Dec 24, 2013

1k3m ubuntu

install 1k3 ubuntu 13.10

sudo apt-get install ndiswrapper-common ndiswrapper-utils-1.9

1. plug in your modem and check it

Bus 002 Device 049: ID 0408:ea26 Quanta Computer, Inc. 
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 023: ID 1a81:1705 Holtek Semiconductor, Inc. 
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 004: ID 04f2:b160 Chicony Electronics Co., Ltd 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 0a5c:2151 Broadcom Corp. Bluetooth
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

2. create file :  /etc/usb_modeswitch.d/0408:ea25 the content as below :

DefaultVendor= 0x0408
DefaultProduct= 0xea25
TargetVendor= 0x0408
TargetProduct= 0xea26

3. add this command to  /lib/udev/rules.d/40-usb_modeswitch.rules

# LTE Modem 1k3m
ATTRS{idVendor}=="0408", ATTRS{idProduct}=="ea25", RUN+="usb_modeswitch '%b/%k'"

4. add this command to   /etc/modprobe.d/mobily-lte.conf 

options usbserial vendor=0x0408 product=0xea26

5. restart the services 

sudo ser­vice udev restart
sudo rmmod option 
sudo rmmod usb_wwan
sudo rmmod usbserial
sudo modprobe usbserial
sudo modprobe usb_wwan
sudo modprobe option 

6. unplug the modem, then plug it again, and check with dmesg, you should see as below :

[59549.312083] usb 2-3: new high-speed USB device number 49 using ehci-pci
[59549.448151] usb 2-3: New USB device found, idVendor=0408, idProduct=ea26
[59549.448159] usb 2-3: New USB device strings: Mfr=3, Product=2, SerialNumber=0
[59549.448164] usb 2-3: Product: Qualcomm CDMA Technologies MSM
[59549.448168] usb 2-3: Manufacturer: Qualcomm, Incorporated
[59549.450481] usbserial_generic 2-3:1.0: The "generic" usb-serial driver is only for testing and one-off prototypes.
[59549.450487] usbserial_generic 2-3:1.0: Tell to add your device to a proper driver.
[59549.450491] usbserial_generic 2-3:1.0: generic converter detected
[59549.450593] usb 2-3: generic converter now attached to ttyUSB0
[59549.450987] usbserial_generic 2-3:1.1: The "generic" usb-serial driver is only for testing and one-off prototypes.
[59549.450992] usbserial_generic 2-3:1.1: Tell to add your device to a proper driver.
[59549.450996] usbserial_generic 2-3:1.1: generic converter detected
[59549.451084] usb 2-3: generic converter now attached to ttyUSB1
[59549.451172] usbserial_generic 2-3:1.2: The "generic" usb-serial driver is only for testing and one-off prototypes.
[59549.451177] usbserial_generic 2-3:1.2: Tell to add your device to a proper driver.
[59549.451181] usbserial_generic 2-3:1.2: generic converter detected
[59549.451269] usb 2-3: generic converter now attached to ttyUSB2
[59549.451417] usbserial_generic 2-3:1.3: The "generic" usb-serial driver is only for testing and one-off prototypes.
[59549.451422] usbserial_generic 2-3:1.3: Tell to add your device to a proper driver.
[59549.451425] usbserial_generic 2-3:1.3: generic converter detected
[59549.452844] usb 2-3: generic converter now attached to ttyUSB3
[59549.452956] usb-storage 2-3:1.4: USB Mass Storage device detected

7. create your dial-up profile on network connection menu, or you can use wvdial

note : 
1. for band selection, you can choose on your profile, you may use LTE only or 3G only, or others as well.

2. light indicator color : 
  • violet : its ready to use, but its not LTE
  • blue : its LTE ready
  • red : your modem in trouble
3. forcing to LTE service with wvdial, according to
you should use AT+ZSNT=6,0,0 to force on LTE

the speedtest with telkomsel card is :


Read more ...

