Many businesses and government institutions use a content filtering program such as Websense to keep employees from visiting certain websites while at work. These programs can either prohibit the use of certain websites or monitor all of the sites that employees visit while in the office. Websense blocks several website categories: adult material, entertainment, drugs, games, sports, Internet communication, peer-to-peer file sharing, gambling, instant messaging, health, illegal, shopping, job search, Internet telephony, religion, special events, travel, violence, weapons, advertisements, freeware and software download, pay-to-surf, malicious websites, and many more.
The concept behind Websense is simple, whenever an employee attempts to visit a specific webpage, a request is generated and then passes through a firewall. Websense looks at this request and answers yes or no depending on if the requested URL is in the Websense database. In transparent mode, Websense counts on the fact that the firewall forwards the whole request one time. If the whole request is not transferred at one time, Websense allows the packet to pass, as the packet does not look like an HTTP request. Several techniques allow users to bypass Websense’s filtering and authentication process.
Bypassing Websense via a Web Proxy
One way to bypass Websense is to use a web-based proxy site. With a proxy, Websense sees the user browse to the web proxy, not to the website the user is actually browsing to. The user browses to the web proxy and the web proxy browses to the website that the user wants to visit. These web proxies can bypass Websense because the ‘S’ in the HTTP address (https://) stands for secure connection and Websense does not block such secured connections. This is probably the simplest way to get around the Websense program as it takes little time and no one will wonder what the user is up to.
To find a current web proxy, visit our proxy page.
Bypassing Websense via HTTP Tunneling
Users can also bypass Websense via HTTP Tunneling. Most programs also come with options that help to destroy Internet history and Widows activity. This means that the user’s online activities are secure and he/she can spoof his/her web browser information, which helps to thwart hacking missions. One can download HTTP Tunneling software programs from the Internet quite easily and inexpensively.
planecrash
This articles description of HTTPS may not be entirely accurate. I’m sitting behind a websense proxy right now. It performs the negotiation between HTTPS sites and serves me a custom, unsigned SSL cert, essentially performing a man in the middle attack and monitoring all HTTPS traffic just as easy at HTTP.
From my experience, while annoying, websense is easily bypassed via RDP to a personal computer off site. Please note, while what you do on your personal machine is protected, the IP address and duration of RDP sessions may be able to be reported on.
Katieboo
Why are all my good sites blocked
Dr.OZ
Oh one more thing, if you use this all day at work, youre dumbass. lol , be smart.
Dr.OZ
Next time you wanna use it, and suddenly you get Error 404, all you have to do is remove “s” from https:// -> http:// , and you should be fine.
Jacob Pagano
This does not always work. If your organization has purchased ISA Server or TMG or Websense Content Gateway than Websense can work with a proxy server to filter out secure connections, I know because of I have setup a Websense Server in the Past. and as for the HTTP Tunneling that can be blocked as well by protocol blocking. One way to bypass Websense is to setup your own proxy server at home and then configure your router for port forwarding and then go to work and reconfigure your browsers proxy settings then you can get around it but that is only if your work has not restricted the ability to set your browsers proxy settings.
Katieboo
Hey
Guest
Not very helpful, but i think i can make it work
Dual_Heart
Just look for a lolcatz site, boredom eradicated
Tamago
The related videos are blocked… lol!
WillSpencer
That shows the value of preparing ahead of time — while you are still on an unblocked network. 😀
Dual_Heart
Well, I only connect on this network, like. 2 days a week. But it’s so strange that they block youtube, ebay, etc, but I can access FACEBOOK just fine and dandy…
RockyTheRodent
Some organizations are actually OK with their employees using social networks.
itguy
As an IT guy, we search this stuff to see how your trying to get around it. In an installation that I manage of websense, using the IP address of the site won’t get you there, we block everything not catagorized, and review upon request. The TOR’s and other applications, well our firewalls are smart enough to see that traffic so it’s blocked too. However, I can say we aren’t as overboard with it as some companies, we just block personal email, social, and questionable content like pron, violence, etc.
