Out from the proxy in 60 seconds

So, in your university, you can surf internet only behind a proxy, within a limited surfing area. If your situation is like the following:

  • IP-level web proxy
  • Only educational domains accessible
  • Personal Linux account without any administrative privileges
then there could be a way to go out. I'll briefly explain how I did in my university, but most probably with a few adaptations the same procedure could work in very different environments. Please note that this is not a guide for dummies: I'll just list the necessary steps, without going deep in details (e.g. how to use a hex editor or how to set up a configuration file).

Have you ever heard about Planetlab platform and its proxy service Codeen? If not, please inform yourself through Wikipedia before continuing :) Let's just say there's a free http proxy service available in some educational domains (especially universities); most of them are accessible also from limited surfing proxies, so all we have to do is to configure our system so that a Codeen proxy is used to surf. How to reach that proxy? Through your ordinary proxy, of course; but how to use two proxies in a chain? Most of web browsers don't allow to set up a proxy chain, so we must use additional softwares like proxychains.

Most probably you can access at least the package mirrors of the distro you're using; for example, I could access http://packages.ubuntu.com and some of its download mirrors from behind my proxy, so I could download the package with the same computer. Otherwise, I would just have had to download the same package through another machine and then to copy it in the behind-proxy-machine.

Once we have a .deb (or .rpm or whatever) package, we can open it with an archive manager to unpack just the files we need: the executable(s), eventual local configuration files and the required libraries (tipically to be unpacked in a ./lib subdirectory). We cannot install new shared libraries because we don't have administrative privileges, but we know other ways to use non-installed libraries. For example:
user@lab:~/proxy$ export LD_LIBRARY_PATH=./lib
user@lab:~/proxy$ export LD_PRELOAD=`pwd`/lib/libproxychains.so
user@lab:~/proxy$ ./proxychains /usr/bin/firefox
ERROR: ld.so: object '/usr/lib/libproxychains.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/usr/lib/libproxychains.so' from LD_PRELOAD cannot be preloaded: ignored.
Unfortunately, setting LD_LIBRARY_PATH or LD_PRELOAD doesn't work, because proxychains executable overwrites the latter one. Two choices: modifying proxychains source and compiling it again (but we may need other "dev" packages to install), or modifying the proxychains executable with a hexadecimal editor. We choose the second one, and if we don't have a hex editor on our machine, we can download also another app like hexedit; it allows us to modify the only text string we care about: "/usr/lib/libproxychains.so", that we're going to change in a local path (with the same length like "././/lib/libproxychains.so" or "./tmplib/libproxychains.so".

At this point, we should have proxychains working. Let's choose from this list a Codeen proxy accessible from our usual proxy; from an italian university, a proxy ending with ".uni**.it" should be fine. On my machine, setting a 2-proxies chain doesn't work; for some reasons, the only way to make it work is to set up proxychains.conf with the "internal" proxy (the university proxy) and the browser (Firefox, of course) with the Codeen proxy. And the result is...

Google! Good job. But there's another point to consider: if you're not surfing from a Planetlab IP, as you probably aren't, HTTPS traffic is disabled. This means: no Gmail, Yahoo Mail, nor other SSL logins or transactions. Unfortunately, some forums are managed via https protocol; to reach these forums (e.g. your university forum), you have to disable the use of Codeen proxy and to change Firefox settings again. The fastest way to do this is probably to keep two separate profiles in Firefox with different settings; supposing you named the "special" profile freefox, a bash script to open a free Firefox will be like this:
cd ~/proxy
./proxychains /usr/bin/firefox -P freefox $* &
Other solutions to have HTTPS support:
  1. Finding an external, free proxy which supports HTTPS traffic tunneling, and adding this proxy to the chain;
  2. Setting up a machine with public or dynamic IP with SSH server in http tunneling (with -X extension enabled); but if you can do this, then you don't need to read this lousy "tutorial" ;)
In a nutshell:
  1. Download proxychains and a hexadecimal editor (from their website or from your favourite distro repository);
  2. Replace the absolute library path inside the proxychains executable with a (valid) local one;
  3. Find in the list a Codeen proxy you can reach from behind your proxy;
  4. Setup proxychains to use your usual proxy, and Firefox (or another program you need) to use the Codeen proxy;
  5. You're out!
60 seconds should be enough, once you know what to do and you have a little practive.

From great powers come great responsabilities... Spread this trick and you won't find a free place in your laboratory anymore. And, of course, all this is only intended to help you reaching external websites for educational purposes only... like The Unbearable Lightness of Bit.

Have a nice (didactic) free web browsing!

The safest boat in the world

Which is the safest boat in the world?
It's easy: SSL...

(I took this picture during my stay in Turku, Finland)


Do you know who will Sun Microsystems sponsor during next Formula 1 season?

J. Button...