Dec 16, 2013

how to hide ip

sometimes, you need to hide your real ip address for some reason. let say :  you want to download some file from korean server, while the server just allow traffic from korean. There are some technique to make it, today we'll learn about how to hide your real ip and location using proxying or serial proxy.

how to hide ip

don't forget that when you enter to specific country, you will identified as their citizen, so if google detect you use unusual traffic (maybe from your cookie, or from your domain) you need to change it first, of clear your cookie first. for more detail you can see on this link(Proxying Cookie) .

here's my suggestion for your safety internet surfing : 
  • 1. use google DNS (well-known dns / public dns)
  • 2. clear you cookie first before re-route your traffic.

Read more ...

Dec 15, 2013

proxy cookie

This is solution for unusual traffic error, before we go through, let we recite this cookie complete chart :

proxy cookie

when you are under proxy, you need to hide some cookie which is not match with yours. especially for your personalization and your cookie tracking. see on this video.

Read more ...

Unusual traffic from your computer network

Proxying your google-search Traffic 

when you tray to re-routing your network over the proxy server, then you use google to search some keywords, google will detect it as un-usual traffic. Google will ask you to enter capcha or you will get
"error page" from google.

Unusual traffic from your computer network
is it real error ?,
Nope, however its just google-ways to ensure that you are not machine, because your routing has been changed.

how google identify that you are not machine 

you can check your on your error web-page, that google send you script below :

On IE :

its use to detect your proxy setting, make sure that your traffic changed because of proxy.

solution Unusual traffic from your computer network

on this page, you can see that, when you click "detect setting", your browser will detect your proxy setting and send it to google.

On Firefox : 
 function doNetDetect() {

sending automatic queries


the simplest solution is use other search engine, or always clearing your browser cache and cookie. More advance solution, you can modify your proxy server here. But i suggest to read "how cookie works" first before go there.

Read more ...

how cookie works

cookie mechanism

normally, you surf to internet by sending request to the webserver over internet.
how cookie works
then server will reply your request and sending some data that stored on your browser. it called cookie.

cookie mechanism
sometimes, your browser will send basic information about your localize, language, browser version, location, etc.
cookie tracking

cookie information scope

the most important cookie-value are two, personalization and tracking. But there are some other, such as domain and path, cookie expires and max age, and also browser settings.


its contain user information.

your IP will be detected from here, and also referer, where you get this url.

relaying cookie

when you use proxy, your browser informations are not matched with your cookie, so google will detect you as machine. Google will detect from personalization cookie and your tracking cookie. You can make your own script to solve this problem, just like proxy-cookie.
Read more ...

Dec 14, 2013

GSM Hack

How Radio GSM Works

well, today we will learn about how the GSM Radio works, simple things to think is, when you want to use the service, you must register and everything that they need must be comply with yours. If its passed, you are eligible to use their services.

When you turn on your mobile devices or modem, they will get broadcast channel from bts / nodeB around you, the UE/MS (mobile subscriber) will decrypt  it with your SIM parameters. This section is hand-shaking, Who can passed it, they will connected or identify as their customers. see on this pic :

for more detail you can see here :

GSM Vulnerable

when you passed the hand-shaking process, the BTS will allow you to use their services without checking who has "this-hands" so, when someone change their hands with their children hands, its still recognize as your hands.

Due to the authentication only on the first handshaking, you can choose the best QoS card to give the best services on you, After that, you allow to change it. see here : 

Read more ...

install oast vpn client

Vpn Client is a software to make point to point tunneling, when you use vpn, your computer will indentify on the same network of your vpn server. So, its like moving your computer near by vpn server.


this is an opensource openvpn project, which is hosted on sourceforge and it running on windows, linux, mac and also solaris. 

oast on solaris oast on linux Oast on Windows

install oast vpn client gui ubuntu 13.10

sudo apt-get install gksu openvpn
sudo chmod +x
sudo ./

for linux 32, you can use :

for more detail, you can see on this video

for windows installation, you can see on this link

Read more ...

Dec 13, 2013

speed up internet connection by send raw data

Previously, we learn about how to use send raw data to server / proxy, now i wanna show you the proof that when you request via raw data to proxy can speed up your internet connection.

see on this video.

how can it happen ?
when you just flow on their routing, you know nothing about how many proxies that you need to walk-into. But by directing to specific proxy, you may get the best path to bypass the edge.

it means that you need to research, which on proxy that i can use to speed up connection on me. about how to get proxy list of your upline connection will discussed later. Hope you enjoy your connection now.

