Major Websense Content Filter Bypass Vulnerability


I almost missed this Websense vulnerability, since it was published 12-21-2007, while I was on vacation. I’ve verified it works on one of my client’s networks using Firefox Portable 2.0.0.4, Websense 6.1.1, ISA Server 2004 Standard, and User Agent Switcher 0.6.10.

Mr HinkyDink, who discovered the issue used Websense 6.3.1, so I’m sure other Websense versions are susceptible as well. His instructions are:

I. Install FireFox 2.0.x

II. Obtain and install the User Agent Switcher browser plug-in by Chris Pederick

III. Add the following User Agents to the plug-in

Description: RealPlayer
User Agent : RealPlayer G2

Description: MSN Messenger
User Agent : MSMSGS

Description: WebEx
User Agent : StoneHttpAgent

IV. Change FireFox’s User Agent to any one of the preceding values

V. Browse to a filtered Web site

VI. Content is allowed

Content browsed via this method will be recorded in the Websense database as being in the “Non-HTTP” category.

See also Websense KnowledgeBase article #976, Websense cleaned up this issue in database #92938.

I work with a ton of school districts, all who are required by law to provide content filtering. We constantly struggle to keep ahead of the various methods of bypassing the filter that students find, but I really don’t fault the kids for being curious, or trying to outsmart the adults. I think the fault lies with the teachers who are supposed to be supervising, but instead allow the students to do whatever they want.

9 Responses to “Major Websense Content Filter Bypass Vulnerability”

  1. student Says:

    i use this website at school!
    no popups!
    get past the filters!
    http://www.zaag.info

  2. dan Says:

    I have tried the trick with firefox but didnt work, any other sugestions

  3. dan Says:

    i too work with school districts and have found another vulnerability with websense and a specific mozilla addon that i am attempting to permanently remove from our system.

    this addon give the end user the ability to deny the “websense redirect” and show the contents of the requested web page.

    QUOTE:
    I think the fault lies with the teachers who are supposed to be supervising, but instead allow the students to do whatever they want.

    i entirely agree as we can never be 100%. there are millions/billions of websites and only a handful of techs.

  4. jon Says:

    schools are required by law to provide filters? are they told which sites to block?

  5. Julie Says:

    Jon,

    If schools want to receive federal funding such as erate, they are required to make a “best effort” at filtering objectionable content such as pornography. With other types of sites such as social networking the schools can decide to allow or deny access. Most schools have Acceptable Use Agreements that describe what it considered objectionable, and thus is filtered.

    – Julie

  6. dan Says:

    i have done this and still does not work

  7. Lily Says:

    I can’t do it! I tried to install user agent o.6.11 but it wont allow me to open it on my desktop. I mean i got it downloaded but when i click on it, it wont work!!1

  8. Titanic Says:

    Don’t forget that the filtering programs such as Websense are meant to work in partnership with the school. Just because you can find a way around it doesn’t mean you won’t get in trouble for doing so. At the districts I work in, we still monitor all traffic that goes out, and deny pretty much anything outbound from student workstations that don’t go on port 80 or 443. We also actively monitor the traffic, and check out anything showing up in “uncategorized”. If you are found to be using proxy sites, or other means of bypassing the filters, you lose all network access for a minimum of five weeks. That means your teachers still give you the same homework, but you’ll have to write it by hand, or go home and do it on your own time instead of being able to use school computers.

  9. cam Says:

    haha i used this and now all my teachers are like wtf… facebook?!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: