SSH-over-HTTPS for fame & profit

Tuesday, April 18th, 2017

In the past, I’ve discussed using SSH to circumvent restricted networks with censoring transparent proxies, but that relied on the restricted network allowing free SSH access on port 22 (what we call in the industry – the single network requirement for getting work done).

Unfortunately, there are restricted networks that don’t even allow that – all you get is the transparent censoring HTTP proxy (which has recently became the case with the free Wi-Fi on the Israeil Railways trains).

But fortunately for us, there is still one protocol which they can’t block, they can’t proxy and they can’t man-in-the-middle  – or else they’d break the internet even for people who only read news, search google and watch YouTube – that is HTTPS.

In this article I’ll cover running SSH-over-HTTPS using ProxyTunnel and Apache. The main consideration is that the target web server is also running some other websites that we can’t interrupt. The main content is based on this article by Mark S. Kolich, but since it only covers using plain HTTP and in addition to some simple changes in the example configurations I also wanted to cover getting an SSL certificate, here’s my version of the tutorial:

(more…)

How to circumvent the free Wi-Fi content filter, for fame & profit

Monday, May 18th, 2015

I’m very grateful for the free Wi-Fi on the train, the coffee shop or the municipal free Wi-Fi, but the content filter they have on their proxies is sometimes really weird – for example it may blocks one of my favorite podcasts website (the Jupiter Broadcasting network) under the category “streaming media” even though they don’t actually host their video files, but they do let through YouTube and Facebook (where most cat videos are posted these days). So apparently Israeli Rail has an aversion to streaming media so they won’t let me send an email to a small podcast, but I can watch all the cat videos I want. Weird. Also, most VPN services are blocked by default, so no help will be coming from that way(1).

So, to fix that, here’s a small workaround using an external proxy – this is rather simple, but it does assume you have all kinds of tools that most users won’t have just lying around – but if you’re a Linux geek you should do just fine.

(more…)


  1. I’ve checked the OpenVPN ports are blocked, as well as all web-based proxies I could find, such as FoxyProxy and Hola. I’ve encountered in the past a weird VPN software that does not use standard UDP or TCP sockets, but instead using GRE packets and I have no idea if that would work, but I’m assuming it won’t as well. []

Got me a new gadget

Friday, June 25th, 2010

For all of you who are not up to date on my latest news, I’ve got a new phone last week – a Motorola Milestone running Android 2.1 (I expected more Moto* application with the Motorola brand, but I only got a Media Dock home app and a driving home app – not even the “Motonav” navigation software, not that I mind – I use Waze).

Its a pretty cool device and (to my surprise) it allowed me to abandon all the other phones I was carrying with me, pretty much with in a couple of days (I expected it will take me at least a week to transfer all the things I was doing with mobile connected devices to a new device). So now – probably to the surprise of many of my friends – I carry just one phone instead of 3.

(more…)


Spam prevention powered by Akismet