SSH Over Openssl Over Haproxy: Bypassing Blocks
Sometimes in companies or hotels, security rules are put in place to prevent employees from going out on ports other than http⋅s (ports 80 and 443)
Depending on the hardware used, it will be able to detect if the flow is http, ssh, or another forbidden protocol and consequently, bypassing this kind of protection can be complex.
Of course, I would never advise circumventing the protections put in place by your company. On the other hand, nothing prevents you from giving your IS a helping hand by pointing out the flaws in the system that a malicious person could use.
I invite you to consult your IT charter regarding possible consequences, but be aware that if there is protection, you must legally be informed in writing.
That being said, I will suggest here that you use Haproxy to bypass 2 types of protection:
- Blocking ports other than 80/443 without checking protocol type
- Blocking ports other than 80/443, with protocol type checking
The goal will be to pass an ssh stream on port 443 (step 1), then encapsulate it in SSL (step 2).
I will assume that you have a server with Haproxy installed and running, for example to serve your usual sites.
