Need help to fool / bypass Fortiguard web filter

Discussion in 'Computer Software and Operating Systems' started by megazero1x1, Apr 15, 2014.

  1. megazero1x1
    OP

    megazero1x1 GBAtemp Fan

    Member
    427
    93
    Oct 16, 2011
    India
    Hello all.

    In my university, the internet is heavily filtered by fortiguard.
    My biggest issue us that gaming sites are blocked and so are services like steam.
    Also, there is a bandwidth cap on all websites which are not approved by the university (50KB/s).

    So my question is ,
    Is there any way by which I can fool fortiguard or whatever software they are using, into thinking that I am browsing a university approved website when I'm not ?
    And is it possible to completly bypass the entire web filter so I can browse the internet unrestricted.

    Please don't suggest VPNs and proxies. Most of them are blocked too. The only VPN which I know works happens to be vpnbook.com .

    Any and all help will be appreciated.
    Thank you

    Megazero1x1
     

    Attached Files:

  2. trumpet-205

    trumpet-205 Embrace the darkness within

    Member
    4,363
    542
    Jan 14, 2009
    United States
    The best you can do is to use VPN which are not blocked, but I doubt there is a way around bandwidth cap (assuming they use whitelist).
     
  3. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,167
    8,906
    Nov 21, 2005
    First what are the penalties for bypassing the blocks? If you are just going to get a "they are there to protect you" lecture then fine but it is really not worth getting expelled or on a shitlist for.

    Never heard of the filter and can not be bothered to look it up right now. Is it just a blacklist and bandwidth whitelist? Does it scan the contents of the page or URL? If so then you might have to go SSL. Is the list university maintained or company maintained? For the former there can be cracks as that is a full time job, it can be the company provides a base and the university takes it from there though,

    If normal VPN will not work then usually you get to build your own back to your house, that or some form of VNC. If you are at university to try to save some bandwidth at home then this is not ideal.

    Speed caps.
    Do you control any of the sites? Doubtful but I have seen people whitelist google's domains; this can include sites.google.com
    If you control such a site then you can try things like cURL ( http://curl.haxx.se/ ), I am not sure about google sites specifically there (they have hosting but it is very limited in what you can do).
    Minor alternative is if the site uses a generic CDN (cloudflare and the like) -- subdomains here are often unpredictable and so the whole thing might be whitelisted. Exploiting this fact would be very annoying but not outside the realms of possibility.

    Steam might be harder if you do not want to do it over personal VPN.

    Beyond that you get to do more hackery things. One of the more popular things here includes VPN over DNS -- DNS requests tend not to be filtered and tend not to be limited in bandwidth (It is "just" DNS after all), now you pipe everything over DNS requests and it can get through. I just searched and apparently there are commercial services offering this now so that might be an option,
     
  4. Costello

    Costello Headmaster

    Administrator
    12,388
    5,595
    Oct 24, 2002
    I'm pretty sure Astrill can get through this https://www.astrill.com
    they use a special proprietary tunnelling technology; it works everywhere I've tried including in China where the Internet is largely blocked

    I think they have a free trial period when you are invited by other people. If you want to give it a try, PM me your email address so I can invite you for a free trial.
     
  5. megazero1x1
    OP

    megazero1x1 GBAtemp Fan

    Member
    427
    93
    Oct 16, 2011
    India
    First I'd like to thank all of you for the replies.
    @ fast6191, its the usual to protect you lecture.
    Also I not sure if it is a black / white list or a full content scan. But seeing that they actually categorised the web sites, I'd say it's a white / black list.
    Also I think you are right about the company providing a base and the university taking it further.
    And just so that I don't seem like and idiot , I live in the university dorms. If I had easy access to my home net connection, no way I'd go through all of this.

    As of the speed cap, its a white list case. Only the educational websites which are approved by the university have streaming enabled reach the max speed.
    Also I forgot to mention but all kinds of streaming of videos flash and HTML 5 are blocked and I'm not sure here but I suspect that all UDP ports are blocked as well.

    And thank you for informing me about the VPN over DNS.I'll be sure to give that a try.
     
  6. megazero1x1
    OP

    megazero1x1 GBAtemp Fan

    Member
    427
    93
    Oct 16, 2011
    India
    @ Costello, thank you for your offer. I'll be sure to pm you my email asap.

    Also to the mods, I am extremely sorry as I am unable to format my posts correctly , as I'm currently using my smart phone and its very tedious to do so.

    Again sorry for all the inconvenience I have caused.
     
  7. james50a

    james50a Member

    Newcomer
    GBAtemp Patron
    james50a is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    48
    23
    Sep 4, 2010
    Canada
    depending on if u have spare money u can always just rent a cheap server in ur area for under 4$ and route through there. http://lowendbox.com/ is a good place to find them, although u have to have knowledge of linux
     
  8. Joe88

    Joe88 [λ]

    Member
    11,529
    2,721
    Jan 6, 2008
    United States
    NYC
    in my school they also use fortiguard
    tor can bypass it easily enough (assuming you have USB permissions and can run programs)

    the normal desktop computers on campus (wired connection) use a student account login system
    I found out the eterhnet ports use MAC address filtering so you cant just plug your laptop in and use the connection
    however if you login on the desktop and just do a ipconfig in the cmd prompt and copy the MAC address down and logout (also assuming you have cmd prompt access, most uni's block it)
    on your laptop you can use a MAC spoofer and just copy the same address down for the LAN port and you can now bypass their login system as well as get the full access of the T3 connection
    even steam works on it
     
  9. megazero1x1
    OP

    megazero1x1 GBAtemp Fan

    Member
    427
    93
    Oct 16, 2011
    India
    I have tries tor before but had no success.
    Maybe at my university they are using some kind of a higher security setting on fortiguard.