This article is aimed at those who wish to gain an understanding of how Research Machine's Smart Cache filtering system works. It requires an understanding of basic networking principles and an understanding of the C programming language.
If you are simply desparate to see how many virtual friends you have on Myspace, this is not for you. Furthermore you must be responsible for your actions at all times and understand that applying the concepts outlined to a live network may void your right to use the resource. Please do not be stupid and respect that, although not perfect, the filters are there for a good reason.
To filter the pages that students access at a school which has deployed Research Machine's Smart Tracker 2 software, all browser requests are sent through a filtering proxy, in most cases a version of Squid. Pages which fail the filtering rules are replaced with an image of a daft looking cartoon headgehog. While not perfect, it does work relatively well.
To ensure pages are only accessible through the filtering proxy, all direct connections from the local network through port 80 to the internet must be blocked. All web browsers on the network are then forced to connect through the proxy server.
Firstly, the problem of identifying which user is requesting the page to apply the correct set of rules (guest, student, teacher, administrator, etc), is difficult. Research Machines decided to implement the commonly known Ident protocal. While this is a very easy to use protocal it requires the absolute trust of the machine making the request and can reveal the location of users inside a network via network sniffing.
Secondly, filtering rules are not always entirely accurate. This is a problem for content filtering in general. For example, while researching flat packable chair designs for a design technology lesson, I discovered that the retailer Ikea had its website filtered. Furthermore, CSS Play, a wealth of useful knowledge, was also blocked; not something I would expect to be considered offensive.
The RMSmartcache.exe is in fact based on an open source piece of software! Mathew Mastracci's Identd server is the base of the code. Apon analysis it seems that the RM version follows a pretty vanilla version of the Ident protocal, with a few bits strapped on.
By spoofing the user account to one with high privileges, say a teacher or admin, the proxy will probably have little or no filtering. Changing the user account, room number and station number regularly will reduce the risk of being noticed.
The task of spoofing the Ident response is trivial - the pair of port numbers must be echoed with the other information simply appended. No data has to be dynamically created so simply reading the spoofed information from a text file is a sound idea.
Note that RMSmartcache.exe must be killed so that the spoofing server may receive control of port 113.
I chose not to use the original code from Mathew Mastracci because it was simply too complex for what was needed. I also borrowed some of the sockets code from MSDN so I do not claim original authorship to that portion.
Note that I will not distribute binaries of the code. Firstly, and most importantly, to stop the script kiddies from looking at stuff they should not and secondly I have no idea as to what license the little bit of sockets code I used has.
The source to my spoofing server is available in the code section.
The executable will probably not run from a standard user account, depending on how the network is set up. Using a boot disk such as UBCD for Windows can provide the required local admin account.