When sysadmin isn't helpful - the thing about firewall bypassing #0

DISCLAIMER! Do not bypass firewalls in network environments where it’s explicitly forbidden!


Computer network security is extremelly important, especially in companies that maintain the critical infrastructure. That is banking, telecom, and goverment organisations. However in companies/organisations where there is little to protect, sysadmins also like to block everything besides HTTPS/HTTP, DNS and E-Mail, just to feel safer. In consequence, people can’t use Discord, call their friends with Facebook Messanger, use Viber or Whatsapp(because of blocked high UDP ports). In the same time, sysadmin doesn’t even respond to requests for help. When IT doesn’t work, You have to help Yourself on Your own!
Some IT enthusiasts host their own server infrastructure that is available only over VPN hosted also from their home. Strict firewall policies also deny them from accessing their self-hosted services from work/school/university.


Fortunately, there is interesting tool, that allows to tunnel network traffic over WebSockets, called Chisel. Creating tunnel over Websockets allows us to reach to desired port on the remote machine, while using another one(unlocked by opressive firewall rules). Of course that method introduces overhead, but it’s solution for problem anyway. Chisel is written in Go. It can be easily compiled for MIPS architecture, thus deployed on small Openwrt devices, like routers(after size optimization, and compressing using upx).

How it works?


There is more to show!

I am going to show practical use case of Chisel in next post. I plan to show You how to tunnel Wireguard over Chisel - stay tuned!