pantz.org banner
Using ssh as a socks proxy
Posted on 05-23-2006 02:13:00 UTC | Updated on 05-23-2006 02:13:00 UTC
Section: /software/ssh/ | Permanent Link

Looks like ssh can support forwarding traffic and act as a SOCKS proxy. This is fantastic for encrypted browsing over unsecured wifi connections. Just setup Firefox, AIM or any other SOCKS 4 or 5 compliant program to use the proxy. After executing the command below ssh will be listening on localhost (127.0.0.1) and you would then point your SOCKS compliant program to this ip and the port you specify below. This can also be done with SSH client for windows Putty. Something like this possibly (look it up yourself): putty -D 8080 -L 443 -ssh ssh_hostname.

ssh -qTfnN2 -D 8080 user@machine

The above commands in the line mean:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local ``dynamic'' application-level port forwarding.  This works by allocating a socket to listen to port on the local side,
      and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then
      used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
      as a SOCKS server.  Only root can forward privileged ports.

If you want to change settings in firefox for example go to: edit -> preferences -> connection settings -> manual proxy configuration -> SOCKS Host 127.0.0.1 Port 8080. Firefox will still use your local DNS to do lookups for hostnames. This may give you away if your using SOCKS to browse remotely and don't want anyone to know where your going. To get Firefox to use the proxy's dns type "about:config" into the url bar. Then change "network.proxy.socks_remote_dns" to "true". Type it in at the top and then double click it.

If you have a browser like Opera or another program that is not SOCKS aware you can use a program called tsocks. It makes a little tunnel and takes all of the outbound network traffic from the program that can't talk SOCKS and turns it into a program that can use the SOCKS server.Open the config file (/etc/tsocks.conf) and set your local networks like "local = 192.168.0.*". Then tell tsocks where the local SOCKS server is running with the settings "server = localhost" and "server_port = 8080". Last set tsocks to SOCKS type 5 like "server_type = 5". Then save the file and fire up your non-socks aware program using tsocks like "tsocks opera".

If the network your on blocks ssh outbound but leaves open port 80 or 443 then just run your ssh server on the open 80 or 443 ports.

If the network your on blocks all ports outbound except one for a proxy server then you can use a program called corkscrew. It will tunnel SSH through HTTP proxies. All you need to know is what ports the proxy lets you connect to like https (443) or http (80). Follow the readme it will show you how to set it up with ssh. After that you just use the ssh line we discussed at the top of this article to use ssh as your SOCKS proxy. Possibly combine corkscrew with tsocks.

If you have a firewall or proxy that only allows http headers going out 80 then you could use httptunnel. You need to run httptunnel on both the machine you connecting from and the machine your connecting to. The machine your connecting to will be doing your tunneling (your home machine possibly) and will need to run the httptunnel server on port 80 so you could not have any program using that port. Just read the readme's and other instructions to get it going.

If your on a network that will only let you resolve dns queries then you can even tunnel your ssh traffic through dns. Wicked huh? You can do this with a program called iodine. To do this you have to have control over real domain like pantz.org and a server with a static public IP number that does not yet run a DNS server. This is because you will be running a fake dns server on udp port 53 on your server. That is how the traffic is tunneled to your machine from the locked down network that only allows dns queries. Just read about it a the link above.

If your really desperate you can even tunnel icmp packets. This is known to most people through the program ping. A ping is just and icmp echo request. If you get onto a network that is really locked down but for some reason lets you ping hosts to the outside world then you can tunnel your traffic through icmp packets. It can be done with a program called ping tunnel.

Tunnels are really an endless game. The thing to remember is if your on a network and you can get any kind of machine on that network (proxy,dns,etc) to connect to a machine of your choosing outside of that network then you can tunnel to it. Like a dns query or a ping. You can tunnel almost any thing. Just becasue your on a locked down network doe not mean your situation is hopeless but if you have a host you control on the outside world (your home machine) and you control the host on the locked down network (root privs) you have a better chance of being able to use a tunnel.

Del.icio.us! | Digg Me! | Reddit!

Related stories


RSS Feed RSS feed logo
About


3com
3ware
alsa
alsactl
alsamixer
amd
android
apache
areca
arm
ati
auditd
awk
badblocks
bash
bind
bios
bonnie
cable
carp
cat5
cdrom
cellphone
centos
chart
chrome
cifs
cisco
cloudera
comcast
commands
comodo
compiz-fusion
corsair
cpufreq
cpufrequtils
cpuspeed
cron
crontab
crossover
cu
cups
cvs
database
dbus
dd
dd_rescue
ddclient
debian
decimal
dhclient
dhcp
diagnostic
diskexplorer
disks
dkim
dns
dos
dovecot
drac
dsniff
dvdauthor
e-mail
echo
editor
emerald
ethernet
expect
ext3
ext4
fat32
fedora
fetchmail
fiber
filesystems
firefox
firewall
flac
flexlm
floppy
flowtools
fonts
format
freebsd
ftp
gdm
gmail
gnome
greasemonkey
greylisting
growisofs
grub
hacking
hadoop
harddrive
hba
hex
hfsc
html
html5
http
https
idl
ie
ilo
intel
ios
iperf
ipmi
iptables
ipv6
irix
javascript
kde
kernel
kickstart
kmail
kprinter
krecord
kubuntu
kvm
lame
ldap
linux
logfile
lp
lpq
lpr
maradns
matlab
memory
mencoder
mhdd
mkinitrd
mkisofs
moinmoin
motherboard
mouse
movemail
mplayer
multitail
mutt
myodbc
mysql
mythtv
nagios
nameserver
netflix
netflow
nginx
nic
ntfs
ntp
nvidia
odbc
openbsd
openntpd
openoffice
openssh
openssl
openvpn
opteron
parted
partimage
patch
perl
pf
pfflowd
pfsync
photorec
php
pop3
pop3s
ports
postfix
power
procmail
proftpd
proxy
pulseaudio
putty
pxe
python
qemu
r-studio
raid
recovery
redhat
router
rpc
rsync
ruby
saltstack
samba
schedule
screen
scsi
seagate
seatools
sed
sendmail
sgi
shell
siw
smtp
snort
solaris
soundcard
sox
spam
spamd
spf
sql
sqlite
squid
srs
ssh
ssh.com
ssl
su
subnet
subversion
sudo
sun
supermicro
switches
symbols
syslinux
syslog
systemrescuecd
t1
tcpip
tcpwrappers
telnet
terminal
testdisk
tftp
thttpd
thunderbird
timezone
ting
tls
tools
tr
trac
tuning
tunnel
ubuntu
unbound
vi
vpn
wget
wiki
windows
windowsxp
wireless
wpa_supplicant
x
xauth
xfree86
xfs
xinearama
xmms
youtube
zdump
zeromq
zic
zlib