Home > research > SSH Tunnelling over HTTP/HTTPs with SOCKS 5

SSH Tunnelling over HTTP/HTTPs with SOCKS 5

August 6th, 2009 Danny Y. Huang Leave a comment Go to comments

This article explains how to create an SSH (Secure Shell) Tunnel over HTTP/HTTPS with SOCKS 5 proxy. This article assumes that you have access to an OpenSSH server, and that you’re running a *nix operating system, e.g. Mac OS, Linux, FreeBSD.

Specially dedicated to E.Y. who has struggled for months behind the Great Firewall.

First, you need SSH access to any server. Go to the terminal and enter:

ssh -vv -CND 1080 yourUserName@yourServer.com

You’ll be prompted to enter the password. Then, some messy texts are printed out. When it’s ready, you’ll see (varies across different flavors of Linux):

debug1: Entering interactive session.

Now you need to set up Firefox. Go to Edit > Preferences and open up “Firefox Preferences”. Then proceed to Advanced > Network, as shown. Click on “Settings”.

Creating SSH Tunnel over HTTP/HTTPs using SOCKS v5 Proxy

Firefox Preference

In “Connection Settings” window, check “Manual proxy configuration”. In “SOCKS Host”, enter “localhost” with port number 1080. Make sure that “SOCKS v5″ is checked.

Creating SSH Tunnel over HTTP/HTTPs using SOCKS v5 Proxy

Configuring the proxy in Firefox

Next, we need to override the default DNS settings. We can force Firefox to resolve domain names using the SOCKS v5 proxy, rather than using the DNS servers provided by the DHCP by default.

In Firefox’s address bar, enter “about:config”.

Firefox may warn you that you’re about to make changes that will probably upset the browser. Ignore it and proceed.

In the “Filter” text box, enter “dns”. You are may see this:

Configure remote DNS in Firefox

Configure remote DNS in Firefox

Look for the line that says “network.proxy.socks_remote_dns”. By default, it is set to false. Double click on that line so that the value becomes true, as shown:

Configure remote DNS in Firefox

Configure remote DNS in Firefox

Your Firefox is now correctly set up. All web traffic has to go through your SSH server, and all packets are encrypted so you don’t need to worry about being sniffed.

If you’re not convinced, open up http://www.ip-adress.com in Firefox. Instead of your usual IP, you’ll see your server’s IP address. What is more, your address has changed: your location is shown to be that of the server! Yay! Done!

Reference

“Access Facebook Through The Great Firewall”, <http://rejon.org/2009/07/access-facebook-through-the-great-firewall-second-line-ssh-tunnel/>

Categories: research Tags:
  1. No comments yet.
  1. No trackbacks yet.