Tunnelling Web and DNS through SSH using FireFox + OpenSSH and Linux

Have you ever use a wireless access point at say a library or star bucks and feel uneasy because the AP is open and anyone can access it? You should be, as these APs are prone to people who snoop around on their laptop sniffing traffic (including https, yes it’s not hard to set up an https Man-in-the-middle attack or even a fake AP for all that matters). Please note that this method can also be used to tunnel through companies’ web proxies such as ISA browse to websites that are deemed inappropriate, and therefore blocked, so it is highly NOT recommended that you use the method described hereon for unlawful uses or uses that conflicts with your company’s policies.

Preliminary steps:
Go to www.no-ip.com and sign up for a free account, download and install the client on the PC that will be running the SSH server or a PC within the same location / network.
Go to www.whatismyip.com to check your public IP address. Note it down
Go to www.getfirefox.com and install Firefox browser (as of current this method has been tested with FireFox 2 and 3)

1) First step, if you do not have a Linux box at home download VMWare server, install it and then install any flavor of Linux as the guess OS

2) Log onto the newly installed Linux Virtual Machine (VM) and install the OpenSSH server package. Every Linux flavor is slightly different so you will have to do some research on your own. As for those that picked Ubuntu 8.04, at the end of the install it will prompt if you want to install the ssh package. Choose yes.

3) Change the IP address of the server to static

3) Verify that ssh was installed properly by typing:
ssh localhost
It should prompt you for a user and password. Log in using your username and password that you have setup during the OS installation.

4) Make sure your router has port forwarding turned on and that port 22 external is also pointing to port 22 internally at the IP address of the your Linux/ssh server

5) If you’re running Linux on the box that you will be surfing the internet from then ssh should already be installed. However, if you are running Windows XP or Vista go to:
Download, unzip and install ONLY the client

6) Once finished installing, go to a command prompt and test the connection by typing:
ssh username@enterno-ipaddresshere.com
username should be the username for the Linux box that you tested in step 3
@enterno-ipaddresshere.com should be the domain name that you registered with no-ip.com in the preliminary steps
If this doesn’t work try to telnet to the IP of that server using
telnet xxx.xxx.xxx.xxx 22
Where xxx.xxx.xxx.xxx should be the IP address that you have noted down in the preliminary steps, if this doesn’t work then something went wrong during your setup

7) Once that works, you are now ready to create a tunnel for your web browsing:
ssh -D 8080 -fN username@enterno-ipaddresshere.com
username should be the username for the Linux box that you tested in step 3
@enterno-ipaddresshere.com should be the domain name that you registered with no-ip.com in the preliminary steps
This creates a SOCKS compatible proxy, other methods on the internet suggest using ssh -L or similar, however those are no SOCKS compatible and will not allow for DNS forwarding

8) Launch Firefox, in the address bar type the following and press enter:
On Firefox 2.0 look for this:
Double-click to change the value to True
On Firefox 3.0, click “I’ll be careful, I promise” and then look for:
Double-click to change the value to True

9) In Firefox, Go to: Tools> Options > Advanced > Network > Settings
Select “Manual Proxy Configuration”,
add localhost to the “SOCKS Host:” field, port 8080 (this is where the ssh -D 8080 -FN username@enterno-ipaddresshere.com comes in)
Click OK and you should now be browsing the internet securely without worrying people watching your traffic and stealing your information.

To go back to normal browsing just revert step 9 to “Direct Connection to the Internet” and it will go back to the way it was.

Happy Browsing, productive comments are welcome

One comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.