There may be many restrictions on LAN Internet users now, such as not being able to access some websites, not being able to play certain games, not being able to access MSN, port restrictions, etc., which are generally restricted by software on proxy servers, such as ISA Server 2004, which is the most talked about now, or filtering through hardware firewalls. Let’s talk about how to break through the restrictions, and we need to explain the restrictions accordingly:
1. Simply restrict some websites from accessing, and online games (such as Lianzhong) cannot be played. This type of restriction generally limits the IP address to be accessed.
This type of limitation is easy to break through, just use an ordinary HTTP proxy, or SOCKS proxy is also possible. It is still easy to find HTTP proxy online now, and you can catch a lot of them. Adding an HTTP proxy to IE allows you to easily access the destination website.
2. Restrict certain protocols, such as FTP cannot be used, and the server-side IP addresses of some online games are restricted, and these games do not support ordinary HTTP proxy.
In this case, you can use the SOCKS proxy, cooperate with the Sockscap32 software, add the software to SOCKSCAP32 and access it through the SOCKS proxy. General programs can break through limits. For some games, you can consider the Permeo Security Driver software. If even SOCKS is restricted, you can use socks2http, not even HTTP is restricted.
3. Restrictions based on packet filtering, or some keywords are prohibited. This type of limitation is relatively strong, and it is generally filtered through proxy servers or hardware firewalls. For example: MSN is prohibited through ISA Server 2004 and packet filtering is done. This type of limitation is difficult to break through, and ordinary agents cannot break through the limitation.
Because this type of limitation is used to filter out keywords, it is necessary to use an encryption proxy, that is, the data stream of the HTTP or SOCKS proxy in the middle is encrypted, such as springboard, SSSO, FLAT, etc. As long as the proxy is encrypted, it can be broken. With these software combined with Sockscap32, MSN can be used. Such restrictions don't work.
4. Port-based restrictions limit certain ports. The most extreme situation is that only port 80 can access, so you can only view the web page, and even OUTLOOK receiving messages and FTP are restricted. Of course, for limiting several special ports, the breakthrough principle is the same.
This limitation can be broken through the following methods:
1. Find a proxy for the normal HTTP80 port, 12.34.56.78:80. For example, if you use socks2http, replace the HTTP proxy with SOCKS proxy, and then cooperate with SocksCap32, it will be easy to break through. This type of breakthrough method is not encrypted. All software also has this function.
2. Use FLAT software similar to it and cooperate with SocksCap32. However, it is best to use the FLAT proxy to be 80 port. Of course, it doesn’t matter if it is not 80 port, because FLAT also supports access through ordinary HTTP proxy. If it is not 80 port, you need to add another 80 port HTTP proxy. This kind of breakthrough method is used to encrypt the proxy in the middle, and the network administrator does not know what the data is used to encrypt the middle. A proxy springboard can also be done, but the proxy still needs port 80. For the 80 port limit, some port conversion technologies can also be used to break through the limit.
5. Some of the above restrictions include restricted IP, restricted keywords, such as blocking MSN, and restricting ports.
Generally, the second method in the fourth situation can completely break through the limitations. As long as you are allowed to access the Internet, haha, all restrictions can be broken.
6. Another situation is that you cannot access the Internet at all, do not give you the permission or IP to access the Internet, or bind the IP to the MAC address.
Two ways:
1. You should have good friends in the company. Tie buddies and Tie sisters are fine. Find a machine that can access the Internet, borrow a channel, and install a small software to solve the problem. FLAT should be OK. If there is a key, no one can access it, and you can define the port yourself. . Other software that can support this method of proxying is also possible. I conducted a test and the situation is as follows: In the LAN environment, there is a server that proxys to access the Internet, which limits some IPs and gives access to the Internet, while the other IPs cannot access the Internet, which is a restriction on the hardware firewall or proxy server. I think even if it is bound to MAC address and IP, it is useless, so I can still break through this limit.
Set up a machine that can access the Internet in the LAN, then set the IP of my machine to not access the Internet, and then install the FLAT server-side program on the machine that can access the Internet, which is only more than 500 K. This machine uses the FLAT client and adds some software, such as IE, to test the Internet, and passes the Internet. It is very fast and the data transmission is still encrypted, which is very good.
2. Have a good relationship with the network administrator, everything can be done. The network administrator has all rights reserved. You can open your IP separately without any restrictions. The premise is that you do not cause trouble to the network administrator and do not affect the normal operation of the LAN. This is the best way.
In addition, there is another way to penetrate the firewall in the LAN, which is to use HTTPTUNNEL. This software requires the cooperation of the server and run the httpunnel server. This method is very effective in restricting the LAN ports.
Hidden channel technology is to use some software to encapsulate protocols that are not allowed by the firewall into authorized feasible protocols, so as to pass through the firewall. Port conversion technology also converts unauthorized ports into ports that are allowed to pass, thus breaking through the limitations of the firewall. Some software can now do this type of technology, and HACKER often uses this type of technology.
