Tunnel web browser through an SSH tunnel

Tunnel web browser through an SSH tunnelThis is for people who want to browse, but not have their traffic snooped on. Tunnel web browser through an SSH tunnel!

Tunnel web browser through an SSH tunnel

I am not condoning improper use of any corporate or government network, but in some instances where freedom or privacy need to be preserved this could come in  handy.

Again this is for informational purposes only.

Create your SSH tunnel

You’ve got access to an SSH server and you want to start using it as your proxy. To do so, you’re going to set up a “tunnel” which passes web traffic from your local machine to the proxy over SSH. The command to do so is:

ssh -ND 8080 username@www.hostname.com

What that command does is hand off requests to localhost, port 8080, to your server at hostname.com to handle. Of course, you’re going to replace username with your username and hostname.com with your server domain name or IP address.

When you execute that command you’ll get prompted to enter your password. Once you authenticate, nothing will happen. The -N tells ssh not to open an interactive prompt, so it will just hang there, waiting. That’s exactly what you want.  This is important: Don’t close this terminal or console window, because if you do, it tears down the SSH tunnel.

Set your browser to use the SSH tunnel

Now you’ll need to set your internet browser proxy to localhost port 8080. You can do this manually or with many of the browser proxy extensions available (FoxyProxy for Firefox perhaps)

IMPORTANT NOTE: DNS lookups will not traverse this tunnel by default, if you are trying to do this from work or a restricted network your DNS request could get you busted. You have been warned! 

Optional Step: DNS proxying through SOCKS5 in Firefox browser

This step is totally optional, but since you are going to be proxying the web traffic over the ssh tunnel then it just makes sense to proxy the DNS requests as well. If you tunnel your data through ssh and then still do requests against the local DNS server for the ip addresses then you have accomplished nothing.

To add a boolean option into the URL “about:config” page in Firefox. Create the entry “network.proxy.socks_remote_dns” and set it to true.
##Preference Name Status Type Value
network.proxy.socks_remote_dns user set boolean true

If you are using the Firefox extension “FoxyProxy” make sure you modify the “options” section under “miscellaneous” and check the option “use SOCKS proxy for DNS lookups.” FoxyProxy will override the about:config option that you set above.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: SSH,Tips & Tricks - @ March 15, 2011 2:51 pm

Tags: , , , , ,