Upload
Login or register

fragman

Last status update:
-
Date Signed Up:10/03/2010
Last Login:7/23/2016
FunnyJunk Career Stats
Comment Ranking:#5081
Highest Content Rank:#1376
Highest Comment Rank:#583
Content Thumbs: 11450 total,  14737 ,  3287
Comment Thumbs: 15682 total,  18701 ,  3019
Content Level Progress: 28% (28/100)
Level 208 Content: Comedic Genius → Level 209 Content: Comedic Genius
Comment Level Progress: 69.09% (691/1000)
Level 313 Comments: Wizard → Level 314 Comments: Wizard
Subscribers:19
Content Views:513438
Times Content Favorited:1508 times
Total Comments Made:3065
FJ Points:24723
Favorite Tags: it (2) | Lost (2) | the (2)

latest user's comments

#125 - Uh... okay? It's kinda freaking me out how low the standards …  [+] (3 new replies) 11/05/2014 on fj #2 domain idea 0
#131 - gjsmo (11/05/2014) [-]
Tor Browser can be installed portably. Hence no installation and no admin privileges required, though if you use your own laptop like me it's already there. As far as detecting tor traffic I haven't encountered anything that can manage to block the encrypted traffic, it's pretty damn robust. Additionally, Tor ports are often nonstandard, especially with bridges which are used in situations where standard ports and known IPs are blocked.
#133 - fragman (11/05/2014) [-]
True. But execution of protable apps can be prohibited and the way blocking it's traffic is what I just described. Of course it doesn't work if you allow outbound connections from clients directly to the internet but damn son, you'd have to be one drunk IT guy to do that in an environment like a school (which apparently is way more common than I expected).
#144 - gjsmo (11/05/2014) [-]
The big one is of course blocking portable apps. I can get around this by using a laptop with wifi or ethernet. You'd be surprised how easy it is to print a config page for a printer, get the MAC address and spoof it, and use that for ethernet. As in it takes about 30 seconds. Blocking the protocol is admittedly possible, but I find that it never happens especially due to its ability to disguise itself as HTTPS as you mentioned.

I should mention that school IT departments seem to be filled with the lowest payed, worst employees possible. I had an ethernet plug go out in a research lab, which prevented us from doing AD logins. This was out for a week and due to special software only installed in that lab, research was stalled for a week. At a research university. Believe it or not, they definitely *are* idiots.

Bottom line though I can get around it all, or at least everything in schools, if I feel like it. Then again sometimes it's just easier to use the Google "fresh proxies" group, which usually seems to work for the day that they're relevant.
#67 - "Quit yer whinin bitch, you're a basketball now." 11/05/2014 on Cheerleader -1
#116 - Well it's kinda both the same and entirely different. Ok that …  [+] (4 new replies) 11/05/2014 on fj #2 domain idea 0
#202 - codebacon (11/06/2014) [-]
But what if, you need to log in with your account to see content here?

+ I had made my own "proxy", our teacher gaves us a little space in server to make website, so I just made that all content would print in that my PHP file, and you can easily browse 4chan Not working fully .
So anywhore, I just managed to bypass that security.
#203 - fragman (11/06/2014) [-]
I don't follow regarding the login question, please elaborate.

What you're doing there is the most rudimentary form of a proxy where you call one website to display another. It works, but only because the server isn't affected by the controlling mechanisms in place (i.e. K9 because it's client side and who would install it on a server). It's a quirky solution but I like it.
User avatar
#204 - codebacon (11/06/2014) [-]
Well, I meant about having fake outside website or something. When you login you see FunnyJunk. That's just my though, I don't really know how those fucking shit wroks.(About "Security" systems).
#205 - fragman (11/06/2014) [-]
Unless the webserver you're using to display the "outside website" also acts as a proxy, it wouldn't really work since your computer would still try to request content from the original site. Take FJ as an example: When you're browsing to funnyjunk.com , your browser also sends out requests to other domains, like fjcdn.com (which is where images are stored for example). So if you were to block fjcdn.com you can still browse FJ, but won't see any images.
#84 - Yeah, it's usually the simplest solution. But the google trans…  [+] (6 new replies) 11/05/2014 on fj #2 domain idea 0
#122 - gjsmo (11/05/2014) [-]
It seems like Tor is nearly unblockable.

To put this in perspective: I have been in many schools, using many different companies with many different filter settings. Even the most restrictive (especially over restrictive primary schools) services couldn't block Tor. That's not to say it works out of the box - occasionally I have to use a bridge but that's very easy.