HTTPTunnel, the English word Tunnel means tunnel. Usually HTTPTunnel is called HTTP secret passage. Its principle is to disguise data as HTTP data form to pass through the firewall. In fact, a two-way virtual data connection is created in HTTP requests to penetrate the firewall. To put it simply, it means that a conversion program is set up on both sides of the firewall to encapsulate the data packets that originally needed to be sent or accepted into HTTP request formats, so it directly penetrates the firewall without other proxy servers. HTTPTunnel was only available in Unix when it first started, and now someone has ported it to the Window platform. It includes two programs, htc and hts, where htc is the client and hts is the server side. Let's see how I use them now. For example, the IP of the machine with FTP is 192.168.1.231, and the IP of my local machine is 192.168.1.226. Now I cannot connect to FTP locally due to firewall. The process of using HTTPTunnel is as follows:
Step 1: Start the HTTPTunnel client on my machine (192.168.1.226). Start the command line method of MS-DOS, and then execute the htc -F 8888 192.168.1.231:80 command, where htc is the client program. The -f parameter indicates that all data from 192.168.1.231:80 is forwarded to the 8888 port of the machine. This port can be selected at will, as long as the machine is not occupied.
Then we use Netstat to look at the current open port of the machine and found that port 8888 is already listening.
Step 2: Start the HTTPTunnel server on the other party's machine and execute the command
"hts -f localhost:21 80", the command means that all the data sent from port 21 of the machine is transferred through port 80, and open port 80 as a listening port. Then use Neststat to look at its machine and you will find that port 80 is also listening.
Step 3: Use FTP to connect to the 8888 port of this machine on my machine, and now it is connected to the other party's machine.
But, why do people see the address of 127.0.0.1 instead of 192.168.1.231? Because I am connecting to the 8888 port of this machine now, the firewall will definitely not respond because I did not send out the package, of course I don’t know about the firewall of the LAN. Now after connecting to the 8888 port of the machine, the FTP packets, whether they are control information or data information, are disguised as HTTP packets by htc and sent to it. In the eyes of the firewall, this is all normal data, which is equivalent to cheating the firewall.
It should be noted that the use of this trick requires the cooperation of other machines, that is, to start a hts on his machine and redirect the services he provides, such as FTP, to the 80 port allowed by the firewall, so that the firewall can be successfully bypassed! Some people will definitely ask, if the other party's machine has a WWW service, that is, its port 80 is listening, will it conflict if it does this? The advantage of HTTPTunnel is that even if its machine used to be open with port 80, there will be no problem when it is used like this. Normal web access still follows the old path, and the redirected tunnel service is also unimpeded!-
1. Simply restrict some websites from accessing, and online games (such as Lianzhong) cannot be played. This type of restriction generally limits the IP address to be accessed.
This type of limitation is easy to break through, just use an ordinary HTTP proxy, or SOCKS proxy is also possible. It is still easy to find HTTP proxy online now, and you can catch a lot of them. Adding an HTTP proxy to IE allows you to easily access the destination website.
2. Restrict certain protocols, such as FTP cannot be used, and the server-side IP addresses of some online games are restricted, and these games do not support ordinary HTTP proxy.
In this case, you can use the SOCKS proxy, cooperate with the Sockscap32 software, add the software to SOCKSCAP32 and access it through the SOCKS proxy. General programs can break through limits. For some games, you can consider the Permeo Security Driver software. If even SOCKS is restricted, you can use socks2http, not even HTTP is restricted.
3. Restrictions based on packet filtering, or some keywords are prohibited. This type of limitation is relatively strong, and it is generally filtered through proxy servers or hardware firewalls. For example: MSN is prohibited through ISA Server 2004 and packet filtering is done. This type of limitation is difficult to break through, and ordinary agents cannot break through the limitation.
Because this type of limitation is used to filter out keywords, it is necessary to use an encryption proxy, that is, the data stream of the HTTP or SOCKS proxy in the middle is encrypted, such as springboard, SSSO, FLAT, etc. As long as the proxy is encrypted, it can be broken. With these software combined with Sockscap32, MSN can be used. Such restrictions don't work.
4. Port-based restrictions limit certain ports. The most extreme situation is that only port 80 can access, so you can only view the web page, and even OUTLOOK receiving messages and FTP are restricted. Of course, for limiting several special ports, the breakthrough principle is the same.
This limitation can be broken through the following methods:
1. Find a proxy for the normal HTTP80 port, 12.34.56.78:80. For example, if you use socks2http, replace the HTTP proxy with SOCKS proxy, and then cooperate with SocksCap32, it will be easy to break through. This type of breakthrough method is not encrypted. All software also has this function.
