Why it sometimes happens that HTTPS works and HTTP doesn't.
For example, there are some website which are blocked by my college. When you type the address, http://www.somesite.com/, it gets blocked by the college firewall. But when you type the same site name with https://www.somesite.com/, it gets accessed.
Why this happens? Any link or material on this?
HTTP and HTTPS
-
z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
HTTP and HTTPS
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP
Re: HTTP and HTTPS
why it happens is because the firewall rules at your college tell what sites to block, but the list is in HTTP or specifies port 80. So typing in the IP or the HTTPS address will bypass those simple firewalls. Not all websites have HTTPS access.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: HTTP and HTTPS
The IP trick works because it bypasses restricted DNS because the IP does not have to be translated from a textname to IP address, which the internet uses for addressing packets.
So if the college lists http://www.suck-o.com" onclick="window.open(this.href);return false; in a list of domains that are blocked in its own DNS servers, you can either set the computer's network access to OPENDNS or any other company's DNS service - or simply use the IP address to bypass it.
Not all websense or HTTP firewalls are that stupid. Don't forget, in a college or business your computer activity can be monitored and linked to you. You may have signed a Electronic Communications Agreement with the company or school for computer use.
You can also use telnet to GET webpages and see them in raw format.
(check '?' HELP to see if your command is 'open' or 'o') Not all sites do this BTW.
DNR
So if the college lists http://www.suck-o.com" onclick="window.open(this.href);return false; in a list of domains that are blocked in its own DNS servers, you can either set the computer's network access to OPENDNS or any other company's DNS service - or simply use the IP address to bypass it.
Not all websense or HTTP firewalls are that stupid. Don't forget, in a college or business your computer activity can be monitored and linked to you. You may have signed a Electronic Communications Agreement with the company or school for computer use.
You can also use telnet to GET webpages and see them in raw format.
(check '?' HELP to see if your command is 'open' or 'o') Not all sites do this BTW.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.