Home > SSH > SSH Tunnel + SOCKS Proxy Browsing

SSH Tunnel + SOCKS Proxy Browsing

May 23rd, 2009

This article I create for my personal reference since I tend to forget things such as names, addresses, SSH Tunnel configurations, severe acts of nature and so on…

Concerning Tunnels:

A tunnel is usually an underground passage from one place to another. Why is there a reason to go through a tunnel instead above ground I can’t really answer in general, but I sure know why I have to use tunnels in my daily IT routines.
The tunneling allows me to deliver payload securely and also allows me to access resources that are otherwise restricted from my location.
The example below demonstrates the setup of an SSH Tunnel that is used for simple internet browsing.

Microsoft Windows 2000/XP/2003/Vista

When using Microsoft Windows operating systems I create SSH Tunnels using Putty.

1. Connect to an SSH server using Putty.

In this example I am using the hosting for this website.

SSH Tunneled Proxy 1 - Connect to the SSH host

2. Right click on the SSH Toolbar and select “Change Settings…”

SSH Tunneled Proxy 2 - Change Putty Settings...

3. On the newly opened windows select Connection >> SSH >> Tunnels. Type in the source port the number “80”. This number is simply an example and you must feel free to use any appropriate port number on your host.
In the destination text box type “localhost” and select the radio button “Dynamic”.

SSH Tunneled Proxy 3 - Tunnel Configuration

4. Click Add and add other ports if you might need them for some purpose. You should see your Port forwarding rule added as D80 if you have used the above settings. Once you added the port forwarding, apply the change.

SSH Tunneled Proxy 4 - D80

Your tunnel is now ready. You can check this with telnet for example.

Linux/Mac OSX/UNIX

Under Linux the configuration is quite simplified compared to windows so no screen shots are neccessary.

Open a terminal and connect to the remote ssh server/host with the following command:

host# sudo /sbin/ssh -p22 -D 80 user@unix.soteks.com

Follows the browser configuration. It is similar config in most operating systems and browsers.

5. In Mozilla (quite similar in IE) open the Options or Properties of the browser. Navigate to Network and select Settings.

SSH Tunneled Proxy 5 - Firefox Network Settings

6. Select Manual Proxy configuration. Under the SOCKS Host type localhost and for port number put 80. Select SOCKS v.5. Click OK.

SSH Tunneled Proxy 5 - Firefox SOCKS Proxy

Once the above is completed successfully. All of your firefox traffic is being tunneled through the ssh connection that you have done so all the traffic is encrypted.

In addition to such setup I usually use the extra feature to forward by DNS requests through the tunnel too. This is a good idea if your DNS queries are being logged. To do this simply type about:config in the address bar of Firefox and in the filter line search for dns. Find the value network.proxy.socks_remote_dns and change the value to true.

7. In the address tab of firefox type about:config. In the Filter box search for DNS

It is considered a crime to use the above to get to your Friendface websites.


Categories: SSH Tags: ,
  1. June 28th, 2009 at 03:46 | #1

    No need to use sudo, at least on Mac OS X.

    host# ssh -D 80 user@unix.soteks.com

  2. July 6th, 2009 at 13:30 | #2

    Hello Nueh,
    You are right however Privileged ports can only be forwarded by root.
    In my example I tried with port 80 which is a privileged one, that’s the reason to use sudo. (I use Mac OS X 10.5.7 Darwin Kernel Version 9.7.0)
    Which port do you normally use for such proxy?


  3. liquid
    September 8th, 2009 at 06:22 | #3

    Does anyone know how to forward this setup to a third box?
    $server -> dynamic socks forwarded to $box -> forwarding once more to $boxTwo.

  4. September 9th, 2009 at 00:41 | #4

    So you want the server to use a socks proxy through ssh to a box1, and box1 to forward this to box2, so actually the server is using a socks proxy to box2? I was thinking about this once but never tried it. Is this what you need done?


    — St0ma

Comments are closed.