Not saying that all of you spend all day, but when we see facebook sessions lasting all day long, kind of crazy. Also, think about asking your management team to allow Websense Quotas, they can give you like an hour a day of screw off time for stuff like email and the like, of course secure companies may not be able to do that for the concern that you might email someones social security or credit card details to Russia….. one bad apple….
Jacob Pagano
You can use Websense Data Security to prevent the e-mailing of Social Security or Credit Cards.
AHole
We use Websense to report traffic only. Users can go wherever they want, but reports get back to management and put in their employee file. F’ing around on the Internet at work is strickly forbidden and outlined in each employee signed handbook. Besides, all you dumbasses with FB accounts and stupid Internet posts are already flagged by serious employers. That’s whats wrong with this country, nobody wants to work anymore, just F-around. How about having a little self-control people…
Dual_Heart
There is nothing wrong with having a facebook account, so long as you are responsible with it and your posts don’t consist of ‘I had a gr8 fu** last night!!!’ <— That kind of post is liekly to get you fired
corbin
Of course we don’t want to work, work sucks. Web sense packet routing slows the connection speed down significantly, that’s my only beef with it. Oh, and it’s strictly*.
IP Addressing
If we are on a Mac OS, we do the same steps. We access Terminal via Applications. Then we type in ‘ifconfig‘Â and do the exact same steps as above.
IP Addressing
First off, Websense managed to cut off proxies, http://, and basically all other methods we can think of. Except for one. If we are on a Windows system, we go to
Run->type in ‘cmd’->type in ‘ping “website here e.g. facebook.com‘->then get the IP address of the website-> go to your browser->type in the IP address without .com or www. or http://->and you’re done.
Roger
I did the things mentioned above i got page asking the username & password.
I enter my id & password got a message tht displayed “Login Failed!”. Now What.
WillSpencer
What did you enter your ID and password into?
Can you post a screenshot?
Roger
This Is What Appears After I Type IP In Address Bar.
WillSpencer
That’s not WebSense, that’s an H3C SecPath: http://www.h3c.com/portal/Products___Solutions/Products/Security_Products/
Is the SecPath blocking access to all web sites, or just some web sites?
Roger
But When I Try To Access Blocked WebSite I Get This Msg.
WillSpencer
Is WebSense blocking access to all web sites, or just some web sites?
Roger
Most Of Them
WillSpencer
That means port 80 isn’t being blocked. That means you just have to find a web proxy that WebSense isn’t blocking. To do that, go here: http://www.allproxysites.com/recent-proxy-sites.php
Or, if you can install software on your PC, install a VPN client and connect to the outside Internet using a VPN.
Skye
It is still blocked….i just type the IP address without any extensions but still it is not allowed by the system
WillSpencer
I don’t think the trick of using IP addresses has worked in a long time.
Are you blocked from all web sites or just from some web sites?
n00bie_script_kiddie
my tool…Remote Desktop Connection to home computer. Surf what I want with no one knowing what I browse. The connection is not as fast through RDP, but that has to do with our pitiful 3MB service.
Jacob Pagano
That is the same thing that i do.
planecrash
I’m RDP’d passed websense as we speak. It should be noted, however, that while your behavior via RDP is secure, websense can report on the IP address and duration of your RDP sessions.
in calgary
I agree with the idea that IT depts generally dont have enough to do. Â My manager made a passing call that the web is being used too much. Â Thing is to protect myself I log in under a general password and use ninja proxy servers if I want to play games. Â So the manager may make inadvert ineffective threats but has zero proof of who is doing what. Â Actually studying board games makes you MORE effective as an employee. Â What exactly is the internet for at work in a hospital? Â If the IT noobs complain about viruses, do the smart thing: Â Either install Linux or get apple computers. Â If the latter is too expensive dont complain and say that open source cant be done for a corporation. Â It could if people were willing to. Â But they arent. Â So because they arent, there are proxy servers for employees such as myself who give the finger to the IT dept.
sasi
If your company or school already implemented web sense, try downloading at home or somewhere and attach the addin to email and open in work or school, websense only stops downloading the addon 🙂
LOL. None of you know what you're talking about.
