you are performing a penetration test, you need to break out from a supposedly isolated network like an internal VLAN in a bank, or a process network full of SCADA equipment. Such networks should be completely isolated from the Internet, so there is no chance that someone who has network access can implant a backdoor and either sneak out information or allow access from the outside. This article demonstrates how the often overlooked DNS service can be used to build a covert channel and why when you configure an isolated network, you shouldn’t allow even name resolution of external hosts. To demonstrate this we will use both the NSTX and Iodine tunnels to build a dns tunnel and bypass the potential firewall restrictions.
Scenario 1
A great tool to demonstrate this idea is NSTX. It allows you to tunnel IP packets inside DNS queries, thus bypassing all firewall restrictions. Experience shows that almost any network will have access to DNS servers and also most DNS servers by default have forwarders enabled. This will be your gateway to the Internet, provided that you have a domain name that is controlled by you and a server with a valid external IP address, that is currently not running DNS.
The magic that makes the whole thing work is a subdomain whose control is delegated to your server which will be running the NSTX daemon. The following BIND configuration lines demonstrate this:
$ORIGIN tunnel.example.com.
@ IN NS ns.tunnel.example.com.
ns IN A 1.2.3.4
These configure the DNS server to forward all DNS queries for the records in tunnel.example.com to the DNS server (NSTX daemon) located on IP address 1.2.3.4. This way all queries for hosts like test.tunnel.example.com will be forwarded to your NSTX daemon running at 1.2.3.4. As you might have already guessed, the actual host request that is sent to the NSTX daemon is a Base64 encoded part of an IP packet. Just as the TXT record that you receive in reply.
For the actual implementation we’ll assume that you using a Debian or Ubuntu distribution. You need to install the nstx package, which can be achieved with the following command:
$ sudo apt-get install nstx
Then you’ll have to add the following lines in /etc/network/interfaces on the server:
iface tun0 inet static
address 10.0.0.1
pointopoint 10.0.0.2
netmask 255.255.255.255
mtu 512
Swap the IP addresses when you modify /etc/network/interfaces on the client machine:
iface tun0 inet static
address 10.0.0.2
pointopoint 10.0.0.1
netmask 255.255.255.255
mtu 512
This will ensure that one the NSTX tunnel is up, you’ll have 10.0.0.1 on the server and 10.0.0.2 on the client side. You might tweak the mtu parameter for better performance, but with 512 bytes you should be fine.
The next thing that you’ll need to do is to modify /etc/defaults/nstx. On the server make sure that the following entries are uncommented:
NSTX_DOMAIN=”tunnel.example.com”
start_nstxd=yes
ifup_tun=tun0
And on the client side:
NSTX_DOMAIN=”tunnel.example.com”
start_nstxcd=yes
ifup_tun=tun0
And that’s it! When you start the NSTX daemon on the server:
$ sudo /etc/init.d/nstxd start
… and on the client …
$ sudo /etc/init.d/nstxcd start
… you should see a tunnel interface called tun0 that is up on both machines and you should be able to ping 10.0.0.1 from the client. From there you might want to enable NAT on your server and allow packets to be routed through it, but as this is a trivial task, I guess you can figure that out by yourself.
Scenario 2
Now, after you have already understood the principle of operation and the low level approach, we present you the easy way of digging DNS tunnels – by using iodine. Compared to NSTX, iodine has the following advantages:
Higher performance
iodine uses the NULL type that allows the downstream data to be sent without encoding. Each DNS reply can contain over a kilobyte of compressed payload data.
Portability
iodine runs on many different UNIX-like systems as well as on Win32. Tunnels can be set up between two hosts no matter their endianness or operating system.
Security
iodine uses challenge-response login secured by MD5 hash. It also filters out any packets not coming from the IP used when logging in.
Less setup
iodine handles setting IP number on interfaces automatically, and up to 16 users can share one server at the same time. Packet size is automatically probed for maximum downstream throughput.
Even though Iodine is much easier to use and it has clients for Windows, it seems that it is not that reliable as NSTX, as NSTX works in some networks where Iodine fails. This has probably something to do with the different types of DNS queries that are used by those two applications.
The immediately obvious advantages are the Windows client, the password protection and the much easier setup process. As iodine comes bundled in most Debian distributions, you can just install it using apt-get, or you can grab the latest stable Windows packages from here. Please refer to the README for some explanation on the usage.
Mitigation
The mitigation couldn’t be easier – just don’t allow access from an isolated network to a DNS server which has forwarders enabled.
Internal Network, Pentest Articles bypass firewall, covert channel, dns tunnel, iodine, ip over dns, NSTX, nstx tunnel
« DHCP starvation – quick and dirty
DTP – Share it »”

(node-tls-proxy — 在Node.js上架设一个HTTP [S]代理路由所有HTTP流量安全地访问外部网络)

http://forum.innobuzz.in/showthread.php?tid=333
“” AND IN THE LAST I WANT TO SHARE MY SECRET TRICK WITH YOU IF ANY OF THE ABOVE TRICK’S DOES NOT WORK THEN TRY THIS THIS CAN BYPASS ANY STRONG INTERNET FILTER AND FIREWALL ……….. ”
Suppose ,
Someone is trying to access http://www.myspace.com .Then render http://www.mysapce.com to a decimal address :-
1) first get its IP address (216.178.39.74), by pinging the name (if you have a direct internet connection) or if you only have access via a web proxy then find it out by using a networking website like http://www.network-tools.com
2) start your PC’s calculator, and change it to scientific mode (using the “View” menu)
3) enter each of the four IP octets, one by one, converting them to binary (enter number and click on the “Bin” radio button)
Thus 216.178.39.74 becomes
216 = 11011000
178 = 10110010
39 = 00100111
74 = 01001010
Notice how any binary numbers less than 8 digits long have had leading zeroes added to pad them out.
Reassembled into IP address order, you get
11011000.10110010.00100111.01001010
4) Remove the dots, so you get one huge line of binary, thus: 11011000101100100010011101001010
5) Copy this binary string and paste this to your web browser then press enter …………………….. ( after pasting this string if site does not open then add the hypertext protocol prefix ” http:// ” in the beginning of that binary string )
So here we are done try any of the trick and enjoy ………………………………
Hey wait i have forget to say this simple trick first try this if this trick does not work then go for number 1 trick which i have mentioned above
So for doing this add ” s ” in your hypertext protocol for example https:// then enter your website url and press enter
i.e – https://
for example = ” https://www.orkut.com ”
Now we are complete now you can try these trick ………………. Big Grin”

(node-tls-proxy — 在Node.js上架设一个HTTP [S]代理路由所有HTTP流量安全地访问外部网络)

win用户压力很大……翻墙技术很大部分都是从L开发的……