Bypassing the Bluecoat Unified Agent

I have always been passionate about finding ways to bypass restrictions, as it gives me an adrenaline rush.

Since the product is no longer for sale and no further CVEs will be issued, I would like to share our experience in bypassing the Bluecoat Unified Agent from Symantec Broadcom Software, along with Mohamed Mostafa Ismail, Ahmed Tarek and Adly Gamal.

We’ve successfully bypassed the Bluecoat Unified Agent on Windows, and this vulnerability is of critical importance as it grants access to malicious websites and allows users to bypass data leakage prevention policies on corporate laptops.

We employed three different approaches:

1. We utilized a virtual machine, such as VMware Workstation. By adjusting the network configuration to NAT and launching a browser within the virtual machine, we were able to access any web application that was blocked by the Unified Agent. For data leakage, we made use of services like WeTransfer.

2. Additionally, we made use of the built-in Windows Sandbox. By launching the Sandbox and opening a browser, we were able to access blocked websites without facing any restrictions.

3. This method is a bit more complex. We set up a “proxy avoidance” website on a private network using another device. Then, by accessing this website from a “device secured by the Bluecoat Agent,” the secured device was able to reach blocked websites through the proxy avoidance web app hosted on the other device.

In response, broadcom stated that “the Bluecoat Unified Agent for Windows with Cloud Enforcement has been replaced by the Web Security Services (WSS) Agent, which the team believes is not affected”.

#happyhacking #hacktheworld #broadcom #symantec