Instructables

How to bypass Iboss Webfilters on Mac OS, for computer class challenge?

My computer teacher gave us a challenge: our school used to have filters on most of it's computers, but they were taken down and replaced with something else. As a challenge, our computer teacher re-installed it on some computers and told us to try to get through it. I have had little success, my most promising moment being with a glitch in Firefox, that soon fixed itself and ruined my only gateway. To win the challenge, You have to get onto Facebook, myspace, and twitter, all of which are on the blacklist. Once there, you must post into a specific profile. You must do this three separate times, to illustrate that it can be done more than once. I know it is possible, because two other kids in the class have managed it, but I simply have no idea. 

The program is Iboss Webfilter by Phantom Technologies, and all of our computers are pretty new Macs. We have access on our computers to Firefox, Safari, Seamonkey, Camino, and Omniweb browsers. All proxy websites are blocked by the webfilter program. All firefox abilities are enabled though. 

Any and all suggestions or help is appreciated, If we pass the challenge, we get an automatic 100% in the class, because we have probably the coolest computer teacher ever. 

If anyone can give me a good solution that works, they get a patch! 

Okay,

1. Get Google Chrome

2. Go to Chrome Store

3. Search Browsec

4. Add it

5. Click the icon in the top right

6. Click Protect Me!

7. Set Location to United States

ilpug (author)  gavin.wallace.3705110 hours ago

This is a super old topic man, I graduated from high school like three years ago...

leonbarlone2 years ago
You'll probably slap yourself in the head because it's so easy...but all you have to do is change the protocol in the URL bar...

Yeah...it's that simple

iBoss doesn't verify or filter any addresses being used through protocols other than HTTP...so that means...it doesn't filter HTTPS.

Yeah, while using the direct IP method MIGHT work, that is only if you use the right protocol.

Try this, buddy. Just replace any http:// url that you are trying to visit with https://

Or, if you want to try the direct ip method, put a colon, plus the protocol you want to use for example, 127.0.0.1:80 (http) 127.0.0.1:81 (https) 127.0.0.1:8080 (typical proxy port) or anything else.

HTTPS://www.youtube.com
https://www.twitter.com
https://www.myspace.com
https://www.facebook.com

All of them will suddenly work without a problem. It's hilarious how shoddy iBoss is... In fact, I am willing to bet that your current IP/web filter is also vulnerable to this sort of bypass...if only with a slight variation.

Other web filters like to have a piece of hardware that is connected to your school/workplace's server. So, it's literally like a box that goes in front of the router/DHCP server in order to filter out the blocked IPs. Simply unplugging it, or (again) using a protocol that it does not filter, will bypass it as well; however, this usually sets off a tamper notice/alarm/event, which will garner some unwanted attention, especially if it is an area under surveillance. The third kind of web filter...and the hardest to bypass if you don't know how to do this sort of altercation, are the ones that are physically installed to the computer you are using. This is common in large work places and companies. They like to use this kind of web filter because the employees usually have to log into the web filter with an id. That way, they can keep a log of who has tried to bypass the filter. But what the companies don't know is that most of these filters can be bypassed if you can get onto the administrator account. Simply changing a few security settings, or deleting the program from your computer will make it so that the program never runs on your machine when you log in, thus, you never get filtered, and the boss can't keep an eye on you from his office anymore. :3

Hope you enjoyed the lesson.

Also...to all of you who are whining about "Oh, this is illegal" that's BS. No, it's not. www.hackthissite.com is a perfect example of why hacking is perfectly legal, including bypassing web filters. There is nothing illegal about this. Until this guy starts looking up child porn at school, or trying to change his grades (not that he could/would). Knowing how to bypass a web filter is just gaining knowledge...the knowledge about how this stuff works. If you have a love for technology, especially computers, networks and all that entails, go for it. Tear stuff apart! It's fun! Hacking, bypassing filters, exploring systems--if it's for the sake of learning, it's not illegal, and, in fact, benefits you. This is not 1903 where if you learn to speak German, you get stoned in the freaking streets for being a traitor to the United States and called a "Hun." I think we've evolved passed that. This is the same principle. As long as you know what is legal and what is not, you will always be safe. (Either because you are obeying the law or because you are circumventing it :3)

I applaud your teacher for being so up-front and real with you and the rest of your class, because he knows that to REALLY KNOW how to protect yourself and your assets on the internet, you need to know their weaknesses and vulnerabilities.

Keep up the good work, keep learning, and don't stop asking questions!

