Breaking the Network: SSH Server as Proxy for Secure Browsing

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Our university LAN is pretty restricted. You can only access the most basic ports like http (80), ftp (21), ssh (22), pop3, imap and so on. But what if you need another port like a port to manage a webserver?
After some tuning and searching we came up with the almost perfect solution. And it is very easy but effective.
All you need is

A UNIX (Linux/Ubuntu for example) server with a SSH server and your account
Firefox 3.5 (works with earlier versions)
FoxyProxy Addon for Firefox

Install Foxyproxy and restart Firefox. If you install Foxyproxy later, the windows below will look differently! You will than have to use the settings below and add regex and so on later.

First open a xterm console and enter the following command:

ssh -C2qTnN -D <port-you-want> <ssh-user>@<sshserver>

Now edit your Firefox proxy settings under

Preferences -> Advanced -> Network -> Connection -> Settings

In this window enter the following values:

Enter localhost or 127.0.0.1 as the server and as port the number you used in the SSH command.

I used a regex https?://.*:2083/.* that checks any URL I visit and if it matches, the “SSH Proxy” is activated. Of course the SSH connection has to be open to work. You can alter my regex and use any other port like 10000 for Webmin or 443 and that will redirect ALL SSL traffic trough your SSH server.

This works like a charm and is almost perfect. Next thing is to have the SSH connection being started directly by Foxyproxy.

Settings for non Foxyproxy users

If you do not want to use Foxyproxy, your proxy window should look like this:

Make sure you only enter the IP address or localhost in the Sockets proxy section! If you try this and it wont work, enter about:config in your browser bar and search this entry: network.proxy.socks_remote_dns and set it to true. Without Foxyproxy you will not be able to define different proxy server or use the proxy server based on rules/regular expressions. All your traffic will be routed trough your SSH server. And this could make surfing slower and your downloads even slower.

Some information from calomel.org. Thanks to Christian for testing and researching with me.

3 thoughts on “Breaking the Network: SSH Server as Proxy for Secure Browsing”

Pingback: Corsin Camichel
christian says:

17. August 2009 at 22:34

Another very easy way is to configure an OpenVPN server. No need for proxying that way…
1. CoCaman says:
  
  17. August 2009 at 22:47
  
  True, but this was set up in a few minutes and currently fits my needs. And I don’t have OpenVPN installed 😉

Comments are closed.