Read more ...

hacker to bypass proxy servers

Proxy request chart

this is basic chat among user to proxy and its reverse. You can see clearly now.

Direct raw package and inject package

some companies allow user to use directly either from its proxy server or directed by program to send raw package to the proxy, so that they can go out.

you can see on this video

before you send raw package direct to proxy, you should check the proxy first, as i mentioned before on this [about how proxy works ]. Sending data to proxy by raw format make your connection better, why ?, you find the answer on this section.

pimp the url 

they also can bypass the proxy by encode their url before send it to proxy, so the proxy identify this package as common request. As you know that proxy have ACL to filter some request by their URL.

Using multiple protocol

when you use multiple protocol, they usually just consider the first only. The common method is embedding HTTP protocol into Mail protocol. 

Going to another proxy

by going to other proxy, they will detect that you are not in their authority to filter because you are not in their scope.


by some tunneling methods that was mentioned before about how to bypass proxy
Read more ...

how proxy works

its important knowing about how proxy works. proxy is intermediary machine to handle request from client to server. It can be as filter, or as cache, or redirecting, or protecting, etc.

how proxy works

How to test proxy

the simplest testing is by telneting the port of proxy server, let say, i have installed squid on my laptop and running on port 3128. So: i can test my proxy by :

febru@sevilla:~$ telnet localhost 3128
Connected to localhost.
Escape character is '^]'.

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 Dec 2013 05:35:29 GMT
Expires: Sat, 11 Jan 2014 05:35:29 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Age: 56263
X-Cache: HIT from sevilla
X-Cache-Lookup: HIT from sevilla:3128
Via: 1.1 sevilla (squid/3.3.8)
Connection: keep-alive

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<H1>301 Moved</H1>
The document has moved
<A HREF="">here</A>.

for more detail you can see here,

HTTP Header

  • GET       : to get all content and head
  • HEAD    : to get header only
  • POST     : to submit paramters
  • PUT       : rewrite or create new resource of URI
  • DELETE  : to Deletes the specified resource.
  • TRACE   : to trace packet if any changes from intermediate server
  • OPTIONS : to check HTTP methods that the server supports for the specified URL.
  • CONNECT : Converts the request connection to a transparent TCP/IP tunnel
  • PATCH   : Is used to apply partial modifications to a resource.

HTTP Header Status

2xx Success

200 OK
201 Created
202 Accepted
203 Non-Authoritative Information (since HTTP/1.1)
204 No Content
205 Reset Content
206 Partial Content
207 Multi-Status (WebDAV; RFC 4918)
208 Already Reported (WebDAV; RFC 5842)
226 IM Used (RFC 3229)

3xx Redirection

300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other (since HTTP/1.1)
304 Not Modified
305 Use Proxy (since HTTP/1.1)
306 Switch Proxy
307 Temporary Redirect (since HTTP/1.1)
308 Permanent Redirect (approved as experimental RFC)

4xx Client Error

400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
418 I'm a teapot (RFC 2324)
419 Authentication Timeout (not in RFC 2616)
420 Method Failure (Spring Framework)
420 Enhance Your Calm (Twitter)
422 Unprocessable Entity (WebDAV; RFC 4918)
423 Locked (WebDAV; RFC 4918)
424 Failed Dependency (WebDAV; RFC 4918)
424 Method Failure (WebDAV)[14]
425 Unordered Collection (Internet draft)
426 Upgrade Required (RFC 2817)
428 Precondition Required (RFC 6585)
429 Too Many Requests (RFC 6585)
431 Request Header Fields Too Large (RFC 6585)
440 Login Timeout (Microsoft)
444 No Response (Nginx)
449 Retry With (Microsoft)
450 Blocked by Windows Parental Controls (Microsoft)
451 Unavailable For Legal Reasons (Internet draft)
451 Redirect (Microsoft)
494 Request Header Too Large (Nginx)
495 Cert Error (Nginx)
496 No Cert (Nginx)
497 HTTP to HTTPS (Nginx)
499 Client Closed Request (Nginx)

5xx Server Error

500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
506 Variant Also Negotiates (RFC 2295)
507 Insufficient Storage (WebDAV; RFC 4918)
508 Loop Detected (WebDAV; RFC 5842)
509 Bandwidth Limit Exceeded (Apache bw/limited extension)
510 Not Extended (RFC 2774)
511 Network Authentication Required (RFC 6585)
520 Origin Error (Cloudflare)
522 Connection timed out
523 Proxy Declined Request (Cloudflare)
524 A timeout occurred (Cloudflare)
598 Network read timeout error (Unknown)
599 Network connect timeout error (Unknown)

Read more ...

