Thursday, 1 August 2013

Socks proxy over SSH OR Safely browse the Internet

This one comes in handy for me in three different scenarios. The first is when I am travelling and relying on free internet hotspots (eg. airports, Mc Donalds, hotels) and I want to safely do banking. Another is when I want to look at a website that is blocked by the network I am attached to. Finally, so that I can look like I am at home when I am not to a website that uses location data based on an IP address.

What you will NEED

  1. A working SSH server that you have remote access to. If you don't then have a look here.
  2. Firefox (you can do this without firefox if you install third party add-ons or are not using windows)

How to do it


Open a SSH session and create a dynamic port forward using the -D flag, you can also add the -C flag to compress the session, this probably wont help much since most web servers already compress the response. eg. ssh -C -D 6666


Open Putty, enter your server details eg. ssh
Click SSH, Check 'Enable compression' 

Expand SSH and click Tunnels
Enter 6666 in the source port and select 'Dynamic'
Click Add
(Optional) Click back on 'Session', enter a name for the session and click save

Click Open, Click Yes to accept the key if this is the first time you are connecting
Enter your password (there will be no feedback when typing the password)
You should get a black screen that says <username>@<hostmane>:~$ 

Install Firefox, start it up then go to the settings page. These example screen shots are for windows but the process is very similar for mac or linux.

  1. Click on the firefox menu on the top left, click options, click options
  2. This will open the Options dialogue box
    click the advanced icon at the top, click the network tab below the icons, click the settings box under Connection.
  3. In the Connection settings box click Manual proxy Configuration, in the SOCKS host box type localhost, in the port box beside type a high order port (eg. 6666), click OK to close the Connections settings box, then again to close the options box.

  4. OPTIONAL: Firefox will still do the DNS lookups on your local network even though it then tunnels the web page over the SSH session. If you are paranoid and don't want your DNS lookups known then you can tell Firefox to do remote DNS lookups.
    1. In Firefox, enter about:config in the url bar, click I'll be careful...

    2. In the search bar type socks, double click network.proxy.socks_remote_dns to change the value to true.
    3. Now Firefox will do remote DNS queries.
Thats all there is to it, now all your web traffic is encrypted between you and your home network. To external sites the traffic will seem to come from your home IP address. 
Happy browsing!

No comments:

Post a comment