Method Posted August 9, 2009 Posted August 9, 2009 My skills are a work in progress. Here it is. I'm stuck at the hospital for the next two days. The free wifi here blows balls. Most of the websites I visit are blocked. Hak5 for "hacking", XBOX for "gaming", etc. I am on hak5 now only through a proxy server on ninjacloak.org. So while I am here I would like to play a little. What is the best way to get access to any website while here??? Thanks! Quote
taiyed14 Posted August 9, 2009 Posted August 9, 2009 looks like you're doing well with the proxy. Quote
digip Posted August 9, 2009 Posted August 9, 2009 Proxies work but you have to rely on the security of the proxy, and if someone who owns it sniffs everything people do, your screwed. SSH tunnels through another persons site or your own hosted site would a be better setup, or even VPN to your home machine. Quote
ls Posted August 9, 2009 Posted August 9, 2009 You could use jondo, it's also a proxy program but it's more secure than your average web proxy https://www.jondos.de/en/jondonym Quote
digininja Posted August 9, 2009 Posted August 9, 2009 Just to expand on what digip said, the login to this site is through http not https so if the owner of the proxy was sniffing traffic he now has your password for this site. Same goes for any site that doesn't use https for login. Even those that do use https for login but then revert to http will be sending the session cookie in plain text so that can be sniffed, ala wifizoo/hamster+ferret, and then reused. Only sites that are 100% https are safe. If you want to know more see Jay Beales talk on the Middler at the last Shmoocon. Very scary stuff! Quote
digininja Posted August 9, 2009 Posted August 9, 2009 Forgot to add, the defence against this is as digip says, tunnel securely through a trusted proxy. I have squid setup at home and whenever travelling I do an ssh tunnel through to home forwarding the port through to my local machine so all my web traffic gets sent over ssh to squid which then sends it out of my home ISP. The extra advantage of this is that you get things like search results in your native language. When I was in Peru last year I tried to book a flight from the UK to the US and without the proxy all the airline search systems only offered me flights out of either Peru or the US because of geo-location on my IP address. Enabled the tunnel and it was like I was sat at home. Quote
Method Posted August 9, 2009 Author Posted August 9, 2009 Forgot to add, the defence against this is as digip says, tunnel securely through a trusted proxy. I have squid setup at home and whenever travelling I do an ssh tunnel through to home forwarding the port through to my local machine so all my web traffic gets sent over ssh to squid which then sends it out of my home ISP. The extra advantage of this is that you get things like search results in your native language. When I was in Peru last year I tried to book a flight from the UK to the US and without the proxy all the airline search systems only offered me flights out of either Peru or the US because of geo-location on my IP address. Enabled the tunnel and it was like I was sat at home. All good stuff guys. Thanks! Quote
cykio Posted August 10, 2009 Posted August 10, 2009 @digininja Where in peru where ya? I was there last year with the gf, went out to galapogas , ecuador and peru for about 3 weeks Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.