Computerphile "hacking out"

Here's how to replicate the experiments in this video. I'm going to assume you're on a Linux machine. Similar commands will be possible on a Mac but I don't own one. Let us imagine that there are four machines:

  • -- the machine you are logged into
  • -- webproxy for the network you are logged into
  • -- a server you own and have root access to
  • -- the server you are trying to access

On an open network you can access the top webpage either through a browser or with curl
curl --max-time 3

Experiment 1 -- the network you are on blocks at its firewall

You can get round this in three ways

  1. with an ssh tunnel used as a socks proxy
  2. with sshuttle
  3. with a VPN (but paid for VPNs are costly and free VPNs are awful

To simulate the firewall blocking on your host you would add a rule to firewall -- for ufw on linux this looks like

sudo ufw deny out to ${ IP} port https
sudo ufw deny out to ${ IP} port http

You can see that curl --max-time 3
is now blocked

To open an tunnel on port 1080 via

ssh -f -ND 1080

Now you can do

curl --max-time 3 -x socks5h://

Don't forget to kill the ssh command before continuing. A better alternative is to use

sshuttle sudo sshuttle -r ${ IP}/32

to just redirect specific traffic for or to redirect absolutely everything

sudo sshuttle -r

Experiment 2 -- network also blocks port 22 so you can't ssh

If your network blocks port 22 (ssh) then you can get around this by redirecting ports on your server so you can ssh into a non standard port. So on

sudo iptables -t nat -I PREROUTING -p tcp --dport 4444 -j REDIRECT --to-ports 22
sudo ufw allow in to port 4444

This redirects port 4444 to port 22 (ssh) and opens a hole in your firewall for port 4444. Now the ssh command you need on looks like this:
ssh -f -ND 1080 -p 4444

Experiment 3 -- network blocks everything apart from their own web proxy

There are a number of ways you can get ssh through a web proxy. The catch is that the tunnelled traffic will end up on port 443 (https) not ssh. On you will need to redirect port 443 to port 22 (this will cause problems if is running HTTPS already). On you would need

sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 22
sudo ufw allow in to port 443

(In the video I do this differently as I'm using my server to pretend to be the web proxy here.) In the video I then use a command like this:

ssh -o "ProxyCommand nc -X connect -x 443"

You can also do this with corkscrew or proxytunnel with slight variants in the commands.

More advanced techniques

Tunnelling over ICMP you can read about here
Tunnelling over DNS can be done with Iodine