- A message from the TrueDemon@hackforum.net

-- "Speak the Truth"

Iboss does now block https... sorry :(

this only seems to work sometimes, on certain cites.
i am just glad my school doesn't block youtube.
I am #(U(## off! FYI, I am in the same issue where my school put an iboss on the network. We used to have lightspeed and 8e6 which I used https to bypass. This one is tough. I tried the direct IP, https, etc as you mentioned with no luck at all. Seems this is a lot more sophisticated than I thought. Its definitely one of the better ones out there. I even set up a home based proxy which worked for about 30 seconds then cut me off. After all my attempts i was suspended by the a holes in my school for trying to 'hack' the network. there is some sort of alerting system that triggers with iboss when it detects someone bypassing it and tells them who you are and where you are. watch out.
that has happened to a kid in my school before, so after that he found a way to bypass it. he would go in and make a "bridge" so the alerting system was disabled then he went through and turned iboss off on the computer
andrewgillim3 months ago

Use UltraSurf. It is the best one available. Copy and paste this url into your webbrowser. www.techspot.com/downloads/5711-ultrasurf.html This is the only site that iboss cant block. It does NOT work on macs and apple products. Just download, and look up whatever you want... by the way, you might not want to sign in to those specific accounts, because they might try to use it to block that program... works with all other webfilters :D

BabeeGirl5 months ago

My school has iBoss and they have Blocked EVERYTHING i have no way to get around it and i need help :(

ps4pig7 months ago

you could always use logmein hamichi and access a computer at home. this works with iboss since iboss only sees the log mien info not you going on to a blocked website

taylor12219 months ago
ultramask.com
Zalgo2 years ago
Well, I'm kind of sad. My school is nowhere nearly as gracious. I tried the 'https' thing and that failed miserably. The only browser we have is Internet 'Destroyer'. I hate it. To clarify, does this affect any of the methods of removal too severely?

I just want to read, not see that annoying iboss page show up repeatedly.
well if the blocking component is iboss then no it shouldnt harm any thing but if the blocking system is different the the methods may not work reply back if you have any questions
rickharris2 years ago
A MOST unusual way for an IT teacher to behave - (s)he is effectively encouraging you to do something illegal, dishonest and teaching you bad practice and skills.


Mmmm How real is this?? No teacher I know would do it they are too busy teaching you the basics.
ilpug (author)  rickharris2 years ago
Well, That's what I thought, but he is a really cool guy. Technically, it isn't illegal, since A)it is mandated by a teacher, and B) learning how to break though a filter isn't illegal.

It's like a door. If someone has a door to their house, and you go up, break it down, and then go in and steal their stuff, yeah, duh, that's illegal. If that person tells you officially to break down their door and take their stuff, then it is legal. It's just the matter of permission. In the same way that knowing how to break down a door is not illegal, knowing how to break through a privacy program is not illegal.

This is the advanced IT class at the charter school I attend. The teacher has been around here for years, and has been working in IT for years before that, he also owns his own Internet company. Since this is his advanced class of only seniors, I think he just gave us this assignment or fun. I am not using this to break through our school firewalls because A) rule-following seniors at my school have their own bypass passwords for the installed privacy program, and B) the program the teacher is asking us to work on is a different one than the one the school uses, or any other school in our district, as a matter of fact.
thegeeke ilpug2 years ago
I did say that it was possible that it is a ligit assignment, however, if he's willing to let you post your question here, then he would probably be willing to help you himself. I will not help you with your homework.
ilpug (author)  thegeeke2 years ago
Fair enough, thanks for the input.
ilpug (author)  rickharris2 years ago
Well, I just typed three paragraphs and then it failed to post, so here is an abbreviated version of what I said.

The teacher has been here for years, and has his own internet company.

This is his senior IT class, we graduate this year.

the program we are working on is a different one that what the school district uses, so working on how to get through it won't help us use the internet at school when we aren't supposed to, also seniors have their own passwords to the network the school uses, so it really doesn't matter.

learning to get through a program is actually not illegal, the only time it is illegal is when you use that knowledge to do bad things. This is mandated by our teacher, so therefore, it is quite legal. He only gave us the challenge for fun.

I understand your concern, but this is completely real.


thegeeke2 years ago
A. If this is a ligit class assignment, you should be figuring it out yourself. (Or maybe figure out a way to ask your teacher for some help... They might be willing to get you going in the right direction.) I will not help you cheat, and I hope no one else on this site would either.

B. Although it is very possible this supposed assignment is ligit, it is also very possible you are making it up to get passed filters. Again, I will not help you do it, and I am pretty sure no one else would either.

Although I have not used the program you talk about, I have a pretty good idea of how it works based on what you posted. Just in case it is a school assignment, I will give you this: as you say, it can be done... Just try and think how you would make a filter, how it would work, specifically how people would connect to the Internet, etc. That should get you going in the right direction. Most hackers that I know (I used to work as a nerd for the US gov, so I know a few really good ones) use the "how would I make it" approach.
ilpug (author)  thegeeke2 years ago
Read my comment to rickharris for info regarding the legitness of the assignment. I specifically asked if I could post a question about it on this site, and he told me that that was perfectly okay.

I have a pretty good knowledge of how the program works, but I will try the "How would I do it" mindset.
Thanks.
aelias362 years ago
1) Try putting in the ip address rather than the domain name

2) Set up your own proxy at home, and connect to that
ilpug (author)  aelias362 years ago
I tried the direct IP trick, and it won't work.

Oh, you mean a VPN. I suppose I could do that, but it would be really hard considering my internet at home, and the transfer rates between there. I might try it through someone's internet in town though.
thegeeke ilpug2 years ago
I suppose the DIY proxy might work... Depending on the filter, but it sounds like the programmers would have thought about that based on what you said so far. There is probably a way without using proxies though.......