2. Use FLAT software similar to it and cooperate with SocksCap32. However, it is best to use the FLAT proxy to be 80 port. Of course, it doesn’t matter if it is not 80 port, because FLAT also supports access through ordinary HTTP proxy. If it is not 80 port, you need to add another 80 port HTTP proxy. This kind of breakthrough method is used to encrypt the proxy in the middle, and the network administrator does not know what the data is used to encrypt the middle. A proxy springboard can also be done, but the proxy still needs port 80. For the 80 port limit, some port conversion technologies can also be used to break through the limit.
5. Some of the above restrictions include restricted IP, restricted keywords, such as blocking MSN, and restricting ports.
Generally, the second method in the fourth situation can completely break through the limitations. As long as you are allowed to access the Internet, haha, all restrictions can be broken.
6. Another situation is that you cannot access the Internet at all, do not give you the permission or IP to access the Internet, or bind the IP to the MAC address.
Two ways:
1. You should have good friends in the company. Tie buddies and Tie sisters are fine. Find a machine that can access the Internet, borrow a channel, and install a small software to solve the problem. FLAT should be OK. If there is a key, no one can access it, and you can define the port yourself. . Other software that can support this method of proxying is also possible. I conducted a test and the situation is as follows: In the LAN environment, there is a server that proxys to access the Internet, which limits some IPs and gives access to the Internet, while the other IPs cannot access the Internet, which is a restriction on the hardware firewall or proxy server. I think even if it is bound to MAC address and IP, it is useless, so I can still break through this limit.
Set up a machine that can access the Internet in the LAN, then set the IP of my machine to not access the Internet, and then install the FLAT server-side program on the machine that can access the Internet, which is only more than 500 K. This machine uses the FLAT client and adds some software, such as IE, to test the Internet, and passes the Internet. It is very fast and the data transmission is still encrypted, which is very good.
2. Have a good relationship with the network administrator, everything can be done. The network administrator has all rights reserved. You can open your IP separately without any restrictions. The premise is that you do not cause trouble to the network administrator and do not affect the normal operation of the LAN. This is the best way.
In addition, there is another way to penetrate the firewall in the LAN, which is to use HTTPTUNNEL. This software requires the cooperation of the server and run the httpunnel server. This method is very effective in restricting the LAN ports.
Hidden channel technology is to use some software to encapsulate protocols that are not allowed by the firewall into authorized feasible protocols, so as to pass through the firewall. Port conversion technology also converts unauthorized ports into ports that are allowed to pass, thus breaking through the limitations of the firewall. Some software can now do this type of technology, and HACKER often uses this type of technology.
HTTPTunnel, the English word Tunnel means tunnel. Usually HTTPTunnel is called HTTP secret passage. Its principle is to disguise data as HTTP data form to pass through the firewall. In fact, a two-way virtual data connection is created in HTTP requests to penetrate the firewall. To put it simply, it means that a conversion program is set up on both sides of the firewall to encapsulate the data packets that originally needed to be sent or accepted into HTTP request formats, so it directly penetrates the firewall without other proxy servers. HTTPTunnel was only available in Unix when it first started, and now someone has ported it to the Window platform. It includes two programs, htc and hts, where htc is the client and hts is the server side. Let's see how I use them now. For example, the IP of the machine with FTP is 192.168.1.231, and the IP of my local machine is 192.168.1.226. Now I cannot connect to FTP locally due to firewall. The process of using HTTPTunnel is as follows:
Step 1: Start the HTTPTunnel client on my machine (192.168.1.226). Start the command line method of MS-DOS, and then execute the htc -F 8888 192.168.1.231:80 command, where htc is the client program. The -f parameter indicates that all data from 192.168.1.231:80 is forwarded to the 8888 port of the machine. This port can be selected at will, as long as the machine is not occupied.
Then we use Netstat to look at the current open port of the machine and found that port 8888 is already listening.
Step 2: Start the HTTPTunnel server on the other party's machine and execute the command
"hts -f localhost:21 80", the command means that all the data sent from port 21 of the machine is transferred through port 80, and open port 80 as a listening port. Then use Neststat to look at its machine and you will find that port 80 is also listening.
Step 3: Use FTP to connect to the 8888 port of this machine on my machine, and now it is connected to the other party's machine.
But, why do people see the address of 127.0.0.1 instead of 192.168.1.231? Because I am connecting to the 8888 port of this machine now, the firewall will definitely not respond because I did not send out the package, of course I don’t know about the firewall of the LAN. Now after connecting to the 8888 port of the machine, the FTP packets, whether they are control information or data information, are disguised as HTTP packets by htc and sent to it. In the eyes of the firewall, this is all normal data, which is equivalent to cheating the firewall.
It should be noted that the use of this trick requires the cooperation of other machines, that is, to start a hts on his machine and redirect the services he provides, such as FTP, to the 80 port allowed by the firewall, so that the firewall can be successfully bypassed! Some people will definitely ask, if the other party's machine has a WWW service, that is, its port 80 is listening, will it conflict if it does this? The advantage of HTTPTunnel is that even if its machine used to be open with port 80, there will be no problem when it is used like this. Normal web access still follows the old path, and the redirected tunnel service is also unimpeded!-