Topic: Pembobol Proxy Squid

Program UltraSurf bisa menembus proxy maupun firewall di server, sy terus terang sangat jengkel dgn sofware ini. Dia memanfaatkan port yg terbuka gak peduli port berapapun dan dipakai apapun, masak semua port mo ditutup?!

Paling jengkel dia menggunakan port 443 (SSL/HTTPS), melakukan HTTPS Tunneling, klo port 443 ditutup gimana client yg lain mo transaksi perbankan misalnya, membuka webmail misalnya.

Mohon rekan2 berbagi pengalaman tentang ini...
programnya bisa di dl >>> http://wujie.net/downloads/ultrasurf/

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

2 (edited by opikdesign 03-05-2009 19:51:59)

Re: Pembobol Proxy Squid

setelah mencoba akhirnya berhasil, ini sekedar sharing.

Amatin /var/log/squid/access.log :

192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 65.160.234.93:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 207.97.249.212:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 91.189.90.244:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 74.125.19.112:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 216.236.237.6:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 219.142.79.192:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 219.142.79.192:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 63.245.209.10:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 192.86.252.227:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 199.67.185.130:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 65.182.181.181:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 128.101.65.204:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:13 +0700] "CONNECT 156.77.100.128:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 209.85.171.102:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 207.188.24.140:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 210.59.144.3:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 151.151.129.162:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 137.187.66.224:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 209.34.241.68:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 157.150.195.69:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 216.134.197.184:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 64.34.180.105:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 91.192.128.34:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:15 +0700] "CONNECT 134.141.3.154:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 59.106.108.86:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 222.66.196.213:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 123.204.77.12:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 59.106.108.86:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 61.229.139.17:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 218.167.61.136:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 138.235.42.3:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 118.167.182.150:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 218.167.61.136:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 209.85.171.115:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 122.118.8.218:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:16 +0700] "CONNECT 61.216.13.99:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:18 +0700] "CONNECT 210.171.0.140:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:20 +0700] "CONNECT 205.254.143.136:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:25 +0700] "CONNECT 219.142.79.192:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:25 +0700] "CONNECT 222.66.18.131:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:25 +0700] "CONNECT 61.62.110.176:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:25 +0700] "CONNECT 207.97.249.212:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT
192.168.0.104 - - [01/May/2009:10:40:25 +0700] "CONNECT 65.49.2.126:443 HTTP/1.1" 200 39 TCP_MISS:DIRECT

dia selalu menggunakan ip tetapi anehnya tidak solved, dan anehnya selalu menggunakan port HTTPS/443. Sy mencoba menambahkan baris di dalam file /etc/squid/squid.conf sebagai berikut :

acl all src 0.0.0.0/0.0.0.0
acl CONNECT method CONNECT
acl no_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl https_ports port 443
http_access deny CONNECT no_IPs https_ports all

alhasil lumayan juga, langsung ke block, tetapi bisa beralih ke port 80 tanpa lewat 3128 proxy biarpun sudah di set transparent, saran sy firewall diperkuat dgn jalan menutup semua port dan buka yg diperlukan saja, dapat dilakukan dgn IPTABLES PREROUTING, jadi tutup aja port 80 kemudian tiap client diarahkan proxy.


Selamat Mencoba, HTH.

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

tambahan, lebih bagus lagi proxy diberi Authentic login....
jadi kasih username dan password...

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

sorry bisa bertanya kah?

Re: Pembobol Proxy Squid

bisakah adsl DLINK si sambungkan ke wirels TP LlNK dengan colokan WAN?

Re: Pembobol Proxy Squid

netgear wrote:

bisakah adsl DLINK si sambungkan ke wirels TP LlNK dengan colokan WAN?

mas, sebaiknya membuat thread baru... tongue

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

Trus, cara membuat Authentic login d proxy gmn y...?

Jika ilmu telah kau dapatkan, maka ia berhak kau sebarkan..