Not to mention that occasionally I set up my VPS for proxying and get better speed than any residential or commercial connection.
#128 - fragman (11/05/2014) [-]
But then again, if they allow you to simply change the proxy settings in the browser to point to your VPS, you can't expect much...
#125 - fragman (11/05/2014) [-]
Uh... okay? It's kinda freaking me out how low the standards for IT infrastructure in schools seem to be.

Thing is, in a proper setup you can't really use tor if they don't want you to since you have no admin privilege required to install software (in order to run the local SOCKS service which it connects to), change TCP/IP settings, change proxy settings etc. And even if the user finds a way to bypass that: an enterprise-level solution like ProxySGis able to detect tor traffic as a bypass service which means it can be blocked using a policy.
Another solution would be blocking outgoing traffic on the ports used by tor to get the node list (9001, 5001, 8080). This forces tor to default back to using HTTP and HTTPS and since it's using encrypted communication with untrusted certificates any protocol-aware device will be able to drop that traffic.
#131 - gjsmo (11/05/2014) [-]
Tor Browser can be installed portably. Hence no installation and no admin privileges required, though if you use your own laptop like me it's already there. As far as detecting tor traffic I haven't encountered anything that can manage to block the encrypted traffic, it's pretty damn robust. Additionally, Tor ports are often nonstandard, especially with bridges which are used in situations where standard ports and known IPs are blocked.
#133 - fragman (11/05/2014) [-]
True. But execution of protable apps can be prohibited and the way blocking it's traffic is what I just described. Of course it doesn't work if you allow outbound connections from clients directly to the internet but damn son, you'd have to be one drunk IT guy to do that in an environment like a school (which apparently is way more common than I expected).
#144 - gjsmo (11/05/2014) [-]
The big one is of course blocking portable apps. I can get around this by using a laptop with wifi or ethernet. You'd be surprised how easy it is to print a config page for a printer, get the MAC address and spoof it, and use that for ethernet. As in it takes about 30 seconds. Blocking the protocol is admittedly possible, but I find that it never happens especially due to its ability to disguise itself as HTTPS as you mentioned.

I should mention that school IT departments seem to be filled with the lowest payed, worst employees possible. I had an ethernet plug go out in a research lab, which prevented us from doing AD logins. This was out for a week and due to special software only installed in that lab, research was stalled for a week. At a research university. Believe it or not, they definitely *are* idiots.

Bottom line though I can get around it all, or at least everything in schools, if I feel like it. Then again sometimes it's just easier to use the Google "fresh proxies" group, which usually seems to work for the day that they're relevant.
#78 - If they have any knowledge whatsoever or a halfway competent I…  [+] (8 new replies) 11/05/2014 on fj #2 domain idea 0
#81 - kwizzer (11/05/2014) [-]
The bypasses you mentioned are the same ones we came up with, actually

Either google translating a site or going on so-called anonymous browsing websites made it easy enough to access whatever site you wanted even though there were some issues with cookies from time to time
#84 - fragman (11/05/2014) [-]
Yeah, it's usually the simplest solution. But the google translate way can be stopped with better URL inspection, HTTPS can be stopped by using a non-transparent proxy setup and those CGI proxies (anonymous browsing websites) are usually slow as hell and can be easily blocked as well. Plus the cookie issues you mentioned and the fact that you are basically asking for a man-in-the-middle attack that way (if you use them to visit sites where you have a login).

If your institution of choice is clever and you are totally set on still breaking the rules, you can always set up a proxy at home (like janaserver), use DynDNS and access that one. This will bypass the countermeasures about 98% of the time. The other 2% can also be handled but honestly, that would be way too technical to post here (considering some people on this site ask questions like "what doees HTTPS do").
#122 - gjsmo (11/05/2014) [-]
It seems like Tor is nearly unblockable.

To put this in perspective: I have been in many schools, using many different companies with many different filter settings. Even the most restrictive (especially over restrictive primary schools) services couldn't block Tor. That's not to say it works out of the box - occasionally I have to use a bridge but that's very easy.

Not to mention that occasionally I set up my VPS for proxying and get better speed than any residential or commercial connection.
#128 - fragman (11/05/2014) [-]
But then again, if they allow you to simply change the proxy settings in the browser to point to your VPS, you can't expect much...
#125 - fragman (11/05/2014) [-]
Uh... okay? It's kinda freaking me out how low the standards for IT infrastructure in schools seem to be.

