Hotspot Proxy
Beverly Denmark
I tried it just now and PA detected hotspot-shild app without SSL decrpytion. However i don't know what happens if you put it on block and app tries to connect to some less known IPs and/or URLs. I guess in that case SSL decryption is needed.
It seems that you are struggling with blocking Proxy applications like Hotspot Shield but the major point here is that you can only ensure that all Hotspot shield attempts are blocked by enabling the SSL Decryption.
As you say the SSL Decryption is not possible on your network then the possibility of the user to bypass the Firewall is high because these Proxy applications like Hotspot shield users IKE, IPSEC, SSH, SSL to create encrypted tunnels which will completely bypass the filtering...
You may block Unknown-UDP / TCP and it will block a considerable amount of users but again these apps are trying to bypass the limitation using these ports which will be very difficult to block with a security policy....
I need to create a wifi hotspot in my windows 10 so my IoT device can connect to it and use the proxy that I've set on my windows, The problem is my IoT does not support any kind of configuration to setup with proxy and I want to configure a network that has already bypass all requests through the proxy.
Taking away their phones, installing restrictive VPN's, setting the block VPN in Circle, the belt, grouding,........... doesn't work. There's gotta be a way to block this outbound traffic on the router???
If they're actively installing something to get around blocking, then its time to make them responsible for the choice. You can lock down their phones to the point of installing an app requires you to install it with a pin code. But they'll find a way around that by side loading.
At a certain point, it comes down to making them responsible for the choices they've made. Take the phone away or shut it off. Most cell phone plans off a deactive feature. Not saying its a great choice but they'll keep finding ways around the security when they get smart enough to circumvent you
Thank you for responding. In advance please be patient with me as I seek to block all users trying to circumvent established polices. Our small network only allows known and acceptable devices on the network, random inspections which fail create mistrust and are seen as an invasion of privacy. Unfortunately it's human nature to bypass or go around the established rules and policies. I like to subscribe to the saying keep honest people honest by removing the temptation.
Can Hotspot Shields IP's (Service, Destination name, specfic port, .........) be identified and blocked on the router? Understanding that it would be a large server IP list and may take time to build.
You may not forget that certain browser also have a build in VPN feature that you can not block. Beside that they can also use a proxy so a parental control software will not able to detect or block anything.
When user has created an personal WIFI hotspot ( sharing the cellular connection) there is no user setting where I can setup a manual http proxy/port for the WIFI hotspots connection, or ( at least for my cellular data network ) for setting the http proxy/port of the cellular connection. I want http from devices connected to the hotspot to be routed to an http proxy/port.
It seems that iPhone hotspot blocks access between devices on the local network.I've set up an HTTP proxy on my Windows device. My other Android phone can pass through the proxy tunnel when they're connected to the same rooter.However, it won't work if they're connected to an iPhone hotspot.
A hotspot proxy ID is used to make a link between hotspots and skin elements and their actions. Mouse events on the hotspot that are relayed to the skin element are Mouse Click, Mouse Enter, Mouse Double-click, and Mouse Leave.
This is my first time using Manjaro, and i cant seem to get pamac or the default Software app, or the browser based software store to work. The only way its possible to connect my desktop to the internet is with the PDAnet android app. i set system proxy in the settings menu (im on KDE), and in Firefox network settings. i had this issue on Ubuntu with apt and couldnt figure it out either. setting enviroment variables doesnt affect anything as far as i can tell. With Fedora i can get DNF to work by adding the proxy to the end of its config file, but i dont know where the config file for pamac is or if that is even an appropriate way to go about solving this. I need ALL internet connections to go through 192.168.49.1:8000 on my local network, and certain data like User Agent info and screen size info gets changed or masked to hide tether usage from my cell carrier. Unfortunately home internet is unavailable in my area, Metro by Tmobile and Verizon is the only way to get internet.
