Jump to content

Bypassing Safe Connect


aC23
 Share

Recommended Posts

Recently, my school implemented this service called SafeConnect, which enforces security policies by checking that the computer has up-to-date Anti-virus software running and also that it has any required operating system patches. We were forced to download and install the client, which will harass you about not having an anti-virus solution by opening up your browser ever couple of minutes. If one does not install the client, one cannot access the Internet.

My computer is always up to date, it is the anti-virus which I refuse to download and install (they give it to us for free). I haven't used an anti-virus in years, and I generally don't need one as it is just a resource hog and an annoyance to me.

My question is, is there a way to bypass these annoying browser messages? They are especially irritating seeing as they open up during full-screen activities. I've tried adding the site it navigates to to the hosts file, to no avail.

The site it navigates is something like http://*******.edu:8008/clientStatus.!^

I've been thinking of blocking traffic from port 8008, but I don't want to block legitimate traffic as well.

Can anyone think of a way I can stop these alerts from popping up (preferably without having to download any 3rd party solutions, as that would defeat the purpose and I might as well just give in and download the anti-virus)

I connect through a port in my dorm room, so I don't have access to any networking equipment. I've also tried asking the admins but they won't listen.

Link to comment
Share on other sites

Get a shitty old computuer with the client on it, and use ICS to pass the connection through to a "clean" machine. Also, might be worth looking at AV clients again now your on a edu network, those things have all that protection on them because every year a bus load of kids with the same ideas about AV clients turn up and get infected.

Link to comment
Share on other sites

I don't normally condone hacking schools, but I hate when they make you install software on your own pc that you may not agree with, or even trust. Use at your own risk, as you could possibly get expelled for any tampering of their network. - but - assuming college and your own pc and not highschool with their equipment -

There should be a way to write a script to bypass it using the pcap library or similar and some paket-fu, like capture some packets, debug what it is that it sends back and forth, then find a way to forge good replies, sort of like a packet catcher and reply app that makes the schools server think that you are not only up to date, but running the app itself. Then, once the program does all the swapping of info, you can surf normally while the app handles/listens for requests from the schools server in the background and replies with good info.

At my work, they use McAfee Antivirus, and I hate it to no end and will not run it on my own machine, but if I used their laptops, I would have no choice. I prefer Kaspersky and ZoneAlarm as my anti-virus and firewall, as McAfee has more holes than swiss cheese and in my opinion as good as Norton(which is also shit). I can't tell you how many times I fixed a machine that had either McAfee or Norton on there, and still ended up getting infected or corrupted by malware.

If they want their network protected, it should be from their network security on the lan itself. Not just relying on the end users to be sage surfers. Someone always manages to get infected, so they need to secure the network from normal users anyway. Blocked ports, IDS, Strict Firewall rules and Proxification, blocked site lists and all traffic should be scanned and filtered for certain file types and protocols, like exe's, rar, zips, etc, with only privledged users given access to download certian file types. My work blocks tons of things, including video, email(third party like gmail or yahoo, etc, not internal corporate stuff), instant messaging, vpn, vnc, rdp, and ssh(although there are seperate IT users with logins for privledges to other network protocols, they are on a different lan segment, where as normal lan users are restricted in a locked down desktop environment with bare minimum internet access for job related work only).

Link to comment
Share on other sites

You could block the site in parental controls in IE and FF.

FF doesn't have built-in parental controls...I tried 2 add-ons though, and while they block the site, the browser still opens a new window/tab, which doesn't help.

Get a shitty old computuer with the client on it, and use ICS to pass the connection through to a "clean" machine. Also, might be worth looking at AV clients again now your on a edu network, those things have all that protection on them because every year a bus load of kids with the same ideas about AV clients turn up and get infected.

I don't have a second NIC to do that.

This is my 4th year on campus and I never needed an AV, I see no reason to start using one now.

digip: thanks for the info. I'll look into such a script

Link to comment
Share on other sites

Get a shitty old computuer with the client on it, and use ICS to pass the connection through to a "clean" machine. Also, might be worth looking at AV clients again now your on a edu network, those things have all that protection on them because every year a bus load of kids with the same ideas about AV clients turn up and get infected.

Thats almost what I ended up doing to get past the clean access agent. Instead I bought a router and since its fingerprinting the router, and not my computer, its not recognized as a windows OS and would let me log in... thats before i moved to linux.

Link to comment
Share on other sites

  • 3 weeks later...

Safe Connect uses user-agent identification to allow access. They do not have a Linux or iPhone version, so the best way to defeat them is to attempt to browse the internet using a falsified user-agent string. It takes a few tries, but usually works.

You can do one of two options:

- Download the Firefox User-Agent Switcher Addon and find an up-to-date Linux or iPhone user-agent to fake as.

- Or run a quick program I wrote: here

Either way, I have a tutorial and breakdown on how to bypass Safe Connect at that website along with links to the Firefox User-Agent Switcher if you want to go that route.

Link: http://www.stjohnjohnson.com/projects/safe-connect-bypass

By the way, this works at my college, but I'm not sure about what restrictions they have at your school. iPhone may not work. If that is the case: use the user-agent switcher to find a Linux version that does, post it here, and I'll update the program with that string.

Link to comment
Share on other sites

Safe Connect uses user-agent identification to allow access. They do not have a Linux or iPhone version, so the best way to defeat them is to attempt to browse the internet using a falsified user-agent string. It takes a few tries, but usually works.

You can do one of two options:

- Download the Firefox User-Agent Switcher Addon and find an up-to-date Linux or iPhone user-agent to fake as.

- Or run a quick program I wrote: here

Either way, I have a tutorial and breakdown on how to bypass Safe Connect at that website along with links to the Firefox User-Agent Switcher if you want to go that route.

Link: http://www.stjohnjohnson.com/projects/safe-connect-bypass

By the way, this works at my college, but I'm not sure about what restrictions they have at your school. iPhone may not work. If that is the case: use the user-agent switcher to find a Linux version that does, post it here, and I'll update the program with that string.

I tried out your program. In the systray, a balloon shows up saying "Bypass complete" and then the icon disappears. The annoying warning message still appears though, so I guess it didn't work.

I installed the user agent addon and changed my user string to the Iphone one. Still waiting to see if it works...one question though: I'd have to be using that user-agent all the time in order to prevent the messages from popping up, right?

Edit: I tried both the iPhone user agent string and Firefox 3.0 running on Ubuntu. Neither worked

Link to comment
Share on other sites

  • 10 months later...

I know this is an ancient topic, and I'm sorry for digging it up, but since it's unsolved (and presently the very first result in Google for "bypass safeconnect"), I figure I'd share my working solution.

http://digg.com/security/Bypass_Safeconnec...e_of_New_Jersey

SafeConnect identifies your computer using a combination of user-agent and TCP/IP fingerprinting. In order to bypass it, you must fool both of these detection methods. Enjoy your spyware-free internet.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...