Don’t be faggots. Get Tor on a USB, boot it through the RAM if you’re truly scared of being traced, and you’re fine.Â
phantazm
¿master? i dont think so
Why dont u tell us how to??
u got no answer
Chandrashekar M
Disable Proxy setting under Internet options —> Connections —> LAn settings
Regards
OmarÂ
exwebsense
If they have set it up in transparent proxy mode, this will make no difference.
Jacob Pagano
First, If they have this setup using WCCP in transparent mode then this won’t do anything and second if it is configured there then it is probably going to be greyed out because your administrator uses group policy to block changes.
Triton Olympian
If your IT has implemented it in explicit mode, then you will most definitely have no direct internet access (blocked by perimeter firewall). That is if your IT did things right.
Ari
The company I work for just started to allow employee’s internet usage for business purposes only. We are an outside sales company and my employees visit stores, and nightly synchronize store data. Each employee has a laptop computer. As such, to help monitor internet activity I am now receiving monthly recaps on each employee and their internet activity. The company uses Websense to track activity. Out of the 18 employee’s I supervise, 13 visited sites I would consider not business related. The remaining 5 showed no activity at all. The one common denominator that all 13 had in common was that they visited our company intranet site. When questioned about the sites, verison.com, facebook.com, walmart.com etc… all of them said they never visited any site other than our intranet site. Some even said that several of the sites listed were sites they have only visited on their home computer. Is it possible that websense can pick up internet sites from home computers?
Another Security Guy
Simply put, no. Websense can only log and report on systems which connect through the filter. It would also require the user to have the same domain/user credentials on their home box. If they say they’ve never visited these sites from a company system, they are not telling you the truth.
luser
If you are getting reports that someone has visited, for instance, Facebook and they deny ever having done so there are, imho, three possibilities
1. They are not telling the truth
2. Someone else used their machine (in which case they should learn to lock it)
3. (most probable) The reports of Facebook use are actually caused by visits to pages that have links to Facebook (like buttons, content from Facebook)
I have seen a lot of reports where there is an indication of misuse (as defined by the corporate policy) but further investigation shows that the reported use was “indirect”. Â Go to almost any newspaper site and you will see connections to Facebook / Twitter etc. Â It is possible that these connections are being serverd directly by Facebook / Twitter etc and show as visits in Websense.
hthÂ
exwebsense
I used to work for Websense, the filtering products do also have an option to filter remote machines (eg. company laptops/PC’s) …. even when you are using your home internet connection.
Bob
that only works if they are using Logon Agent through a tunnel from home to work – if they aren’t attached to the network being filtered then NO WS cannot log the traffic and you, exwebsense, should know that.
Poor Bored Bastard
Here’s the thing, though, security guy. Not everyone has the same job on the same shift. So while those guys on day shift might be a million times more productive not being able to check their email or read the news, us poor slobs on nights are going to suffer a huge lapse in productivity when we fall asleep waiting for the next chunk of work to be brought to us. Here in the lab I work at we have regular chunks of 10-20 minutes where we’re either waiting for assay samples to fuse or waiting for someone to bring in more samples. Before websense I might have used this time to check my email, maybe peruse a few headlines. Now? I chug a coke and try not to fall asleep. Don’t try to tell me that’s somehow better for business.
Another Security Guy
So speak to your management, don’t just make ridiculous comments about a product. Websense is only the tool – much like your assay sampling machine. If one of those broke down, would you be online blaming the product? No. You would speak to someone with authority about it. You might have 10 – 20 minutes to spare at a time. It takes much longer to fix computers that end up virus laden, or full of malware as a result of people who have no clue what they are doing downloading rubbish to machines.