8 (edited by si_faisal 03-05-2009 23:34:33)

Re: Pembobol Proxy Squid

originating source port nya berapa bang Untuk ultrasurf?

kalo enggak salah source port nya 9666 ya dari localhost (komputer yang jalanin ultrasurf)

coba ditambah rules iptables

-A INPUT -p tcp -m tcp --sport 9666 -j DROP
-A FORWARD -p tcp -m tcp --sport 9666 -j DROP
-A OUTPUT -p tcp -m tcp --sport 9666 -j DROP


sorry, kmarin nggak paham pas bang opik ngajakin diskusi, smile udah malem banget

9 (edited by opikdesign 04-05-2009 00:16:32)

Re: Pembobol Proxy Squid

si_faisal wrote:

originating source port nya berapa bang Untuk ultrasurf?

kalo enggak salah source port nya 9666 ya dari localhost (komputer yang jalanin ultrasurf)

coba ditambah rules iptables

-A INPUT -p tcp -m tcp --sport 9666 -j DROP
-A FORWARD -p tcp -m tcp --sport 9666 -j DROP
-A OUTPUT -p tcp -m tcp --sport 9666 -j DROP


sorry, kmarin nggak paham pas bang opik ngajakin diskusi, smile udah malem banget

akhirnya ahlinya proxy muncul juga...
lewat port 9666 dan 8084, yup... betul di drop juga.... lengkapnya menjadi :

iptables -A INPUT -p tcp -m multiport --sports 9666,8084 -j DROP
iptables -A FORWARD -p tcp -m multiport --sports 9666,8084 -j DROP
iptables -A OUTPUT -p tcp -m multiport --sports 9666,8084 -j DROP

selain UltraSurf, ada juga Skype tapi terus terang masih belum dapat program yg satu ini, mungkin Skype program kuno....

Muhandis wrote:

Trus, cara membuat Authentic login d proxy gmn y...?

pertanyaan bagus, ini tutorialnya, dgn menggunakan binary ncsa_auth ato disebut juga NCSA, langkah2nya:

buat username dengan perintah :

# htpasswd /etc/squid/passwd [username]

perintah diatas, akan meminta kita untuk memasukkan password dan mengetik kembali, klo sudah maka akan ada file /etc/squid/passwd

kemudian mencari dimana lokasi binary ncsa_auth:

# dpkg -L squid | grep nsca_auth

hasilnya:

/usr/lib/squid/ncsa_auth

selanjutnya, edit /etc/squid/squid.conf
tambahkan 3 baris dibawah ini.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
acl ncsa_users proxy_auth REQUIRED

masih mengedit file /etc/squid/squid.conf, kemudian cari baris yg mengandung http_access allow dan selalu tambahkan ncsa_users jika ada acl (rules) lain. contoh:

http_access allow ncsa_users

semuanya harus diatas

http_access deny all

terakhir lakukan restart squid:

# /etc/init.d/squid restart

seterusnya bisa di-set di setiap mesin browsing misal IE, Mozila, Opera, de-el-el

good luck.... HTH big_smile

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

penambahan script untuk /etc/squid/squid.conf, krn yg diatas terkadang masih bisa tembus...

acl all src 0.0.0.0/0.0.0.0
acl CONNECT method CONNECT
acl no_IPs url_regex -i ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl no_IPs url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
acl https_ports port 443
http_access deny CONNECT no_IPs https_ports all

HTH

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

wEw, dh tambah jauh j pembahasanny, mantabs deh....
tp sy msh pemula, kenal proxy j br bbbrp bulan terakhir...
itu jg cm transparent n bkin sites filtering gt...

opikdesign wrote:

auth_param basic children 5

mksudny children 5 ntu p y?

opikdesign wrote:

Code:

acl no_IPs url_regex -i ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl no_IPs url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)

g ngerti....

Jika ilmu telah kau dapatkan, maka ia berhak kau sebarkan..

Re: Pembobol Proxy Squid

ember, gw jg kaga ngarti.

btw, kalo squidnya pake yg di dalam pfsense, apakah bisa langsung di edit gini jg?
soalnya gw pernah edit manual squid-nya dari ftp, di GUI pfsensenya tetep ga update...

Re: Pembobol Proxy Squid

acl no_IPs url_regex -i ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl no_IPs url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)

mendefinisikan acl no_IPs  jika ada yang mengakses website menggunakan alamat ip, bukan domain

@wingst2fly
bisa, dengan mengedit file squid.xml

kalo squid.conf merupakan auto generate dari setup xml yang di web based management

cmiiw

Re: Pembobol Proxy Squid

^^ sungguh bahasa2 yg tidak manusiawi..

Kabuuurr.... hihi..

==============================

"More Information More Knowledge More Wise"

Re: Pembobol Proxy Squid

si_faisal wrote:

acl no_IPs url_regex -i ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl no_IPs url_regex -i (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)

mendefinisikan acl no_IPs  jika ada yang mengakses website menggunakan alamat ip, bukan domain

@wingst2fly
bisa, dengan mengedit file squid.xml

kalo squid.conf merupakan auto generate dari setup xml yang di web based management

cmiiw

berarti maksudnya itu misalnya ip-nya 192.168.90.90 dan subnet 255|245|01 \ 255.255.255
duh, gmn sih bacanya?

