By-Pass Proxy Server

Is there a program or a way to by-pass a proxy server?

This is not to be malicious. I have a proxy server installed but somehow a guy keeps getting around it. He said it is a small program he installed that makes his machine at work act like it is connected to his PC at home and using the macine to get to thr outside world.

I know some smartie pants will say ask him

but he is out on long term disability. This is my helper and he said he could get around a proxy if I installed one. Sure enough that rascal did.

Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Smallguy

we used jsut change the proxy address... I assume you've modifeid it through a group policy so users can't change it.

I also rember there was a website we could et ot that allowed us ot enter in the url and surf thorugh the site.

I did a goolge search and came up with a few apps I searched on "programs to bypass proxy server"

the first is is an app called proxifier which form the description looks finefor what he is doing(I read the descriptino quickly not throughly)

it is probably an app in the first few hits....Id'd jsut log inot his machine and look at what he installed....reset his apssword and log on if u have to thne disalbe his account since he is on LTD.

depending on your environment it mgiht be a good to only alow users to install approved software using a policy...not sure on your security requirements

malcybood

He may have just done it in Internet Explorer or the program may have just added an exception to bypass the proxy for www*?

Internet Options - Connections - LAN Settings - Proxy Server (Click Advanced) check the exceptions list for www*

Or

Same as above and just unchecked the Proxy activation box in Lan Settings - Proxy Server

You can get a program called "Proxy Pal" that switches the proxies on and off with one double for on the one double click for off, no install reqired just an exe file. He may have downloaded something along the lines of this?

You can check his profile by doing the following:

- Login to his machine as administrator
- Start - Run - control userpasswords2
- select his username and change his workstation password
- set him as admin account on machine
- check the above IE settings and for "Proxy programs" on the desktop
- after you've checked it out change him back to power user (or whatever he is set as)

Even if he doesnt have rights to install a program, if it is just an .exe file or a html script then he doesn't need to install it. We get around this by only giving IT staff rights to download files from the internet but allow them to download from Intranet but it depends on your business needs wether you do this or not.

We block it on our firewall (border manager) server for power users (all company users except IT staff) and it saves the mischeivous ones from downloading any old thing! For the record our network is 2500 users and probably 45 have rights to download files from the net.

We also set organisational policies to only show the "General and Privacy" tabs in Internet options so the users can't simply click the proxy server to be bypassed as mentioned at the top of my post.

Hope this helps man but just some food for thought and is what I've found in my experience.

Cheers

Malc

JDMurray

It's a program that allows him to tunnel network traffic through ports 80 or 443. The one I use is ProxyCap (http://proxylabs.netwu.com/). Many remote access products (e.g., GoToMyPC) also "bypass" corporate firewalls and proxies using this same method.

Silver Bullet

jdmurray wrote:

It's a program that allows him to tunnel network traffic through ports 80 or 443. The one I use is ProxyCap (http://proxylabs.netwu.com/). Many remote access products (e.g., GoToMyPC) also "bypass" corporate firewalls and proxies using this same method.

That is interesting but wouldn't ACL's on the router prohibit this type of activity? In this scenario I would think blocking internet to the hosts and permitting traffic to the proxy server through router's ACLs would force all internet traffic to go through the proxy or not at all and would resolve this problem.

JDMurray

If a Web browser on the hosts can get out to the Internet through the proxy over ports 80 and 443 then any other network application can too. Unless you disallow traffic over these ports by deep scanning the payload of each ingress packet for illegal traffic (e.g., remote access, IM, P2P, etc.) the ACLs won't make a difference.

jescab

Thanks guys. This is all good stuff I need toread.