How to disable a proxy server

Cut to the chase -- fill out this form to be notified by e-mail when information becomes available on how to easily disable a proxy server.

The instructions in this file do work, but they require assistance from someone knowledgeable with UNIX who owns a machine connected more or less permanently to the Internet.

BESS, I-Gear, SmartFilter, WebSENSE, SurfWatch Proxy, and Cyber Patrol Proxy are all proxy servers.

Most blocking software programs for home use -- Cyber Patrol, SurfWatch, Net Nanny -- are installed on the user's computer, and you can disable them simply by moving some files around. Proxy servers, on the other hand, are installed on another computer somewhere else on the network, so they usually cannot be disabled. To get around a proxy server, you don't turn it off, you figure out how to access a non-blocked Web page that contains an automatically-generated copy of the blocked Web site that you're trying to access.

An example would be the Anonymizer. If the Anonymizer were not already blocked by most proxy servers (which it is), you could get around a block on, for example, "www.safersex.org" by loading this URL into your browser:

http://anon.free.anonymizer.com/http://www.safersex.org

Ideally, your school's proxy server would not block this request, because your computer is not communicating directly with the machine www.safersex.org. Your computer communicates with www.anonymizer.com and requests a copy of the page at http://www.safersex.org, and Anonymizer.com sends the copy back to you.

But, like we said, www.anonymizer.com is already blocked. And most sites that do the same thing as the Anonymizer are blocked as well, because there are relatively few of them in existence, and all censorware companies have blocked all such sites that they can find. And anyway, even if the Anonymizer were not blocked, it would still be possible for the administrator of the proxy server to examine the logs and see that someone had tried to access the URL:

http://anon.free.anonymizer.com/http://www.safersex.org

Not being stupid, the system administrator would probably guess that someone had used an outside Web service like the Anonymizer to view a blocked site.


Our solution is to develop a small, fast, efficient service like the Anonymizer that could be installed on any random home PC that had a semi-permanent connection to the Internet. Since no censorware company would be able to find all possible machines that were running this software, the vast majority of these sites would not be blocked, and they would be available for someone to use to gain uncensored Internet access from a censored Internet connection.

The other key feature of such software was that the URL would be scrambled before being requested, so that a proxy administrator examining the log files would not see the address of the banned site that you accessed. So instead of

http://anon.free.anonymizer.com/http://www.safersex.org

appearing in the logs, you would see something like

http://www.peacefire.org/anti-censorship/6547GHGHJK9234KDSG022435KJGS

where http://www.peacefire.org/anti-censorship/ is the Web address of the version of the software being run, and 6547GHGHJK9234KDSG022435KJGS is the encrypted version of "www.safersex.org".

The closest thing to such software currently in existence is Brian Ristuccia's Anti-Filtering Proxy Proxy. The AFPP takes a request for a URL like "www.safersex.org" and sends an encrypted request like 00304054433434040440 instead, so that the log files do not reveal the site that was accessed. However, several improvements to the AFPP are still pending:

  1. a fix to prevent it from being used to gain unauthorized access to other networks (using the notorious "PHF exploit"), which was is the reason it has currently been taken down
  2. a method for making the encrypted URL request mathematically secure, in the way that PGP-encrypted e-mail is mathematically secure (right now the "encryption" scheme is easy to break)
  3. a method for making the encryption time-dependent, so that if someone finds the URL
    http://www.peacefire.org/anti-censorship/6547GHGHJK9234KDSG022435KJGS
    in the log files two hours after it was accessed, the encryption "keys" will have changed by that time, so loading that URL will no longer result in the same page being displayed, and it will be impossible to tell what the person was looking at when they originally loaded the URL two hours earlier.
If you know someone who is knowledgeable with UNIX and owns a machine connected more or less permanently to the Internet, you can ask them to request the source code for the AFPP from Brian Ristuccia and they can install it on their machine.

We are working on a more easy-to-use version of the software that can be installed on Windows and UNIX and doesn't require any experience to set up, as well as providing the proper encryption features described above.

Enter your e-mail address here to be notified of when this software becomes available -- this will enable you to get around any proxy server, anywhere.


Your e-mail address will be kept completely private. You will not receive any unsolicited mail from us or anyone else as a result of filling out this form, except for updates about circumventing proxy servers, as requested. Every such message will contain information on how to unsubscribe from the list.