Dec 12, 2013

review innovate internet

it was 2 days ago, innovate Indonesia setup connection to my house, the smallest internet package is Up to 10 Mbps via Fiber Optic just for IDR 200 K per month. Its very worth for you i guess.

the real speed from their server (PT. Mora Tel) to my house is about 10 Mbps Download and 20 Mbps Upload. And real download is 1,1 MBps. Very good throughput, you know that they use Fiber Optic in all traffic transport.

innovate indonesia

at night, can be more than 25 Mbps for upload, its very good for broadcasting server.

review innovate internet

I also test its speed for international connection, the result is 9,5 Download and 7,1 upload. Its good. Its mean, they use 1:1 connection local and international.

review innovate internet

the weakness is, i don't know why, when my wife connect via wifi (on Huawei's Gpon), she often get limited access, while iam not. maybe because i use linux and she use windows.. haha..  :)

Read more ...

Dec 10, 2013

boost mobile internet speed

choose the multi-compatible hardware / modem

when you buy modem, its better to choose the best one, which is able to work in GPRS, EDGE, 3G/UMTS, or HSDPA or HSUPA.

set your APN

APN is used by mobile-internet-operator to apply some profile connection to client. 

improve your antenna

you can see this, when you add a plate to your modem or wifi, it will strengthen the signal. Its good for your connection throughput then.

external cable 

when you use the modem in long time, its become overheat, so by adding external usb cable, you can put it far away from your laptop and make it on the flowed-air environment. It will decrease the heat.

set the right service mode

for better throughput, you need to set service mode match with signal-service on your area. Sometimes, you need it preferable 3G, or 3G only or 4G only, etc.
You can check the best one is from the highest technology applied on that area from mobile internet provider coverage websites.
Read more ...

speed test on tunneling

how to measure speed test for mobile broadband tunneling

when your mobile modem get link to internet, maybe its little bit confuse, why i got different throughput between and real download speed when download. 

the first things that you need to know is about this picture, its the mobile internet connection. You can see that when you use tunneling, logically your laptop / client now is on server-subnet, but physically its still separated with your server by its network (mobile internet provider network). 

You don't know that happen on middle cloud, maybe routing, firewalled, enqueuing, proxying, etc. Whatever on that, you just need to measure your real-pipe speeds (on the red-pipe). This is the real maximum throughput of your network. You can test it by tapping on server and on your laptop as client. See how to measure this below.

The second one is, your server connection to the internet, the blue-pipe, when its bigger than your red-pipe, its ok. And Not for reserve.

by this short explanation, its obviously to you in getting tunnel account, such as vpn account, or ssh account for tunneling that, you need to consider your red-pipe first before asking about "how fast your serving vpn". Because its so many website offer that they can guarantee fast speed connection before checking your red-pipe. You need to install your own speed test.

fast cheap vpn

speed test hosting international (USA)

febru@usa:~$ ./speedtest-cli 
Retrieving configuration...
Retrieving server list...
Testing from OVH Hosting (198.50.138.xx)...
Selecting best server based on ping...
Hosted by 3Men@Work (Montreal, QC) [1.98 km]: 10.967 ms
Testing download speed........................................
Download: 370.89 Mbit/s
Testing upload speed..................................................
Upload: 84.13 Mbit/s

speed test hosting local (Indonesia)

febru@localhosting:~$ ./speedtest-cli 
Retrieving configuration...
Retrieving server list...
Testing from Argon Data Communication (103.31.251.xx)...
Selecting best server based on ping...
Hosted by Hypernet Indodata (Bandung) [2.50 km]: 11.047 ms
Testing download speed........................................
Download: 23.75 Mbit/s
Testing upload speed..................................................
Upload: 5.65 Mbit/s