[0-9] berarti * kemungkinan ip-nya dari 0-9 kan?
25[0-5] berarti 25* dengan * adalah 0-5 gitu ya?
ah...ada pencerahan...

bisa jelaskan lebih lanjut bos?

Re: Pembobol Proxy Squid

wings2fly wrote:

....
berarti maksudnya itu misalnya ip-nya 192.168.90.90 dan subnet 255|245|01 \ 255.255.255
duh, gmn sih bacanya?

[0-9] berarti * kemungkinan ip-nya dari 0-9 kan?
25[0-5] berarti 25* dengan * adalah 0-5 gitu ya?
ah...ada pencerahan...

bisa jelaskan lebih lanjut bos?

betul mas tapi bukan subnet....

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

opikdesign wrote:

betul mas tapi bukan subnet....

bos, ngedit file squid.xml -nya yang di directory apa ya?


untuk pembuatan ACL berdasarkan extention gmn caranya bos?
misalnya untuk jam 8-12 siang download file .mp3 tidak boleh...

18 (edited by opikdesign 13-07-2009 13:38:09)

Re: Pembobol Proxy Squid

@wings2fly

pakai pfsense yah?! gak sering mainan itu... dah lama... lupa bos... big_smile
coba yg lain mungkin bisa bantu...

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

opikdesign wrote:

@wings2fly

pakai pfsense yah?! gak sering mainan itu... dah lama... lupa bos... big_smile
coba yg lain mungkin bisa bantu...

hehehe, jadi bos opik pake apa?
kirain pfsense...

pake squid di linux-nya ya?

Re: Pembobol Proxy Squid

wings2fly wrote:
opikdesign wrote:

@wings2fly

pakai pfsense yah?! gak sering mainan itu... dah lama... lupa bos... big_smile
coba yg lain mungkin bisa bantu...

hehehe, jadi bos opik pake apa?
kirain pfsense...

pake squid di linux-nya ya?

yoi... linux,
paling sering ubuntu ato fedora...

psfense pernah coba dah lama banget... versi pertama kali yg masih beta...
skrng dah versi berapa yah?!

Facebook OPiKdesign
http://badge.facebook.com/badge/100000147194199.279.411965916.png
* IT Consultant * Networking Specialist for Internet Cafe/HotSpot/SOHO * Maintenance * Graphic & Web Design, 3D Modeling & 2D/3D Animation * Hosting & Domain * email to: th@opikdesign.com

Re: Pembobol Proxy Squid

kalo tidak salah ...
ultra surf ngaksesnya via ip ... CMIW smile

di pfsense bisa di blok pake squidguard
di menu squidguard ada Not to allow IP addresses in URL [To make sure that people don't bypass the URL filter. by simply using the IP addresses instead of the fully qualified domain names, you can check this option]

dengan mengaktifkan ini maka klien yg mengakses via ip akan di reject
mohon koreksi bila salah pemahaman nya ...

semoga bisa membantu ...

=================================================
Bersahabat dengan PfSense dan KIOSer
http://lh5.ggpht.com/_EoHpBdvKwL8/TSfJzYIQekI/AAAAAAAACUk/SafJX7cMjBo/s800/powere.jpg

Re: Pembobol Proxy Squid

bang, maaf ni mau tanya, kalau program camfrog port berapa ? n gimana ngatasinnya ya, aku udah block servernya tapi masih bisa di akses, makan bandwidth banget.

Server : ubuntu 10.04, squid

Trial and Error, Lagi nyoba2 Mikrotik smile
http://img171.imageshack.us/img171/2272/signaturedl.jpg
Facebook

Re: Pembobol Proxy Squid

@kamezhu

default:
tcp:  6005
udp: 5000-15000

mending jalankan aplikasi bandwidth manager untuk membatasi pemakaian bandwidth, jadi pelanggan tidak kecewa (kalau warnet).

Re: Pembobol Proxy Squid

wijayakto wrote:

@kamezhu

default:
tcp:  6005
udp: 5000-15000

mending jalankan aplikasi bandwidth manager untuk membatasi pemakaian bandwidth, jadi pelanggan tidak kecewa (kalau warnet).

Bener juga bang..hehe oke2 thanks smile

Trial and Error, Lagi nyoba2 Mikrotik smile
http://img171.imageshack.us/img171/2272/signaturedl.jpg
Facebook