Click here to Skip to main content
1,965 members
Articles / Security / MFC

Access proxy / firewall restricted internet sites using tunelling or onion routing

Rate me:
Please Sign up or sign in to vote.
0.00/5 (No votes)
12 Apr 2012 13.1K   1  
This article is intended for network administrators and internet users. It shows how users can bypass the firewall to get access to the restricted internet sites. This article is just an overview and does not cover the technical details.

This article is a sponsored article. Articles such as these are intended to provide you with information on products and services that we consider useful and of value to developers


Most of us have been using emails since long. At least the software engineers do. Accessing your emails is not a big deal, until you are restricted to do so. Well this does happen in many corporates. Once you are restricted to do so, what would you do? You may say: "I'll access that from cyber-cafe/home later in the evening". Corporates or institutions follow these rules to increase productivity and/or maintain confidentiality.

Practically speaking, for a developer, the network or system administrators cannot deny access to all the sites. Most of us use Google, and require help from other linked sites. But a network admin can definitely identify and restrict mail sites like "" or "".

The problem

How do they do these? The sites are accessed by you through a proxy/firewall server like the Microsoft ISA server. The HTTP request strings are identified and based on these strings; the sites are blocked (and might be logged).

The following is a screenshot from a famous network-protocol analyzer (Ethereal):

Image 1

There is temporary work-around to the situation like having a remote-desktop connection to a PC where the internet is accessible, etc. But these solutions don't work for long.

What if we could have a proxy over the net to take our requests and fetch the response for us? "" is one such server. We can configure this server address and ports in our browser settings and send a request to them. But will that solve our problem? No. The proxy setting will not change the HTTP request string.

The solution

We must have a way where the request is encrypted before it is passed through the company’s firewall. Similarly, to have more privacy on what we actually see, we also want to have the response sent to us in an encrypted form. Here, we will encrypt the request and decrypt the response. Similarly, at the remote proxy server, it will decrypt the request and encrypt the response. This concept is called tunneling and is used in VPN (Virtual Private Networks).

So there is a possibility that some of you created a VPN connection to the remote network to access the internet through a completely different network (that network must have internet access). But this is not a feasible solution for everybody.

There are some web-application-proxy services that allow you to do this like "", "", etc. But your network admins can block these sites (once they get an idea about that). You need to pay to access email through these sites.


Tunneling is a great idea, and I began searching on how this could be put to real implementation. Initially, I started searching on how such an application can be made, and later I found many such packages that implement this.

The best and the famous among them (not the most efficient) was "Tor". It is an anonymous internet communication system that is based on onion-routing.

Tor is itself a network of virtual tunnels. Tor creates a circuit for accessing the internet. The good thing about it is that it creates new circuits. This keeps you anonymous over the internet all the time. More details about Tor can be found here. Along with Tor, I also found JAP (Java Anon Proxy). Details on JAP can be found here.

I find Tor to be technically superior to JAP in terms of keeping anonymity. Tor is quite difficult to install, and takes a lot of time to get a good circuit (many a times I received a timeout). Comparatively JAP is very easy to use. Tor recommends the use of Privoxy to avoid DNS leaks. Well, this is important in case of true anonymous surfing, but it does not fit the scenario I wanted to have. Tor and JAP are free to use. JAP may charge some fees once it gets out of the research mode.


If we cannot break these rules, we can definitely bend them to our satisfaction. Technology has its own good and bad use. It depends on the users whether they use it ethically or not. The original article can be found here.

I am not a networking expert. Please let me know if I am incorrect at any point. If you find this article useful, please do vote for it.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Comments and Discussions

-- There are no messages in this forum --