MattLestock.com

Thoughts from your friendly neighborhood technologist.

Setup an SSH SOCKS proxy!

For episode 416 of HAK5, I showed how easy it really is to tunnel all kinds of traffic from HTTP, FTP, and more over a secure SSH Socks proxy.

Some of you may be thinking to yourself… “HOLY CRAP WHAT ARE THESE TERMS?!”  And I’m here to assure you that it’s going to be OK! Really it is.

What you’ll need

  • An SSH server to act as your proxy.
    Simple enough really!  If you’re using windows I highly recommend freeSSHd.  If you’re on a mac check out this page for instructions on how to enable remote logon.  Linux users, you should know how to do this. 😉
  • An SSH client on the computer you’re using.
    Mac and *nix machines have SSH built right in at the command line. Windows users can do like I did in the episode and download plink (available here).  There are other people out there that will recommend Cygwin, but for this purpose, it’s really overkill.

How proxies work

In a nutshell, what you’re doing with a proxy is setting up a middle-person (no not a pineapple, but close) between you and the internet. Using the proxy, your browser hands off web page requests to the proxy server, which handles the request and fetches the page for you from the internet. The web site actually thinks the request is coming from the proxy server, not your computer, which is a good way to obscure your originating IP address.

Additionally, the connection between your computer and the proxy happens over SSH, an encrypted protocol. This prevents wifi sniffers from seeing what you’re doing online.

Start your SSH tunnel

So you’ve got your ssh server setup at your house or workplace. Great! To connect to it we’re going to setup a local proxy server on your client that you’ll be browsing the internet from, which will then “tunnel” web traffic from your local machine to the remote server over SSH. The command to run on your linux / mac client in a terminal window is : ssh -ND 9999 you@example.com

For Windows it’s as simple as browsing to the directory you saved plink to and runningplink.exe -N -D 9999 you@example.com

Of course, you’re going to replace the you with your username on your SSH server and example.com with your server domain name or IP address. What that command does is accept requests from your local machine on port 9999 and hands that request off to your server at example.com for processing.

When you execute either of those commands, you’ll be prompted for your password.  After you authenticate, nothing will happen. The -N tells ssh not to open an interactive prompt, so it will just hang there, waiting. That’s exactly what you want.

Set Firefox to use SOCKS proxy

Once your proxy’s up and running, configure Firefox to use it. From Firefox’s Tools menu, choose Options, and from the Advanced section choose the Network tab. Next to “Configure how Firefox connects to the Internet” hit the “Settings” button and enter the SOCKS information, which is the server name (localhost) and the port you used (in the example above, 9999.)

Save those settings and hit up a web page. When it loads, visit http://www.ipchicken.com to see if it’s using your remote ssh server to tunnel traffic.  If you are, GOLDEN!

If you feel there’s something I’ve missed, hit me up here (http://www.mattlestock.com)

PS: Remember that you’ll need to open your firewall a bit by cracking open port 9999 on your local machine and port 22 on your server for SSH.

12 Comments

  1. This is so cool. I’ve been needing something like this for work purposes, so your tutorial is very timely for me. Can’t wait to try it out, thanks!
    KP

  2. Hey Matt,

    Just want to say thanks for doing this segment, I found it really useful, although not all Linux users know a lot about SSH 🙂

    Anyway I hope that you’ll be giving us more security tips like this soon 🙂

    Satal

  3. I’m glad you guys are getting use out of it!
    Please let me know if you have any questions.

    Matt

  4. This works great! Looking at the freesshd log, I’m amazed at how often the danged Chinese are trying to login to my ssh server.

    KP

  5. On OS X you can also tunnel everything on your system using:
    networksetup -setsocksfirewallproxy Ethernet localhost 9999 off
    then turn it off using:
    networksetup -setsocksfirewallproxystate Ethernet off

    You can easily make an applescript to toggle your tunnel on and off.

  6. One thing you should mention, for those folks running freesshd, that they will need to make sure that on the Tunneling tab they check the “Allow local port forwarding” is checked, and that “Tunnel” is checked for their user on the Users tab.

  7. Matt: Is it possible to use a public SSH server to setup the tunneling? I was trying to use bshellz at http://www.bshellz.net/help/logging-into-your-shell to setup tunneling but it is not working.

    I have tried different ports and both putty and plink at both port 22 and port 443. Still no luck.

    I have a slower connection at home so I thought a public SSH server was a better idea.

    Thanks

  8. This works great under Windows, but I’m having problems with connecting to my home server from a Ubuntu Linux client. It connects successfully, but very soon thereafter I get this message:
    client_input_channel_req: unexpected channel -1

    Any idea what that message actually means? I dual boot the laptop, so it’s no big deal to use Windows to go ssh to home, but I know I shouldn’t be necessary. Thanks and Happy New Year!
    KP

  9. This is all good and well but you can easily sniff ssh2 if you know what you are doing with a pineapple.

    http://www.david-guembel.de/index.php?id=6

    Using that and a little know how you can easily make your deadly router more deadly than ever before. I know Cain and Able can do ssl1-3 using arp poisoning attacks but this is the only way I know of to attack ssh2.

    Something similar can be done with IPSec/VPN as Bruce Schneier has said before there are many problems with IPSec. There is no true defense against MitM other than your own common sense.

  10. Hello Matt;

    Just to let you know how interesting this was. At my University one of the courses that I teach now and then is a sof/junior level course on Computer Security number SEC 280. It is a blended class containing students from CIS, Telecom and Technical Management.

    I encourage my students to download and watch the HAK5 casts. I get mine through my TiVO and enjoy them.

    During the discussion of PKI and VPN I demonstrated your SSH Plink.proxy. I set up the SSH server on one Notebook and the Plink Proxy on another.

    During the demonstration I use Wireshark to capture my http activity then I set up my browser with the PlinkProxy and capture more packets. Wireshark shows all the SSH traffic as Encrypted.

    The students are amazed and it all leads into hundreds of questions on encryption and security.

    I do not know why I had not thought of this before. It works well and also leads into questions and demonstrations about SSH and the various setting for the FreeSSHd daemon.

    Well done and thank you from this old dog for the new trick.

    Professor FJ

  11. Cool stuff but I am having trouble getting it to work. Here is my setup: router: nat, spi, port forward to ssh server; os: port 9999 open. FreeSSHd: user, password, port forwarding, all capabilities enabled, no user on OS to match FreeSSHd. OS: server 2003, antivirus. Client OS: Vista, IE 7. Do I just need to forward one port from the router? I can connect to the server but not get my http traffic forwarded. I can access the file system. If I get this to work eventually I would like to tunnel DNS.
    P.S. I found some nice portable apps for putty, password recovery, network password recovery wireless and wired, and some nice multimedia stuff from Codyssey.com

  12. I still use this all the time. I set it up tonight for use from a hotel wireless to connect back home and remembered this post. Thought I’d let you know how useful it still is today. Miss you on Hak5.
    Ken

Leave a Reply

© 2019 MattLestock.com

Theme by Anders NorenUp ↑