If your employer nixes non-work-related sites like Gmail, YouTube, and
Facebook, you could try bypassing the blocks with a public proxy -- but
those are typically blacklisted, too.
Here's how to forge your own detour:
Download the PHProxy program from
Sourceforge.net.
Unzip the file and upload the entire folder's contents to a Web
host that can run PHP scripts (GoDaddy and Dreamhost offer plans for
less than $10 a month).
Enter the host URL into your browser. When the proxy page pops up, type your actual destination into the blank address bar.
You're now free -- and free to poke away.
Connecting to a ssh server with your webbrowser
If your problem is the reverse (ssh is blocked but surfing is possible) then surf to Webbased SSH, that site allows you to use ssh in your browser (http by default, https if you want to keep your traffic secret).
Use an SSH Server on port 443
Your corporate proxy knows nothing about what goes on over
SSL/HTTPS connections. They simply allow any TCP connection to port 443
of any IP not blacklisted. So you run an SSH server on port 443 and
connect to that to tunnel all your real connections.
If you are using your home internet connection for this, simply
go into your router and port forward 443 to port 22 (the normal SSH
port) of your computer. If you have a Mac, turn on remote administrator
access in "sharing" and you'll be good to go. Or use a dedicated server
you may have hired at a colo; Linux firewall rules can forward port 443
to 22 also. If someone knows how to run an SSH server on Windows, please
add it here.
On a windows computer you can add OpenSSH and Cygwin, as it takes
quite a bit of information to create a seperate article will be
created. installing sshd on windows
On your work computer, find out the IP address of the proxy.
You'll likely find this in the connection settings for IE. You may have
to download the "PAC" file it references to work out the rules.
Download PuTTY. In "Connection", add the proxy you just
discovered as HTTP proxy. The proxy may require your username and
password, usually in "domain\user" form. Then in
"Connection>SSH>Tunnels" enter 8181 for source port, leave
destination empty and select the "Dynamic" radio button and click add.
Go back to "Session" and save this session.
Now try and open this session and see if you are in luck. If you are, you log into your server and the tunnel will be active.
Now all you need to do is change your browser to use
"localhost:8181" as SOCKS proxy. Stuck on a locked down IE? FireFox
installs just fine in your "Documents and Settings" folder without the
need to admin rights on your computer.
If the connection failed, it could be that your company use
Microsoft's proxy and it requires NTLM authentication, which PuTTY
doesn't provide. In that case, download "ntlmaps" which sits between
PuTTY and the proxy and takes care of the NTLM authentication.
This is not a step by step guide because the details will be
slightly different for everyone. Work it out and prove you are a geek!
Yes, it's a lot of work but I have never not been able to escape
the confines of any company, nor has any network security group detected
this was happening. YMMV!
Disclaimer
When executing this work around you are essentially creating a
back door into the company's network that is bypassing your companies
content policies. For those of you that feel comfortable doing that,
have at--but be aware of following sage advice.
If you work for a company that has industry regulated security
compliance standards, like PCI, or the company has its own security
polices, you could be putting your job/career at risk using this
technique. Employees at a variety of corporate venues both large and
small have been terminated for even a single breach of corporate content
policies. You may even be violating the law, particularly if you work
in the Banking or Defense industry. Read your company's employee
handbook, particularly those sections related to IT policies, before
pursuing any of the above work around.
Many companies log internet activity, and some have HTTPS
inspection. This means that your HTTPS (TCP 443) data is decrypted,
inspected, logged and re-encrypted by a firewall. Inspection of
decrypted port 443 traffic, typically blocks non-http traffic (e.g. SSH
over port 443) this renders such an attempt to bypass your companies
security, invalid. You can detect SSL inspection by browsing to a site
you trust and checking what certicate authority issued the certificate,
then viewing the same site at home. Some Cisco firewall, Forefront TMG,
and ISA (with addition of addons) offer this feature to your IT
department.
Even if its legal, even you found some loophole in the employee
handbook, even if you don't get caught by the company IT department, or
they are simply "asleep at the switch", and even you restrict your web
surfing to lunch time and breaks, you'll prove you are a geek all
right--and the loser who does nothing all day but look at
Facebook/EBay/etc. to any co-worker that happens to walk by your
computer the moment you browsing to a site they know you to which you
aren't suppose to have access.
You would be well advised to just surf from home and keep your
job, or get cell phone or other wireless device that has web-browsing
capabilities and head down to the local coffee shop to find out if your
grape harvest is ready in FarmVille.