speed test client to server with tunneling

febru@sevilla:~$ sudo iperf -c ip_server
Client connecting to tiago, TCP port 5001
TCP window size: 22.3 KByte (default)
[  3] local 39.201.112.xx port 46562 connected with ip_server port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-15.7 sec   640 KBytes   334 Kbits/sec

speed test client to server without tunneling (direct)

febru@sevilla:~$ sudo iperf -c server
Client connecting to tiago, TCP port 5001
TCP window size: 22.3 KByte (default)
[  3] local port 47933 connected with 198.50.138.xx port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-15.8 sec   640 KBytes   332 Kbits/sec

with or without tunneling, this speed speed must be almost same, because its the REAL pipe speed of your link, even you get more than this on your server, you ONLY can use your link for max speed as this.

real speed test client to internet with tunneling 

febru@sevilla:~$ ./speedtest-cli 
Retrieving configuration...
Retrieving server list...
Testing from OVH Hosting (198.50.138.xx)...
Selecting best server based on ping...
Hosted by Colo-Serv Communications (Montreal, QC) [1.98 km]: 21.378 ms
Testing download speed........................................
Download: 2.65 Mbit/s
Testing upload speed..................................................
Upload: 0.77 Mbit/s

almost the same with web-based speed test

how to speed up tunnel

  • make sure that you use fast DNS or well-known dns such as openDNS or googleDNS
  • test your routing table, ensure that your package is in right ways. You can use tracepath or traceroute
  • use the lowest level tunneling that you could
besides that all, you still need to consider about air-transport, you need to optimize your modem-signal here 

Read more ...

install speedtest

install iperf 

this is a client-server application to get the speedtest of your connection among client and server. It use to local / particular network speedtest.
on server
sudo apt-get install iperf
sudo iperf -s

on client
sudo apt-get install iperf
sudo iperf -c server_ip

see the video here

install speedtest-cli 

its console tool to measure your internet connection. you can use it to test your ssh server internet speed, it is needed when you plan to use your server as fast vpn server, or ssh tunneling server.

wget -O speedtest-cli
chmod +x speedtest-cli

The real case of these tools usage is speedtest tunneling.
Read more ...

inject http header linux python all operator

Vulnerable of http-header 

Previously, we are talking about tunneling, meanwhile i will not discussing about how to make http inject for mobile broadband, but i just want to show you how it works with real sample.

according to some of http vulnerability is containing CRLF on header, so it can be indentify as new line with new command on proxy.

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

How to make inject all operator in linux  

well, the simplest ways is you can use squidclient or urllib or curl or other primitives browser or you can make your own script. here is 

by this video and script, you are free to create your own injection by yourself by this basic inject all operator script

Read more ...

Dec 9, 2013

bypass proxy firewall and break internet speed limitations

Basic Tunneling. 

The most basic tunneling with ssh was explainned, it is ssh tunnel basic will told you about how ssh tunnel works. there are so many tunneling to bypass proxy or firewall on your network.

The main troubles are how to  bypass firewall and breaking internet speed limit. Bypassing firewall or proxy  easier than breaking internet speed limit, because you will face the queuing package program.

In short let me show you how to get from administratively you just get 512 Kbps then your speed will reach more than 10 Mbps and how to break firewall or proxy server.

bypass proxy firewall and break internet speed limitations


i will not explain it all, but in all of these will give you the best ways. you can try and chose one of the best, its depend on your location, signal strength (if you use mobile broadband), and opened service  on your network. You can download this ssh account to try this tunneling technique.

  • ACK Tunnel
  • TCP tunnel (pop, telnet, ssh)
  • UDP tunnel (syslog, snmp)
  • Proxified Tunnels (Advance)
  • Socks SSL tunnel
  • HTTP/S tunnel (payload of http = tunnel)
  • HTTP/S proxy CONNECT method tunnel
  • FTP tunnel
  • Mail tunnel
  • MSN tunnel

HTTP-Header Inject 

Sometimes, you need to break the server above your internet connection by injecting http header.  i will not give you full souces, but it can give you how to send HTTP Header Inject to victim. After you send the header, you need to give payload by directing or connecting your internet package to your destination. 

