Bypassing Cyberoam Using PuTTY.

Most of the colleges, schools and offices prefer using a firewall to block the users from accessing the restricted websites. Most of my friends have asked me about how to access blocked sites, or bypass Cyberoam. So here i am posting a tutorial for that. But before beginning, its important to know what Cyberoam is and how does it work.

Cyberoam is an Eight layer hardware firewall, which offers stateful and deep packet inspection for network, web applications and user based identity security. The main working and blocking of sites is done at the deep packet inspection step.Thus the firewall is pretty much secure, no doubt. Apart from this, they also use category blocking, and keyword blocking, in which they block the sites with restricted keywords.
The flaw is that, with the websites containing SSL feature, are not blocked. They have to block these sites manually if required. And trust me, its really a very hectic task, and they just don't do it, until unless someone tells them to block any objectionable SSL website or any specific port, which can only be done by the person using the same network.
Anyways, how to hack that 8 layer security is our prime concern.

So, here are the steps:
1. Download PuTTY here.
2. Install it.
3. Signup here, with a Username and Password.
4. Open PuTTY and then click on Session.
5. In Hostname, type shell.cjb.net and in Port, type 22, as shown below:

PuTTY configuration

6. Now, click on Double Click on SSH, in connections, and select Tunnels.
7. In Source port, type 8118, and select Dynamic and Auto as shown below:

PuTTY Configuration

8. Click Add.
9. Click Open.
And a terminal shell window like this will pop up, asking for login:

PuTTY Terminal window

10. In Username, type in your Username, the one you registered and then press Enter.
11. It will prompt for password, so type in your password, the one you gave at the time of registration, in step 3.
    **You won't see any characters while typing in your password, but that is for your safety. Just type the correct password and press Enter.
12. You will see something like this:

PuTTY Terminal Window

Now you are connected to cjb.net on port 22, through SSH, or you have successfully made a tunnel.
All you need to do now, is configure your browser.
I use mozilla, so i'll show you how it is done on mozilla. You can configure your browser the same way, in case you use some other browser.
13. Open Mozilla Firefox.
14. Go to Tools-->Options. A window will pop up
15. Click Advanced, and go to Network tab.

Options Window

16. Click Settings.
17. In the SOCKS host, put 127.0.0.1, which is your localhost address, and in Port, put 8118.
18. Then select SOCKS v5 Radio button.

Connection Settings Window

19. Click OK.
20. After clicking OK on the Connection Settings Window, Click OK on the Options window.

And you are done !!!
Now open any blocked site freely.....as you can see here, i have opened TOR Website, which is blocked by Cyberoam and listed under category URLTranslationalSites.

Hope you enjoyed the post...



**NB:
          If in case, your Local Area Network Administrator blocks 8118 too, (as what happened in my place, b'coz someone would have probably read the article and would have told the admin) then in that case, use Nmap to scan all open ports on your default gateway, and use them instead of 8118.
I cannot write about that here, b'coz it would then be a sheer panicky for the admin and getting up frustrated, he may end up disconnecting the Internet .... xD

Demonstration: Arp poisoning

In this Zip package, I've uploaded a video, demonstrating ARP cache poisoning.

Instructions:
1.Download the zip file.
2.Right click on the zip folder and extract the folder to any desired location.
3.Open the extracted folder. Click myvid.swf.html and the video will open in your default browser.
4.You should have latest flash player installed to view the video.

To download the Zip package, click here.

Man in the Middle

Man in the middle attack, often abbreviated as MitM, is a kind of attack in which an attacker intercepts all the communication between two or more machines. It is one of the most prevalent network attacks. Considering as an active eavesdropping attack, MitM works by establishing connections to victim's machine, and relaying messages between them.

In such scenario, both hosts believes that they are communicating directly to one another, when in reality, the whole traffic flows through the host, performing the attack. Hence the attacking host can not only intercept the sensitive data, but can also inject and manipulate a data stream to gain further control of victims.

Representation of  Man in the Middle attack.

MitM attack can be used for doing various tasks:

• ARP(Address Resolution Protocol) poisoning, or APR(ARP Poison Routing).

  

  (ARP Communication Process)
  

  
  

  
  

  

  (ARP Cache Poisoning)

• DNS(Domain Name Server) Spoofing.
• Session Hijacking.
• SSL hijacking.

Softwares for performing MitM attack:

• Cain n Abel
• Wireshark
• Ettercap
• Dsniff
• PacketCreator

**MitM attack can also be done over an https connection, by establishing two independent SSL sessions, one over each TCP connection. The browser sets a SSL connection with the attacker, and the attacker establishes another SSL connection with the web server.

In general, the browser warns the user. To avoid that, the attacker may compromise the server certificate, or gets a signed certificate by a trusted CA(Certificate Authority) with the same CN(Certificate Name) as that of the original website.