Bypassing websense web filter

**Coop77** · 01-04-2008, 12:45 AM

Anyone know how to get around a websense web filter that blocks viewing ALL websites? The machine in question is on a school network. I can PING external websites and IPs from a command prompt, but IE says "websense has blocked all browsing on this machine" when I try to view any page.

**Odpierdol_sie!** · 01-04-2008, 07:10 AM

Originally Posted by Coop77

Anyone know how to get around a websense web filter that blocks viewing ALL websites? The machine in question is on a school network. I can PING external websites and IPs from a command prompt, but IE says "websense has blocked all browsing on this machine" when I try to view any page.

hmmmmm i was going to suggest surfing using www.browseatwork.com but since you cannot view any web sites i find it unlikely that you will be able to get on to it in the first place.

**jackjackson** · 01-04-2008, 11:32 AM

Yes there is a way you can.
Not sure if you are tech savy enough, but every company has some port open on the firewall say for instance tcp port 55000.
On your home pc enabled RDP and then on your router redirect tcp 55000 to 3389 to your local pcs ip address, if anything set it static.
Should be under a NAT tab, also easier if you were to load say the DYNDNS client on your pc or if you have a capable router of using DDNS.
I had websense at my other job.
Or if they have ssh open you can use ssh tunneling.

Also is the websense you have via a proxy or integrated into the router aka cisco?

Not sure if I lost you here but there are ways around it.

BTW Nice link Odpierdol_sie!, not sure if it does any logging but I tried it and pulled the Ip i was using to browse and to my suprise it was arcadehub.com
Nice

**Coop77** · 01-04-2008, 09:41 PM

Originally Posted by jackjackson

Yes there is a way you can.
Not sure if you are tech savy enough, but every company has some port open on the firewall say for instance tcp port 55000.
On your home pc enabled RDP and then on your router redirect tcp 55000 to 3389 to your local pcs ip address, if anything set it static.
Should be under a NAT tab, also easier if you were to load say the DYNDNS client on your pc or if you have a capable router of using DDNS.
I had websense at my other job.
Or if they have ssh open you can use ssh tunneling.

Also is the websense you have via a proxy or integrated into the router aka cisco?

Not sure if I lost you here but there are ways around it.

You didn't lose me. Browsing using my home pc via RDP isn't an option because I'm setting this up for someone else to use. Using an SSH tunnel might work but the https port may be entirely blocked along with the http port.
I think websense is on the router. There is no proxy.
thanks for the input.

**Odpierdol_sie!** · 01-05-2008, 04:25 PM

Originally Posted by jackjackson

BTW Nice link Odpierdol_sie!, not sure if it does any logging but I tried it and pulled the Ip i was using to browse and to my suprise it was arcadehub.com
Nice

Cool!
I found it by accident the other night, I knew it would work to an extent.
Doubt websense has cottoned on to it yet, I imagine it will not be too long before they do tho...

**packetninja** · 08-13-2008, 07:57 AM

If you have no proxy in your browser settings then they are redirecting all web requests from the firewall/router back to websense. Websense then issues a tcp reset for the connection and displays your annoying page.

If your able to ping websites they evidently are not blocking outbound or inbound ICMP packets which is odd. Its strange they would block all websites but allow ICMP. Sounds like the admin got overly excited with his new websense toy but knows jack about routers or firewalls.

Trying pinging a website then telneting to that IP address on port 80. Unless they are hosting something stupid, they will have no inbound ports open on their firewall device. But since ICMP is working they dont seem to be doing any type of egress filter, which sounds like they are possibly not using a statefull packet inspection device of any sort.

So like the above poster said you could open a port on yours or your buddy's home network and have it redirect to 3389 on that machine if you have access to RDP on the machine with the web access being filtered. Then you can just RDP home and surf all you want. If you can telnet to port 80 on a website then you could just redirect port 80 on your home network to the RDP port on your home computer.

**spywizard** · 08-16-2008, 07:40 PM

we install websense.. a lot.. and i mean a lot..

In the above suggestion, it is presumed that the end user has access to the router.. probably not, and if he did, he'd have to delete the logs of the change of the port..

if he has that access, he has admin access, and could simply allow all, or better yet create a dummy user, with a different mac address (spoofed) ...

We make it so the ceo and others can surf unfettered, with no history.. all other users get the filter...

**BIG-N-Brazil** · 08-16-2008, 07:48 PM

I use https://www.vtunnel.com exactly as i typed it. It does not work for me without the s after htt. Thats how i get around filters when i am here at work...Good luck

**packetninja** · 08-20-2008, 11:04 AM

Originally Posted by spywizard

we install websense.. a lot.. and i mean a lot..

In the above suggestion, it is presumed that the end user has access to the router.. probably not, and if he did, he'd have to delete the logs of the change of the port..

if he has that access, he has admin access, and could simply allow all, or better yet create a dummy user, with a different mac address (spoofed) ...

We make it so the ceo and others can surf unfettered, with no history.. all other users get the filter...

I am not talking about modifying the config of the router/firewall that is in front of websense. I am talking about modifying the router/firewall at the persons house. If you can telnet to a website on port 80 but just not hit it in a browser, they are not doing any sort of egress port filtering on the gateway. The firewall/router is looking for the www request in the packet header and forwarding that request to websense. If you don't do a www request but rather just telnet on port 80 to the website and it works. Then open port 80 on your home router/firewall and redirect that to the RDP port on a PC at your home. Then you can RDP home and remotely control your computer at home, thus being able to surf the net or whatever.

you might not can hit www.playboy.com in your web browser but you may be able to telnet to 216.163.137.3 on port 80.

**michael tyson** · 09-30-2008, 08:48 PM

i dont know what you just said.. but you special man

**ShoBoat** · 10-18-2008, 01:19 PM

I have setup web sense for a few customers of mine... I use virtual IP that sends all 80 8080 443 etc traffic to the web sence proxy (which is not setup in the brower. all ICMP traffic goes an its usual route. however I have everything setup for deny... besides needed services.

if you can ssh you could just bind a random port back to local host

here is a little script I wrote for that

ssh -o ServerAliveInterval=300 -f -N -L 2101:127.0.0.1:12355 shoboat@ip_of_sshserver

ssh shoboat@ip_of_ssh_server "ssh -o ServerAliveInterval=300 -f -N -L 12355:ip_of_apache_server_runningmod_proxy:80 shoboat@xxxxxxx" 2>&1 outputdump.log

example in the webbroser you would type localhost:2101 and then mod_proxy should ask you for creds if you setup htaccess on the box to pass data