A sensible policy needs to accompany the product. Websense provide the categories. Management provide the policies.
Ben
If a work computer ends up virus laden, or full of malware, you as an admin should be fired.
Firefox + adblock (+ NoScript if you wanna be super picky) + Spybot S&D immunization & TeaTimer + halfway decent AV (Avast for example, if you are using norton, mcafee or anything similar, you should be fired, then taken out back and shot. Repeatedly. For being a bleeding idiot) = Fairly impenetrable computer. Bout the worst thing you’ll have to do is clean tracker cookies once in a while.
Securing work machines is simple. Teaching the IT Staff how not to be blathering idiots is the difficult part.
bernerd
Drumswiper
Or you could just do what I do and just get your own 3G service. I have two computers in my office, one for work, that is connected to the company lines and one that gets 3G wireless service for personal web browsing and email. With the upcoming 4G service, IT barriers will be as obsolete as the Berlin wall.
Perer Ishmael
I use something called Njutrino – from njutrino.com which I run from a USB stick, its a browser with built in proxy – Means I can browse what I like at work and not worrk. Also has a button which lets me hide the window ! very useful
Censure Combat
I really hope you are from the company in Atlanta that I think you are, so I can enjoy it more when I hack your desktop jockey software.
Cthulhucalling
HAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHA!
(wipes tear from eye)
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!
Torino
What I did was, on my company’s computers Websense is installed as a program in Program Files, open up the main executable with a hex editor, and put a bunch of garbage. The file will refuse to run, but Websense only checks if it’s on the computer, not if it’s running or not
Tim
What is the name of the exe?
sammy singh
when I try to open any site which google has searched as proxy IP host, websense blocks it so I can get further, can anyone help in getting the IP.
Bob23232
I can someone give me a list of Ip host port!
Thanks
bling1222
yes please
Daniel Memenode
Originally posted by knight: “Originally posted by Shingetsu: “There is still another way! Although most people don’t get it that much. Webscence got themselves a proxy avoidance filter, as well as a download one. Http tunneling can be quite resource needing. This is quite simple. In firefox (that you can download, since the download site is listed as EDUCATION in webscence) install foxy procy BASIC (not original) then look around in google for this “proxy IP host port” type some into froxyproxy basic (number and port, preferably transparent) and then browse! It’s the same as a proxy, but built-in. So it cannot be blocked. Posted by Shingetsu.”
I cant find the “froxyproxy basic” with firefox add ons.”
Here it is.
fallencolossi
bro i try downloaded the foxyproxy but failed..y?
can tell me, and the downloading method i tried was via MFox add-ons install window…
pls advice..
knight
Originally posted by Shingetsu: “There is still another way! Although most people don’t get it that much. Webscence got themselves a proxy avoidance filter, as well as a download one. Http tunneling can be quite resource needing. This is quite simple. In firefox (that you can download, since the download site is listed as EDUCATION in webscence) install foxy procy BASIC (not original) then look around in google for this “proxy IP host port” type some into froxyproxy basic (number and port, preferably transparent) and then browse! It’s the same as a proxy, but built-in. So it cannot be blocked. Posted by Shingetsu.”
I cant find the “froxyproxy basic” with firefox add ons.
emmie
how do i take a block off of my netgear firewall
Shingetsu
There is still another way! Although most people don’t get it that much. Webscence got themselves a proxy avoidance filter, as well as a download one. Http tunneling can be quite resource needing. This is quite simple. In firefox (that you can download, since the download site is listed as EDUCATION in webscence) install foxy procy BASIC (not original) then look around in google for this “proxy IP host port” type some into froxyproxy basic (number and port, preferably transparent) and then browse! It’s the same as a proxy, but built-in. So it cannot be blocked. Posted by Shingetsu.
artiste
ofcourse there is a software to bypass websense try XeroBank_Installer.exe is the best