Bypassing Workplace Firewalls (to play poker!)

worthy9 · #1 04-18-2007, 07:13 PM

Introduction

Okay so a few days ago I posted a question about configuring Full Tilt to connect through a proxy server, as there is no way to do so within the program itself. I received no replies which implied to me that either nobody knows how to do this or nobody cares about me ([img]/images/graemlins/smirk.gif[/img]).

So, being the tenacious bastard that I am, I went ahead and figured out how to do this myself. Why should you care? Well, Billy, I'm glad you asked. See, those of us who aren't lucky enough to play poker professionally have to go to this magical (read: stifling) place called work. At work, there are computers with which to play poker on. Only (gasp!) the evil MIS personnel have set up firewalls and group security protocols so that employees can't play poker (or view inappropriate websites or download music, etc.). This is unacceptable. Who the hell are they to tell me what's impairing my productivity? The nerve of some people.

In any case, it took me awhile to figure out how to do this because FT doesn't allow for proxy servers in their configuration. You need a program that routes FT's connection to a proxy server. After a week's worth of searching I found a program that does this: Proxifier. Proxifier, in conjunction with Privoxy, will allow any program to bypass those pesky protocols and frustrating firewalls. Having tested this myself on an XP box from work, I will now share my discovery with 2+2ers thusly:

Walkthrough

First you're going to need two programs - Privoxy and Proxifier. Install them. DO IT NOW! You could really use any proxy server but this guide is written specifically with Privoxy in mind. As another side note, Proxifier is not freeware. It has a 30-day trial period. You have been warned. If anyone can point me in the direction of a free program that can accomplish the same goal of routing a program's connection to a proxy server, please PLEASE reply with a link or what have you. Once you have successfully installed both programs, run them. DO IT NOW!

The next step is to configure Proxifier. Privoxy should work just fine as it is. Open the main window for Proxifier. Select Options -> Proxy Settings from the drop-down menu at the top of the window. Click the 'Add' button on the right. Enter "127.0.0.1" for the IP address and "8118" for the port. Select the 'HTTP' radio button and click 'Okay'. You should see the new entry in the proxy server list. Click 'Okay'.

Now, as it is currently set, the program routes all TCP/IP traffic through Privoxy. If you're like me and would rather only have selected programs routed through Privoxy, you have to change some settings. To do this, select Options -> Proxification Rules from the drop-down menu. Select the "Proxify only the following + manually proxified" radio button and click 'Add' towards the bottom of the window. Name your new rule and then click 'Add' on the right-hand side. Find your application in the browser window and click 'Open'. You should now see that program listed in the applications box. Click 'Okay'. Your new rule should be set. Click 'Okay'.

Conclusion

…and I'm spent. This concludes our walkthrough of how to bypass workplace security without advanced knowledge of networking. This method is somewhat laggy (slow) so if your application takes a while to connect or refresh, be patient. Also, if you actually do what I've outlined above, you're probably breaking the rules of your workplace by doing so. I naturally take no responsibility for your actions. Accept some personal responsibility for god's sake. Anyway, hope you found this post constructive and have fun impairing your productivity.

buckslayer80 · #2 04-18-2007, 09:16 PM

Bypassing a company wide security protocol, that's a good career advancement move. Those protocols are in place for a reason. If your IT guys are any good they'll catch it.

SamIAm · #3 04-18-2007, 09:41 PM

I'm not a gambling addict. I'm actually pretty sure about this. Even still, it's hard to be confident of my own perspective on myself, so I try to make sure I don't do stuff that looks like a gambling addict.

Getting fired for gambling at work sure looks like a gambling addict.

I'm just sayin.
-Sam

P.S. That was a good write-up. Thanks for putting all the work into it.

LuckyTxGuy · #4 04-19-2007, 12:38 AM

I'll quote what I said on your other post like this one:
[ QUOTE ]
When IT finds out about this, it could get ugly.

[/ QUOTE ]

I agree with Buckslayer and Sam. No doubt bypassing filters can be done, but it's not wise, especially when you job, career and future could ride on it.

worthy9 · #5 04-19-2007, 08:16 AM

I completely agree with the posts advising against doing this. I'm not advocating this type of behavior. I'm just disseminating information. Please refer to the disclaimer.

I'm frankly surprised that this security hole exists. It'd be nice if this exploit came to light for something relatively harmless like internet poker and not for something truly malicious like data theft.

[ QUOTE ]
P.S. That was a good write-up. Thanks for putting all the work into it.

[/ QUOTE ]

Thanks for the props, Sam.

nuclear500 · #6 04-19-2007, 09:33 AM

It completely depends upon how your workplace has implemented its firewall(s) and filter(s). If its blocked at the firewall level due to an ACL, then this will simply not work.

If you are using a proxy for the Internet because thats the setting coming down via Group Policy (via eDir or AD) then yes, something like this would work. But if the proxy/filter is acting as your gateway for NAT (such as what can be done with MS ISA), then again you will not be able to get around it.

buckslayer80 · #7 04-19-2007, 12:24 PM

[ QUOTE ]
It completely depends upon how your workplace has implemented its firewall(s) and filter(s).

[/ QUOTE ]

Exactly. At the firewall level we can prevent anything we want to.

luckyjimm · #8 05-26-2007, 07:41 PM

I am a sick gambling addict but, you know what, I am glad I can't play poker at work. If I could, I wouldn't do any work. If I lost my job, I wouldn't be able to cover my gambling losses, and I'd be sleeping on the street in short time. So I am glad work is a gambling-free space (except for reading/posting to 2+2 which obv takes up eight hours a day).

Seriously why would you want to play poker at work? No PokerTracker, and constantly having to flick screens whenever a colleague walked over would suck. About the only occupation for which I could see it would make sense is security guard.

pvn · #9 05-27-2007, 11:49 AM

If you can ssh out of your network, you can get around any other firewall policies. There's an app called sockscap that acts as a wrapper around any arbitrary application and shoves that app's network connections through a SOCKS proxy connection. When you set up your ssh connection, you can start a dynamic port forwarding rule that acts like a faux SOCKS proxy. At that point, your arbitrary application is fully tunneled through the ssh connection.

luckyjimm · #10 05-27-2007, 04:02 PM

[ QUOTE ]
If you can ssh out of your network, you can get around any other firewall policies. There's an app called sockscap that acts as a wrapper around any arbitrary application and shoves that app's network connections through a SOCKS proxy connection. When you set up your ssh connection, you can start a dynamic port forwarding rule that acts like a faux SOCKS proxy. At that point, your arbitrary application is fully tunneled through the ssh connection.

[/ QUOTE ]

Did you make all this up? Is this a joke?