Tuesday, December 30, 2008

Bypassing Websense

Websense is a kind of proxy server that filters request to the internet and will block certain kinds of request - The most common way of blocking is to check the requested url against a black list.
The most common HTTP request is GET and looks like:

GET /path-to-file HTTP/1.0
Simply replacing this with something like the one below seems to confuse Websense, making it to believe that the url is not in the black list.

GET /path-to-file <2048-space> HTTP/1.0
While some web servers are also confused by such a request some others behave normally.

To change the request from the first format to the second one needs some one in between and the easiest is a proxy server and if it's in python it only gets more easier.
TIP: If using windows, the extension of the proxy file can be set as .pyw to run it invisibly.

The browser has to be configured to use a proxy but since some sites doesn't work with this proxy due to the request mangling, it is worth writing a proxy.pac file that uses the proxy only for certain sites.
QuickProxy is a nice add-on for Firefox that makes it easy to switch proxy configuration.

Saturday, December 20, 2008

Yet another revival

Time and again I try to keep my blog alive but after a few posts the interest fades away mainly due to the effort involved in posting. I have tried different tools but none could stand my laziness - but this time posting via email seems to be easy enough to carry forward my lazy ass.