Thing is, in a proper setup you can't really use tor if they don't want you to since you have no admin privilege required to install software (in order to run the local SOCKS service which it connects to), change TCP/IP settings, change proxy settings etc. And even if the user finds a way to bypass that: an enterprise-level solution like ProxySGis able to detect tor traffic as a bypass service which means it can be blocked using a policy.
Another solution would be blocking outgoing traffic on the ports used by tor to get the node list (9001, 5001, 8080). This forces tor to default back to using HTTP and HTTPS and since it's using encrypted communication with untrusted certificates any protocol-aware device will be able to drop that traffic.
#131 - gjsmo (11/05/2014) [-]
Tor Browser can be installed portably. Hence no installation and no admin privileges required, though if you use your own laptop like me it's already there. As far as detecting tor traffic I haven't encountered anything that can manage to block the encrypted traffic, it's pretty damn robust. Additionally, Tor ports are often nonstandard, especially with bridges which are used in situations where standard ports and known IPs are blocked.
#133 - fragman (11/05/2014) [-]
True. But execution of protable apps can be prohibited and the way blocking it's traffic is what I just described. Of course it doesn't work if you allow outbound connections from clients directly to the internet but damn son, you'd have to be one drunk IT guy to do that in an environment like a school (which apparently is way more common than I expected).
#144 - gjsmo (11/05/2014) [-]
The big one is of course blocking portable apps. I can get around this by using a laptop with wifi or ethernet. You'd be surprised how easy it is to print a config page for a printer, get the MAC address and spoof it, and use that for ethernet. As in it takes about 30 seconds. Blocking the protocol is admittedly possible, but I find that it never happens especially due to its ability to disguise itself as HTTPS as you mentioned.

I should mention that school IT departments seem to be filled with the lowest payed, worst employees possible. I had an ethernet plug go out in a research lab, which prevented us from doing AD logins. This was out for a week and due to special software only installed in that lab, research was stalled for a week. At a research university. Believe it or not, they definitely *are* idiots.

Bottom line though I can get around it all, or at least everything in schools, if I feel like it. Then again sometimes it's just easier to use the Google "fresh proxies" group, which usually seems to work for the day that they're relevant.
#70 - you're either joking or don't understand how URL filters work.…  [+] (18 new replies) 11/05/2014 on fj #2 domain idea +12
#193 - zandersave (11/06/2014) [-]
except at my school its run by like two guys manually blocking each site from each router
User avatar
#109 - codebacon (11/05/2014) [-]
Is this the same with K9 security? I am not familiar with those kind of things.
User avatar
#136 - phanacit (11/05/2014) [-]
yes it will
i made a free site with tits on it and when i wanted to look at it the next day on a blocked computer that i bought from a school (for testing) the site got blocked for porn
#116 - fragman (11/05/2014) [-]
Well it's kinda both the same and entirely different. Ok that sounds stupid...
Since it's a BlueCoat product it uses the same category-based filtering system (same as if you were to use a BlueCoat proxy appliance) but the implementation is entirely different. As a client-based solution there are of course advantages and drawbacks (mostly drawbacks from a policy enforcement/security point of view) compared to the concept I explained above. But for the user it's probably pretty much the same (probably since I've never used it myself).
#202 - codebacon (11/06/2014) [-]
But what if, you need to log in with your account to see content here?

+ I had made my own "proxy", our teacher gaves us a little space in server to make website, so I just made that all content would print in that my PHP file, and you can easily browse 4chan Not working fully .
So anywhore, I just managed to bypass that security.
#203 - fragman (11/06/2014) [-]
I don't follow regarding the login question, please elaborate.

What you're doing there is the most rudimentary form of a proxy where you call one website to display another. It works, but only because the server isn't affected by the controlling mechanisms in place (i.e. K9 because it's client side and who would install it on a server). It's a quirky solution but I like it.
User avatar
#204 - codebacon (11/06/2014) [-]
Well, I meant about having fake outside website or something. When you login you see FunnyJunk. That's just my though, I don't really know how those fucking shit wroks.(About "Security" systems).
#205 - fragman (11/06/2014) [-]
Unless the webserver you're using to display the "outside website" also acts as a proxy, it wouldn't really work since your computer would still try to request content from the original site. Take FJ as an example: When you're browsing to funnyjunk.com , your browser also sends out requests to other domains, like fjcdn.com (which is where images are stored for example). So if you were to block fjcdn.com you can still browse FJ, but won't see any images.
#75 - kwizzer (11/05/2014) [-]
Doubt all schools use those kinds of systems.

At my high school, it seemed more like our IT dude either manually put the URLs with wildcards into a blocking list or he just added the IPs.

Some rather obvious gaming sites were not blocked one week, whereas the next they were ... after tons of students started using it at the start of the school year.
#78 - fragman (11/05/2014) [-]
If they have any knowledge whatsoever or a halfway competent IT provider, they use such systems. Those things still need to be configured properly though and sites can be uncategorized/miscategorized.
Manually maintaining a content filter is not only slow but also stupid. You either end up not blocking shit in which case you're better off ignoring it completely or the time your IT guy spends on maintaining it costs you about five times more than a service subscription. Add to that the fact that most systems used in schools and smaller companies (especially the ones which are handled like you described) are bypassed with insanely easy methods (use HTTPS [if the proxy is configured as transparent, only HTTP traffic is scanned], google translate the site from English to English etc.).

