---------------------------------------
School Proxy
August 2nd, 2019
---------------------------------------
Firstly, sorry I haven't phlogged in a while! I'm going to start
posting more regularly.
For many years, the bane of all students has been their school's
website blocking mechanism. The continual task of the tech-savvy
students has been to bypass it.
My school's proxy mainifests itself as the form of a http proxy.
Any non-internal traffic that does not go through this proxy gets
blocked. (When I ping it says "Packet filtered"). You connect to
this proxy with your normal school credentials; they use some kind
of LDAP system.
Now, I wouldn't be trying to bypass it if I didn't have a problem
with it. My problem with it is:
#1. It blocks SSH.
#2. It blocks heaps of useful websites. StackOverflow, most other
coding websites, and a whole lot of useful and educational
(non-programming-related) blogs are blocked. Often, when
researching for a subject, I find that in the first page of
search results up to 3/10 are blocked (mostly blogs).
#3. It blocks tildes and gopher proxies.
Over the last year, I've tried numerous methods to get past it.
Most recently, I was using MiniProxy on tilde.team (one of the few
unblocked tildes), but unfortunatley tilde.team got blocked. This
also did not get around the SSH issue and broke many websites such
as youtube.
I looked around for some sites and after talking to a few people on
IRC, I found that CodeAnywhere was unblocked. CodeAnywhere has a
container feature, where you can run Ubuntu 16.04 in a container
(abliet with limited resources). From there, I could SSH out to
anywhere. However, it has an hour/day limit on the free plan, and
dosen't unblock websites, which require a web browser. I
used this for around a week before coming up with my (highly
usable) solution.
Unsatisfied, I kept searching around. Eventually, I stumbled upon
LinuxZoo, a place that provides shell and VNC access to linux
machines for testing, abliet with a time limit of 20 minutes. I
thought I might use this along with codeanywhere to get past
websites, but then I found that they don't have external network
access!
While LinuxZoo did not work for me, the VNC was fully done through
the browser, using noVNC. This worked at school. My next thought
was, how can I set up my own noVNC instance on an unblocked domain?
I originally thought of setting it up on a tilde, but then it is
too easy for them to just block off the tilde. I tried to think of
a domain that it is going to be very difficult for them to block.
While thinking about this, I remembered that I happened to have a 1
year free AWS t2.micro VPS. Connecting the dots, and getting the
aws web address, (something).ap-southeast-2.compute.amazonaws.com,
fufilled my solution perfectly. They can block my VPS, but I can
just clone it to a new one, with a new address, and boom they have
to find that one! They can't block *.ap-southeast... because many
websites use it as their backend or storage, including the
Department of Education themselves!!!
I installed noVNC and a vnc server, locked it down so VNC access
was only avaliable through a de-privilidged account and novnc
wasn't running on root but still accepting requests on port 80
(iptables port forwarding ftw!). This is what I am using now and it
is perfect! I've even ssh port forwarded KanBoard (what I use for
tracking my homework) from my raspberry pi to this vps so I can log
in my homework while at school.
I still try to use the normal net when I can, to decrease the
likelihood of detection. It also only has 1GB of RAM, so slows to a
halt when I try to open more than around 6 tabs in firefox.
I wish it was simpler! I'm dreading 14 August... they're changing
the proxy system. Fingers crossed it still works, and Linux still
works. Linux is a hell of trouble to work on the proxy!
