Sunday, March 22, 2009

Bypass Content Filtering with Toonel


Fascinating approach to bypass content filtering:

1. Download and install Java Runtime from here.

2. Download Toonel from here. it comes with .jar extension which will only execute when already installed java runtime.

3. This part is where you start tunneling, just open the Toonel.jar file Thats it! seriously its done :p

4. Now open your browser under connection settings and put in “127.0.0.1″ (without quotes) as proxy address and “8080″ (without quotes) as port.

This method works for Windows, Mac and Linux.

I'll have to try it and see if it works...will report back.

Update: It works...off a flash drive and using java runtime environment. Wow.

Some potential ways to deal with this that a colleague suggested...
One way you should be able to stop the toonel bypass in windows machines, would be to disable the connections tab of the internet options. This would not allow the user to change the proxy ip or port number. The connections tab can be hidden through group policies. You would also want to stop users from using a registry editor, or they could just get that tab back, and change other things too.
Another approach:

Here is a simple short rule I made this morning that seems to block toonel. Just block the 3 ip addresses on your firewall. Will be watching if they change ip addresses.

drop tcp [85.25.120.147,216.117.134.180,87.118.102.154] any -> any any (msg:"Toonel.net Access";classtype:policy-violation; sid:2009032401; rev:2;)








Subscribe to Around the Corner-MGuhlin.org

Be sure to visit the ShareMore! Wiki.

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

Subscribe via email

Enter your email address:

Delivered by FeedBurner

Disclaimer

Disclaimer

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure