Archives

gravatar

Bypass Websense, part 2

It is very easy to modify a HTTP proxy server to adopt Websense bypass mechanise. Take Muffin for example, it is an open-source HTTP/HTTPS proxy server written in Java programming language. In src/org/doit/muffin/Request.java, write() method, the original code,

super.write(out);
if (data != null)
{
out.write(data);
out.flush();
}
Just have some modification,
ByteArray ba = super.toByteArray();
byte[] array = ba.getBytes();
out.write( array, 0, 1 ); out.flush();
out.write( array , 1, 1 ); out.flush();
out.write( array, 2, ba.length()-2); out.flush();
//super.write(out);
if (data != null)
{
out.write(data);
out.flush();
}
The new code will force HTTP request to become multiple segmented packets. For example, GET http://tw.yahoo.com HTTP/1.1 will become "G" in one packet, "E" in another packet, and T http://tw..... to the end of request will be in other packets. By this way, Websense will not able to get the FULL HTTP request packet. Therefore, Websense will not able to block you out.

Tags: , websense

gravatar

Bypass Websense

In Tech-Faq , there is an article talking about how to by pass Websense. Instead of using proxy or tunneling methods, there is still a way to bypass the firewall filter. In the article, there are some important sentences, listed in following,

In transparent mode, Websense counts on the fact that the firewall will forward the whole request in a single time. If the whole request is not transferred at one time, Websense will allow the packet to pass, as the packet doesn't look like a HTTP request.
In the fact, if you browse a prohibited website, the Websense server will feedback an HTTP redirect header to your browser. Then your browser will go to the page like this. The techniques of above sentences could clearly explain why I can bypass the Websense via Telnet. Instead of using any browsers, I just telneted to a prohibited website host with port 80. Then I keyed in the HTTP protocol strings, for example, GET /index.html HTTP/1.1. Then The raw HTML content was dumped to the terminal, not Websense HTTP redirect or blocked page.
Maybe I can modify the PERL HTTP proxy program I wrote before to adopt this mechanism to bypass the Websense. :P Because of the ridiculous policies and reasons of preventing PCs from attacks of viruses, Trojans, worms, and hackers, they blocked out some sites like Flickr, wretch, pixnet, xuite, google spreadsheets, and so on. It is very ridiculous and amazing.

Tags: , websense

gravatar

MovieTime

MacOSX 底下,最常用的 player 不外乎是 VLC 或是 MPlayerOSX,但是這兩種設定影片的外掛字幕通常不是很簡單,而且還需要特殊的字型設定,甚至有些文字顯示不出來,或是顯示得上下不對齊。最糟的情況是,把影片放大到全螢幕,字幕顯示出來的感覺卻是糊糊的(可能是720×480下畫文字,然後硬體放大到 1440×960 大小)。因此總是覺得 MacOSX 底下對字幕支援很不好。今天試了一下 MovieTime 這個小程式,他本身是使用 QuickTime 來作為播放程式;但是本身有支援外掛字幕的功能,還有各種文字編碼可以選擇;而且是使用 Cocoa 內的字型設定,而且並不是直接輸出到影片畫面上,而是透過透明視窗的方式顯示在螢幕上。感覺上字型效果就好太多了。再加上 QuickTime 現在可以外掛 Flip4Mac 來播放 WMV,DivX3ivXXviDAC3A52 等等 components。因此不少 mov、avi、wmv 就可以直接透過 MovieTime 來播放,然後利用它的外掛字幕功能。

gravatar

Hello There!!

Hello There!!

This is a simple test from Google Docs & Spreadsheets

gravatar

有名大站

最近鬧得很熱,雖然自己沒有在用,但是很多地方卻都看在眼裡。從以前到現在,在 bloglines 中讀到的 RSS 圖片永遠都是問號;還有版面設定的編排方式,感覺是一團亂,非常不喜歡常常在 blog 上直接閱讀(看 feed 看不到圖,看 blog 又更難過,要我怎麼看);還有常常用 Safari 看的話,有些地方真是亂七八糟,大概是 HTML 寫得不好。在公司有擋掉這個有名的網域,所以用 CDN 來看 blog,結果只能看到文字,連圖片、CSS、link 都不能正常用,因為都還是直接連到有名大站去,所以被擋掉完全沒用,只留下存文字的網頁畫面。此外,當然也是因為在 HiNet 就….
總之,搬不搬家好像對我來說都無關緊要,但是能換到好一點的 hosting 去,自己閱讀起來應該更好吧。

gravatar

DV-2008

2008年美國綠卡樂透申請即將開始,從 EDT 時區2006/10/4中午到12/3截止。