I used to work for a company who provided such a service among other things and we bought the category data from some university, customized them to fit our customer's needs and applied them to the simple gateways running an open source proxy software. But once again, the almighty FJ userbase seems to know better.
#81 - kwizzer (11/05/2014) [-]
The bypasses you mentioned are the same ones we came up with, actually

Either google translating a site or going on so-called anonymous browsing websites made it easy enough to access whatever site you wanted even though there were some issues with cookies from time to time
#84 - fragman (11/05/2014) [-]
Yeah, it's usually the simplest solution. But the google translate way can be stopped with better URL inspection, HTTPS can be stopped by using a non-transparent proxy setup and those CGI proxies (anonymous browsing websites) are usually slow as hell and can be easily blocked as well. Plus the cookie issues you mentioned and the fact that you are basically asking for a man-in-the-middle attack that way (if you use them to visit sites where you have a login).

If your institution of choice is clever and you are totally set on still breaking the rules, you can always set up a proxy at home (like janaserver), use DynDNS and access that one. This will bypass the countermeasures about 98% of the time. The other 2% can also be handled but honestly, that would be way too technical to post here (considering some people on this site ask questions like "what doees HTTPS do").
#122 - gjsmo (11/05/2014) [-]
It seems like Tor is nearly unblockable.

To put this in perspective: I have been in many schools, using many different companies with many different filter settings. Even the most restrictive (especially over restrictive primary schools) services couldn't block Tor. That's not to say it works out of the box - occasionally I have to use a bridge but that's very easy.

Not to mention that occasionally I set up my VPS for proxying and get better speed than any residential or commercial connection.
#128 - fragman (11/05/2014) [-]
But then again, if they allow you to simply change the proxy settings in the browser to point to your VPS, you can't expect much...
#125 - fragman (11/05/2014) [-]
Uh... okay? It's kinda freaking me out how low the standards for IT infrastructure in schools seem to be.

Thing is, in a proper setup you can't really use tor if they don't want you to since you have no admin privilege required to install software (in order to run the local SOCKS service which it connects to), change TCP/IP settings, change proxy settings etc. And even if the user finds a way to bypass that: an enterprise-level solution like ProxySGis able to detect tor traffic as a bypass service which means it can be blocked using a policy.
Another solution would be blocking outgoing traffic on the ports used by tor to get the node list (9001, 5001, 8080). This forces tor to default back to using HTTP and HTTPS and since it's using encrypted communication with untrusted certificates any protocol-aware device will be able to drop that traffic.
#131 - gjsmo (11/05/2014) [-]
Tor Browser can be installed portably. Hence no installation and no admin privileges required, though if you use your own laptop like me it's already there. As far as detecting tor traffic I haven't encountered anything that can manage to block the encrypted traffic, it's pretty damn robust. Additionally, Tor ports are often nonstandard, especially with bridges which are used in situations where standard ports and known IPs are blocked.
#133 - fragman (11/05/2014) [-]
True. But execution of protable apps can be prohibited and the way blocking it's traffic is what I just described. Of course it doesn't work if you allow outbound connections from clients directly to the internet but damn son, you'd have to be one drunk IT guy to do that in an environment like a school (which apparently is way more common than I expected).
#144 - gjsmo (11/05/2014) [-]
The big one is of course blocking portable apps. I can get around this by using a laptop with wifi or ethernet. You'd be surprised how easy it is to print a config page for a printer, get the MAC address and spoof it, and use that for ethernet. As in it takes about 30 seconds. Blocking the protocol is admittedly possible, but I find that it never happens especially due to its ability to disguise itself as HTTPS as you mentioned.

I should mention that school IT departments seem to be filled with the lowest payed, worst employees possible. I had an ethernet plug go out in a research lab, which prevented us from doing AD logins. This was out for a week and due to special software only installed in that lab, research was stalled for a week. At a research university. Believe it or not, they definitely *are* idiots.

Bottom line though I can get around it all, or at least everything in schools, if I feel like it. Then again sometimes it's just easier to use the Google "fresh proxies" group, which usually seems to work for the day that they're relevant.
#205 - Obviously 11/04/2014 on Psychosis Need Apply 0
#2 - Not with that attitude you can't. 11/04/2014 on (untitled) +4
#86 - All hail Britannia! 11/04/2014 on Britain -1
#122 - So... admin is also running some sort of polish lifting blog? … 11/04/2014 on https testing part 2 0