I am using an app on my phone to create a hotspot (usb can be done, but only to one PC at a time) that hides all traffic from my carrier by using wifi direct to turn on the hotspot and changing user agent data to match my phone. The app doesnt support linux, but i got it to work on Fedora. so far on Manjaro, the browser works, but i cant install software at all. Pamac fails to connect, and i have no clue where to even start with setting proxy settings. i set the system wide proxy settings in the KDE settings menu, but that does not make pamac or pacman use the proxy. I cant find anything in the Wiki about installing software behind a proxy, so i dont even know where to start. On fedora KDE i set the system proxy in KDE settings to manual, then added proxy=192.168.49.1:8000 to the end of /etc/dnf/dnf.conf to get the software GUI and CLI working. i tried to find an equivalent configuration file for pamac, but there doesnt seem to be one. its not an emergency or anything, i just want to try manjaro out because it seems cool. EDIT: the app and proxy are necesary because i run out of hotspot data and cant get home internet at all.
the user agent thing is because Tmobile monitors that (supposedly) to determine is the traffic originated from my phone or not. im out of regular hotspot data, and thats the only way to get around them blocking other connections.
Here, allegedly, they go the absolute stupid way and look for the User Agent in the requests. (What about HTTPS? What about UDP or any other protocol than HTTP? Can you even operate a phone without HTTPS?)
The ap-hotspot solution is slightly out of date and has the added disadvantages of being complicated and incompatible with socks proxies. A simpler solution is to use ubuntu's built in network-manager to create the hotspot as detailed by -ways-create-wifi-hotspot-ubuntu/
TCP traffic from the hotspot can be passed through the ssh -D socks proxy using redsocks. With redsocks installed and configured one can use iptables to redirect all traffic from the wifi hotspot to redsocks which then passes it through the socks proxy.
I have a Raspberry Pi 3B+ that I'm using as a Wi-Fi hotspot. I have successfully gotten an access point running on one Wi-Fi USB chip, and using another Wi-Fi USB chip I connected to the public Wi-Fi. My goal here is to setup an SSH Tunnel leaving the Raspberry Pi, and on the Raspberry Pi set a system wide SOCKS proxy as 127.0.0.1, to then proxy all requests entering the Pi's access point over towards my home Wi-Fi. Does this make sense? I am fairly new at this kind of stuff, so any help is appreciated. Thanks!
I need an SSH tunnel to access resources inside my home network. Yes, they are in fact called wlan0 and wlan1, 0 is for the access point and 1 is for uplink. The endpoint of the tunnel is wlan1 and the other end of the tunnel is a computer on my home network. I am able to connect the tunnel but the proxy is the tricky part.
As far as I understand you have a Raspberry Pi anywhere outside on the internet and want to connect in a secure way to your home network to use its resources. All devices connected to the access point should be able to use the resources on the home network, e.g. webserver, fileserver, database server, printer and so on.
You are using an SSH tunnel which is in principle an end to end connection between distinct devices using source and destination ports. So each device connected to the access point on the RasPi must use an SSH tunnel to the resource on the home network, one tunnel to the webserver, one to the printer and so on. Your idea now is to have a proxy on the RasPi that have made all SSH tunnels to each resource on the home network and will these serve to the devices on the access point, so only the proxy have to made all SSH tunnels and not each device by itself. You asked:
It may be conceivable but I haven't seen a solution this way. it does not correspond to the nature of an SSH tunnel. There are better well known solutions to get secure access to remote networks, called Virtual Private Network. You should look for a solution with a VPN. Popular solutions can be found at Wireguard, or OpenVPN, or PiVPN.
I need to create a wifi hotspot in my laptop which does not require proxy to configured by wireless clients (Android phone). What i have is an ehternet connection, through which internet is accessible using http proxy with authentication. Is there any way to do it?
I have an authentication based proxy internet through ethernet. What I want to do is to share this internet through an (non-authenticated) open proxy. So, I install CCproxy software on laptop and create a wifi Access Point (adhoc is not supported by android) sharing my ethernet internet. Now, in CCproxy, I go to Options > Advanced > Cascading and check enable cascading proxy. Now, here I set my authenticated proxy internet details. So what CCproxy is essentially doing is taking my proxy internet and create another proxy server to distribute that internet. In Account setting, I did "permit all", so that this is an open proxy and needs no authentication. CCproxy creates a proxy server at some IP and some port that will handle all the requests. So, if you now go in your browser and enter this ip and port, it will be forwarded through ccproxy and you will need no authentication. So far what I essentially did was convert an authentication based proxy into an open proxy.
93ddb68554