import socket, sys
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("", 80))
s.send("DELETE HTTP/1.1 \r\r\r")
while 1:
    buf = s.recv(1000)
    if not buf:
# you can send the payload here, can be redirecting or proxying the package.

more about this, you can see my sample video about how to inject with http header

Load Balancing and Forwarding package

After you break the path and speed, you can use iptables to directing your package to your clients.
Read more ...

create tunnel connection on ppp

on server
sudo apt-get install vtund

edit the options

options {
    port 5000;
    ifconfig /sbin/ifconfig;
    route /sbin/route;
    syslog auth;
default {
    compress no;
    speed 0;
home {
    type tun;
    proto tcp;
    stat yes;
    keepalive yes;
    passwd HHH;
    up {
        ifconfig "%% 198.50.138.BBB pointopoint 198.50.138.AAA";
        program /sbin/arp "-Ds 198.50.138.AAA %% pub";
        program /sbin/arp "-Ds 198.50.138.AAA eth0 pub";
        route "add -net gw 198.50.138.AAA";
    down {
        program /sbin/arp "-d 198.50.138.AAA -i %%";
        program /sbin/arp "-d 198.50.138.AAA -i eth0";
        route "del -net gw 198.50.138.AAA";

sudo vtund -s

on client 

options {
    port 5000;
    ifconfig /sbin/ifconfig;
    route /sbin/route;
default {
    compress no;
    speed 0;

home {
    type tun;
    proto tcp;
    keepalive yes;
    passwd HHH;
    up {
        ifconfig "%% 198.50.138.AAA pointopoint 198.50.138.BBB arp";
        route "add server gw";
        route "del default";
        route "add default gw 198.50.138.BBB";
    down {
        route "del default";
        route "del server gw";
        route "add default gw";

sudo vtund -m -p home your_server

febru@sevilla:~$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:198.50.138.AAA  P-t-P:198.50.138.BBB  Mask:
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:1618 (1.6 KB)

febru@sevilla:~$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         198.50.138.BBB         UG    0      0        0 tun0       *        U     9      0        0 wlan0     *      UH    0      0        0 ppp0
tiago  UGH   0      0        0 ppp0
198.50.138.BBB  *      UH    0      0        0 tun0

you will get better here ... 

create tunnel connection bypass proxy

Read more ...

hts http tunnel

sudo apt-get install httptunnel

on server

hts -F localhost:443 8080 

htc -P <proxyServer>:<port> -A <proxy_username>:<password> -F 12345 hts_server:8080 

ntar di client tinggal pake ssh -D biasa.

other references : 
Articles and software about tunnelling and firewall/proxy/censorship bypassing:

  1.     ProxyTunnel :
  2.     TCP-into-HTTP(S) tunneling program ; requires the HTTP proxy to accept the CONNECT command.
  3.     SSH Tunnelling howto :
  4.     Instructions for TCP-into-HTTP tunnelling using SSH and ProxyTunnel.
  5.     Bypassing internet censorship :
  6.     Ways to bypass censorship, using various technics.
  7.     How to Bypass Most Firewall Restrictions and Access the Internet Privately :
  8.     Document on firewalls bypassing and tunnelling.
  9.     Breaking Firewalls with OpenSSH and PuTTY :
  10.     Using putty and OpenSSH when the firewall allows port 22 in.
  11.     The ennemy within: Firewalls and backdoors :
  12.     Article about firewalls and security.
  13.     GNU HTTP Tunnel :
  14.     Opensource TCP-into-HTTP tunnelling.
  15.     PlugDaemon :
  16.     TCP port forwarder with HTTPS proxy support.
  17.     OpenSSH :
  18.     Opensource ssh client and server.
  19.     OpenSSH for Windows:
  20.     Windows version of OpenSSH. (The server only works under 2000/XP, but a 9x version is planned.)
  21.     OpenVPN :
  22.     Excellent, secure and flexible opensource SSL-based VPN program. Can work over UDP, TCP or even HTTP trough proxies.
  23.     1st April RFC 3093:
  24.     So-called Firewall Enhancement Protocol (FEP).
  25.     DesProxy :
  26.     Allows to make direct TCP connections through HTTP proxy which accept the CONNECT command. Does not require external server as in our solution above.
  27.     TransConnect:
  28.     Uses the CONNECT proxy HTTP command to make direct connections to the internet.
  29.     CorkScrew:
  30.     Tunnels SSH traffic through HTTP proxies.
  31.     HTTP Bridge:
  32.     A CGI-based secure HTTP proxy written in Java. Requires Tomcat.
  33.     PsiPhon:
  34.     Password-protected HTTP proxy server designed to circumvent censorship.
  35.     HTTP Proxy Lib:
  36.     A library to add TCP-into-HTTP capability to your programs.
  37.     STunnel:
  38.     Generic TCP-into-SSL wrapper.
  39.     STunnel:
  40.     Generic TCP-into-SSL wrapper.
  41.     SSLProxy:
  42.     Generic TCP-into-SSL wrapper. No longuer maintained (Authors recommend STunnel instead).
  43.     TLSWrap :
  44.     TLS/SSL wrapper/proxy for FTP.
  45.     HTTP Tunnel :
  46.     Commercial encrypted TCP-into-HTTP tunnelling service. Low-bandwith free service available.
  47.     HTTP Tunnel :
  48.     Opensource SOCKS proxy capable of tunnelling traffic through HTTP proxies. Client and server provided. Server can run standalone (perl) or on a hosted server (php).
  49.     HTTPort :
  50.     Commercial TCP-into-HTTP tunnelling service (encrypted).
  51.     BarracudaDrive :
  52.     Free TCP-into-HTTPS tunnelling server with HTTP proxy support (command-line java client), including a web-based file manager, web-based chat and graphical file transfer java client.
  53.     Hamachi :
  54.     Free and simplified UDP-based VPN solution capable of traversing NAT firewalls.
  55.     Your-Freedom :
  56.     Free TCP-into-HTTP tunnelling service. Additional sevices are not free.
  57.     Socks via HTTP :
  58.     A SOCKS proxy which tunnels all traffing into HTTP requests. Can also tunnel static ports. Client and server provided. Written in Java. 
  59.     Zebedee :
  60.     Opensource cross-plateform TCP/UDP-into-SSL tunnel.
  61.     Socks2HTTP :
  62.     Commercial Socks proxy which tunnels TCP and UDP into HTTP.
  63.     SSL Explorer :
  64.     TCP-into-HTTPS tunnelling and more. The clients only requires a Java-enabled browser.
  65.     Tunnelier :
  66.     Commercial (free for personal use) SSH client for Windows with easy tunnelling features, graphical SFTP client, FTP-to-SFTP bridge, etc.
  67.     nph-proxy :
  68.     Free CGI-based HTTP proxy, capable of HTTPS proxying and URL obfuscation. Perl source code provided.
  69.     For more information, see:
  72.     Tunnelling projects on

Read more ...

HTTP-Connect tunnel

Search the proxy with tcpdump

tcpdump -vvvs 1024 -l -A tcp port 80

test the proxy

$ telnet 8000
Connected to
Escape character is '^]'.
CONNECT HTTP/1.1          

HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
X-Cnection: close
Content-Length: 680

<TITLE>Appliance Error</TITLE>
<FONT face="Helvetica">
<TABLE border=0 cellPadding=1 width="80%">
<FONT face="Helvetica">
<big>Appliance Error (internal_error)</big>
<FONT face="Helvetica">
An unrecoverable error was encountered: ""
<FONT face="Helvetica">
This problem is unexpected. Please use the contact information below to obtain assistance.
<FONT face="Helvetica" SIZE=2>
Copyright © 2010 PT. Telek Selular.

set proxyCommand 

set on .ssh/config

TCPKeepAlive no
ServerAliveInterval 20
ServerAliveCountMax 10

ProxyCommand /usr/bin/proxytunnel -v -p -d %h:%p -H "Host: \n" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"

create sock tunnel

$ ssh -fN -D 9050
Connected to (local proxy)

Tunneling to (destination)
Communication with local proxy:
 -> Proxy-Connection: Keep-Alive
 -> Host: \n
 <- HTTP/1.1 200 Connection established

Tunnel established.


$ ssh -f -v febru@tiago -L 9050: -N 

on this time, i just get small but steady..

HTTP-Connect tunnel

Read more ...