Jump to content

Breaking out...

Method

By Method
in Security

 Share

Recommended Posts

Method Newbie

Method

Posted
Posted

My skills are a work in progress. Here it is. I'm stuck at the hospital for the next two days. The free wifi here blows balls. Most of the websites I visit are blocked. Hak5 for "hacking", XBOX for "gaming", etc.

I am on hak5 now only through a proxy server on ninjacloak.org. So while I am here I would like to play a little. What is the best way to get access to any website while here???

Thanks!

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Proxies work but you have to rely on the security of the proxy, and if someone who owns it sniffs everything people do, your screwed. SSH tunnels through another persons site or your own hosted site would a be better setup, or even VPN to your home machine.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

Just to expand on what digip said, the login to this site is through http not https so if the owner of the proxy was sniffing traffic he now has your password for this site. Same goes for any site that doesn't use https for login.

Even those that do use https for login but then revert to http will be sending the session cookie in plain text so that can be sniffed, ala wifizoo/hamster+ferret, and then reused. Only sites that are 100% https are safe.

If you want to know more see Jay Beales talk on the Middler at the last Shmoocon. Very scary stuff!

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

Forgot to add, the defence against this is as digip says, tunnel securely through a trusted proxy. I have squid setup at home and whenever travelling I do an ssh tunnel through to home forwarding the port through to my local machine so all my web traffic gets sent over ssh to squid which then sends it out of my home ISP.

The extra advantage of this is that you get things like search results in your native language. When I was in Peru last year I tried to book a flight from the UK to the US and without the proxy all the airline search systems only offered me flights out of either Peru or the US because of geo-location on my IP address. Enabled the tunnel and it was like I was sat at home.

Link to comment
Share on other sites
Method Newbie

Method

Posted
  • Author
Posted
Forgot to add, the defence against this is as digip says, tunnel securely through a trusted proxy. I have squid setup at home and whenever travelling I do an ssh tunnel through to home forwarding the port through to my local machine so all my web traffic gets sent over ssh to squid which then sends it out of my home ISP.

The extra advantage of this is that you get things like search results in your native language. When I was in Peru last year I tried to book a flight from the UK to the US and without the proxy all the airline search systems only offered me flights out of either Peru or the US because of geo-location on my IP address. Enabled the tunnel and it was like I was sat at home.

All good stuff guys. Thanks!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...