pantz.org banner
Using ssh as a socks proxy
Posted on 05-23-2006 02:13:00 UTC | Updated on 05-23-2006 02:13:00 UTC
Section: /software/ssh/ | Permanent Link

Looks like ssh can support forwarding traffic and act as a SOCKS proxy. This is fantastic for encrypted browsing over unsecured wifi connections. Just setup Firefox, AIM or any other SOCKS 4 or 5 compliant program to use the proxy. After executing the command below ssh will be listening on localhost (127.0.0.1) and you would then point your SOCKS compliant program to this ip and the port you specify below. This can also be done with SSH client for windows Putty. Something like this possibly (look it up yourself): putty -D 8080 -L 443 -ssh ssh_hostname.

ssh -qTfnN2 -D 8080 user@machine

The above commands in the line mean:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local ``dynamic'' application-level port forwarding.  This works by allocating a socket to listen to port on the local side,
      and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then
      used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
      as a SOCKS server.  Only root can forward privileged ports.

If you want to change settings in firefox for example go to: edit -> preferences -> connection settings -> manual proxy configuration -> SOCKS Host 127.0.0.1 Port 8080. Firefox will still use your local DNS to do lookups for hostnames. This may give you away if your using SOCKS to browse remotely and don't want anyone to know where your going. To get Firefox to use the proxy's dns type "about:config" into the url bar. Then change "network.proxy.socks_remote_dns" to "true". Type it in at the top and then double click it.

If you have a browser like Opera or another program that is not SOCKS aware you can use a program called tsocks. It makes a little tunnel and takes all of the outbound network traffic from the program that can't talk SOCKS and turns it into a program that can use the SOCKS server.Open the config file (/etc/tsocks.conf) and set your local networks like "local = 192.168.0.*". Then tell tsocks where the local SOCKS server is running with the settings "server = localhost" and "server_port = 8080". Last set tsocks to SOCKS type 5 like "server_type = 5". Then save the file and fire up your non-socks aware program using tsocks like "tsocks opera".

If the network your on blocks ssh outbound but leaves open port 80 or 443 then just run your ssh server on the open 80 or 443 ports.

If the network your on blocks all ports outbound except one for a proxy server then you can use a program called corkscrew. It will tunnel SSH through HTTP proxies. All you need to know is what ports the proxy lets you connect to like https (443) or http (80). Follow the readme it will show you how to set it up with ssh. After that you just use the ssh line we discussed at the top of this article to use ssh as your SOCKS proxy. Possibly combine corkscrew with tsocks.

If you have a firewall or proxy that only allows http headers going out 80 then you could use httptunnel. You need to run httptunnel on both the machine you connecting from and the machine your connecting to. The machine your connecting to will be doing your tunneling (your home machine possibly) and will need to run the httptunnel server on port 80 so you could not have any program using that port. Just read the readme's and other instructions to get it going.

If your on a network that will only let you resolve dns queries then you can even tunnel your ssh traffic through dns. Wicked huh? You can do this with a program called iodine. To do this you have to have control over real domain like pantz.org and a server with a static public IP number that does not yet run a DNS server. This is because you will be running a fake dns server on udp port 53 on your server. That is how the traffic is tunneled to your machine from the locked down network that only allows dns queries. Just read about it a the link above.

If your really desperate you can even tunnel icmp packets. This is known to most people through the program ping. A ping is just and icmp echo request. If you get onto a network that is really locked down but for some reason lets you ping hosts to the outside world then you can tunnel your traffic through icmp packets. It can be done with a program called ping tunnel.

Tunnels are really an endless game. The thing to remember is if your on a network and you can get any kind of machine on that network (proxy,dns,etc) to connect to a machine of your choosing outside of that network then you can tunnel to it. Like a dns query or a ping. You can tunnel almost any thing. Just becasue your on a locked down network doe not mean your situation is hopeless but if you have a host you control on the outside world (your home machine) and you control the host on the locked down network (root privs) you have a better chance of being able to use a tunnel.

Del.icio.us! | Digg Me! | Reddit!

Related stories


RSS Feed RSS feed logo

About


3com

3ware

alsa

alsactl

alsamixer

amd

android

apache

areca

arm

ati

auditd

awk

badblocks

bash

bind

bios

bonnie

cable

carp

cat5

cdrom

cellphone

centos

chart

chrome

cifs

cisco

cloudera

comcast

commands

comodo

compiz-fusion

corsair

cpufreq

cpufrequtils

cpuspeed

cron

crontab

crossover

cu

cups

cvs

database

dbus

dd

dd_rescue

ddclient

debian

decimal

dhclient

dhcp

diagnostic

diskexplorer

disks

dkim

dns

dos

dovecot

drac

dsniff

dvdauthor

e-mail

echo

editor

emerald

ethernet

expect

ext3

ext4

fat32

fedora

fetchmail

fiber

filesystems

firefox

firewall

flac

flexlm

floppy

flowtools

fonts

format

freebsd

ftp

gdm

gmail

gnome

google

greasemonkey

greylisting

growisofs

grub

hacking

hadoop

harddrive

hba

hex

hfsc

html

html5

http

https

hulu

idl

ie

ilo

intel

ios

iperf

ipmi

iptables

ipv6

irix

javascript

kde

kernel

kickstart

kmail

kprinter

krecord

kubuntu

kvm

lame

ldap

linux

logfile

lp

lpq

lpr

maradns

matlab

memory

mencoder

mhdd

mkinitrd

mkisofs

moinmoin

motherboard

mouse

movemail

mplayer

multitail

mutt

myodbc

mysql

mythtv

nagios

nameserver

netflix

netflow

nginx

nic

ntfs

ntp

nvidia

odbc

openbsd

openntpd

openoffice

openssh

openssl

openvpn

opteron

parted

partimage

patch

perl

pf

pfflowd

pfsync

photorec

php

pop3

pop3s

ports

postfix

power

procmail

proftpd

proxy

pulseaudio

putty

pxe

python

qemu

r-studio

raid

recovery

redhat

router

rpc

rsync

ruby

saltstack

samba

schedule

screen

scsi

seagate

seatools

sed

sendmail

sgi

shell

siw

smtp

snort

solaris

soundcard

sox

spam

spamd

spf

sql

sqlite

squid

srs

ssh

ssh.com

ssl

su

subnet

subversion

sudo

sun

supermicro

switches

symbols

syslinux

syslog

systemrescuecd

t1

tcpip

tcpwrappers

telnet

terminal

testdisk

tftp

thttpd

thunderbird

timezone

ting

tls

tools

tr

trac

tuning

tunnel

ubuntu

unbound

vi

vpn

wget

wiki

windows

windowsxp

wireless

wpa_supplicant

x

xauth

xfree86

xfs

xinearama

xmms

youtube

zdump

zeromq

zic

zlib