Sunday, December 10, 2006


The information presented here is for knowledge purposes ONLY. The use of the following information and its outcomes is sole responsibility of the reader.

For the impatient:
1) or Enter the URL you want to browse and be prepared for a slower browsing experience.

2) This one's better according to me... (but would take around 10 full minutes for reading the help and doing the configuration)
a) Download Java Anonymizing Proxy (JAP) from here JAP.jar.
b) Open command prompt as Start > Run > Type java -jar \path\to\jap\file and hit enter.

Example: If you have downloaded the file to C:\downloads, then the command you would have to enter at 'run' would be
java -jar C:\downloads\JAP.jar

Once opened, Hit the 'Assistant' button to guide you thru the configuration process. Lot of help is available on hittng the '?' button.

java virtual machine (JVM) or java runtime environment 1.3 or later must be installed. You can safely ask your admin to install it if it isn't.

a) open DOS prompt as Start > Run > Type command and hit enter.
b) type java and hit enter. If the following line DOES NOT appear, then you are on!!
"'java' is not recognized as an internal or external command, operable program or batch file."

Basics at Wikipedia: Proxy Server, CGI, SSL, Ports, Gateway, https.
1) These are CGI proxies. The complete page (that you had requested) is scanned and the links on that page are replaced by those generated by the site, that is, the way the page exists on the real server is replicated on the proxy site's server albeit with names generated using random numbers/alphas. Also, these sites use SSL. This implies that whatever you send to the site is encrypted as it passes the gateway and is decrypted at the destination site. The same process is used by banking sites to secure the transactions against eavsdropping.

2) This one's a better method... 'Why?' you may ask.

a) The above sites can be blocked the way the sites you want to access have been blocked!!
b) This requires no admin rights. Only Java Virtual Machine is required, which you can easily ask your admin to install.
c) The same file can be run using the same command on Linux/Windows.
d) If the admin sniffs it, working around would require only a few more clicks.

Now that the advantages have been laid out... here are the gory details.

When you start JAP, it starts a proxy server on your machine. Now you point your browser to send its request to this proxy server (JAP, running by default on port number 4001) and not directly to the gateway you had defined. Alternatively, if you were already using a proxy over the network, then you can configure JAP to access internet via that proxy. [At this point you may want to hit the 'Assistant' button if you haven't done so already.] That is...

YOU--->Browser (firefox/Internet Explorer)--->JAP--->proxy (if configured)--->Gateway--->Internet

When you start JAP, it asks for a public key from the server. The request that it receives from the browser is first encyrpted using this key. Now JAP sends
this encrypted information to the anonymity server that you have chosen. there the request is decrypted and its response gathered (remember that your request
to your gateway had been encrypted at your machine). Now this response is again encrypted using the other key in the pair and then sent to the JAP proxy server on your machine. JAP decrypts this response and then sends to your browser for you to see. Complicated??? Hence the complete request-response diagram would be as follows:
YOU--->Browser--->JAP (reuest encrypted here)--->proxy (if configured)--->Gateway (at office)--->(Internet entered)--->Anonomyzing server (request decrypted here)--->Internet accessed again to gather response--->back to anonomyzing server, request encrypted--->JAP server at your machine--->response decrypted--->Browser--->YOU

Wondering where's the justification to "If the admin sniffs it, working around would require only a few more clicks."?? Well JAP communicates by default via port 4001. Each service, be it yahoo messenger, ftp, http etc has a port assigned to it on your machine. Some of the popular ports are listed here. Network admin can block ports. For reference he may see a list of popular ports and leave them while blocking the rest of the ports. Now if he does so and blocks some ports leaving a list of popular ports open, you may stop the corresponding service and start this server on that port.
Besides that, he can also block the IP of the site from where you are using this anonomyzing service. This is actually the part coz of which I like it. There exists a service called Forwarding (have you noticed the Forward checkbox in JAP's interace?). JAP users can make their PC act as a server for other PC to use this anonomyzing service! Now you can either collaborate among your friends, dedicate a machine (probably a machine a your home) for jap only and do away with all this jazz of installing and then configuring again and again. Just go to the browser from where you wish to access the site from, configure it to access this jap service at home by giving ur home comp's IP and the port at which the forwarding service has been enabled. Once you are done, restore back to original settings... :) Uber cool, huh?? No need to install anything; configure, browse, reconfigure and leave the terminal alone!! This method can actually be used using any proxy server. JAP is an illustration. You can setup a Apache server at your home for the same purpose. Configuring JAP is just more convinient.

If this information has charmed you, the following will also be interesting.
Tor: Wikipedia, Official Site
Firefox: Why switch to Firefox

No comments: