Cenzic 232 Patent
Paid Advertising
web application security lab

How To Access Blocked Websites

I happened upon an article last night talking about how to access blocked websites. First of all, this is sorta missing a major component that most people are actually concerned with, which isn’t just how to access it, but rather how to access it and not get caught. Generally you don’t want to be accessing a website through a content filter and still set off alarm bells. The content filters in place are set up by governments, your place of work, your school or otherwise people who can negatively influence your life for looking at questionable websites.

Let’s walk through the list on that website and punch a few holes in it:

First they say to use anonymizer. Anonymizer is almost always bocked by content filters, so forget that one. Yes there are anonymous CGI scripts out there, but if your content filter works on keywords this is pretty much out.

Secondly they say to type the IP address of the website in. Okay, but how did you find out the IP address of the website? Presumably you did an nslookup on it? So now you have to ask yourself is your content filter watching outbound traffic on port 53? Or are they looking for strings like “nude” “xxx” “bombs” or otherwise sniffing the unencrypted traffic? Are you querying their name server or your own? And lastly, is the website in question even listening on an IP without requring you to send host headers? If they wanted to stop you from doing this, it would be very easy to do if this is the only trick you used.

Third he says use tinyurl or other redirection services. I don’t see how that could possibly fool a content filter. He’s claiming that the URL bar doesn’t change. Either it’s embedded in an iframe or otherwise concealing the page that is being rendered. That doesn’t mean your browser isn’t sending HTTP headers that the content filter can read. This one is just flat wrong. Beware people saying that redirection services make you secure. They don’t. At best the hide the referring URL (META refresh), at worst they do nothing (301 redirection).

Fourth he says to use Google Mobile Search. This is probably one of the few that might actually work, assuming the content filter isn’t keyword based. I won’t talk negatively about this, except that it is a really hobbled experience, and will dramatically reduce your browsing experience.

Fifth he says to use the cached version on Google or Yahoo. Ouch. A) keyword filters will still pick this up, B) Guess what, Google doesn’t cache any embedded content, so you still send headers for the images, the CSS, the JavaScript and any other embedded content, all of which will be blocked, if the content filter is set to be indistriminant about the file types (which most are). You’ll definitely get caught doing this.

Sixth he suggests using Google’s translation service. This has all the same problems as the cached version. Don’t use it for actual privacy.

Lastly he suggests using a proxy server. If the content filter allows you to use a proxy server and it is not the proxy server itself, this might work, assuming there are no keyword content filters. I mean, really onion networks work on this premise, but we’ve proven that this is a pretty easy thing to detect in some recent conversations on sla.ckers.org due to the fact that the tor networks have been mapped. Still, this might be your best hope.

There’s some end comments on that page discussing issues with the Chinese firewall, which clearly he doesn’t understand as the Chinese firewall primarily works off of keyword filters and is trivial to evade, and it’s not particularly relevant to the discussion anyway. If you want to evade the chinese firewall use peekabooty, Tor or SSH forward your connection, or simply rot13 everything because it cannot detect even the most simple obfuscation.

Anyway, I’m not trying to pick on the guy, but there is a lot more to anonymous surfing than meets the eye. Don’t take advice on anonymous surfing from people who don’t understand how the Internet works. Especially if your job or your life depends on it.

18 Responses to “How To Access Blocked Websites”

  1. dusoft Says:

    What about using privoxy and tor?

  2. RSnake Says:

    We’ve found issues with privoxy both from detection and forced browsing perspective, I really don’t recommend it. Tor is less insecure, so it probably can be used with relative security for the moment. Long term though I think it will come under more scrutiny and as that happens the potential for exploitation rises.

  3. Simon Says:

    www.bitty.com or similar service?
    It’s easily embedded into any webpage…

  4. Anders Says:

    For me it not content filters that the problem but the boss is alway watching my screen, so i find the lovely site to help my browsing news site in working time :-)

    http://www.workfriendly.net/

  5. Josh Says:

    ok all i want is to get into my favorite(but blocked) website…
    runescape.com

    please please please help me

  6. RSnake Says:

    Read this article if that’s all you want: http://ha.ckers.org/ssh_proxy.html

  7. justin Says:

    i need myspace, im addicted

  8. sktsktskt Says:

    websiteredirect.com
    mysecrecy.com
    ^^ those two are good but blocked now.

    lame.

    mathcookbook.com

  9. cam yerlett Says:

    can you please help me figure a way to bypass school security. eg/rm safety net please i really need help

  10. M.B Says:

    plz help me to get on runescape(it’s blocked)!!:(:(:(:(:(:(

  11. korey Says:

    :( my father blocked runescape and put a mac filter on the name “runescape” i can get to the site but when the java game uploads it doesn’t work :( to get to it i use http://unblock.cc/ there site gets me to it but u cant login as your character plz help me!!

  12. sonia Says:

    ok ok listen try this it will definitely work, coz my school has filtered EVRYTHING, the word proxy and all those u lot hav said. this works but e.g. if u go on yahoo mail, u can read mail, not send, and go on youtube myaccount but not read msgs. so its not that good, but its a start.
    Try it…
    www.countrycodes.co.in

  13. Darkstonex Says:

    same here, all the proxies don’t work for runescape cuz u can’t get to the log in thingy since it says URL not found =(

  14. Benjamin Says:

    Hey guys my school uses Websense to block all the pages, andyone have a website that will evade this? or tell me the basics of of SSH forward connection, cause the article is block here at school =\

  15. Larry Says:

    My ISP is blocking lots of sites. I tried lots of methods like proxy, typing IP in the browser, but it didn’t help :( So I’ve got VPN by http://strongvpn.com It has 24*7 support, as a plus my IP is hidden and the most important thing is my favorite services - they are able now!

  16. erik Says:

    im just trying to get on gaiaonline.com but aol parental controls block everything i try.

    Also a site you guys might wanna try is cpumod.net(dont know if it keeps you hidden though.)

  17. youhang Says:

    hi how u block a website can u tell my do it…

  18. Anelly Says:

    Hy, i use ip privacy http://www.privacy-pro.com to hide my ip. I use it because there are videos blocked from being seen in my country on YouTube.