An SSH SOCKS Proxy How To

Today a new firefox plugin, “Firesheep” was released. There aren’t really any new developments in this plugin, except that it makes it easy to hijack browser sessions. (We’re talking Twitter, MySpace, Facebook, anything with a login that’s not fully encrypted) Now, before you go all crazy, this is actually a good thing. It’s more than a proof-of-concept. This is how those black hat “leets” have been messing with people in coffee shops for years… and now anyone can. So before the huge wave of people try messing with your foursquare, here’s how you truly protect yourself: An SSH SOCKS proxy!

Ok, so this IS an advanced technique, but fret not — I’m here to hold your hand through all of this. In reality, it’s only one command on the command line, and some settings in Firefox. If you’re on Windows, the only additional step is installing SSH… You got this.

You’ll need a couple of things to get this started. The first is an SSH server to be your actual proxy. “SSH server” sounds expensive and horrifying, but it’s really not. Basically, your using a second computer as your internet bodyguard, and encrypting your communications between your laptop in, say, a coffee shop and your computer at home. Your computer at home is then used to fetch the pages for you, encrypt them and send them back. I use my webserver, because of guaranteed uptime and Bresnan sucks in my area… but any computer with an internet connection will do. (click that link to learn how to setup the server)

The second thing that you’ll need is an SSH client for your computer. Mac and Linux machines have SSH built right in. If you’re on Windows, consider downloading something like CygWin, which will setup OpenSSH for you.

For an example of what a proxy actually is, look at it like this: The proxy server is a middleman for your computer and the internet. You send your information to your home computer or webserver completely encrypted, and the other computer decrypts and fetches whatever data for you, then re-encrypts and sends it back to your laptop. This prevents people sniffing network packets from seeing what your doing, even if the website your surfing doesn’t use any form of encryption at all. It’s genius, really. This is also a tactic that people use to obscure their IP addresses, but that’s a story for another time.

On your SSH server, (that’s your computer at home) once you have your software running, type the following in:

ssh -ND 9999 you@yourdomain.com

What this command is saying is that you want to hand off all your localhost data on port 9999 (those are your normal requests, the port number is arbitrary, we’ll talk about that soon) to this account on your SSH server. Make sure your “you@yourdomain.com” is the login username and address for your SSH server. The “yourdomain.com” can be replaced by the public IP of your house, or is the domain pointing at your server. If you need some more help with this, leave a comment below. At this point, you’ll be prompted for a password. Put it in, and you should see nothing happen. This is good. If you didn’t get kicked out, your done on the server side!

Now, in Firefox, because that’s my go-to browser, go to your preferences and hit up the advanced tab. Under that, there is a selection that says “Configure how Firefox connects to the Internet”. Inside of that window, you’ll want to select the radio button for “Manual Proxy Configuration”, and enter your SOCKS host as “localhost” (no quotes), and your port number as that arbitrary number we setup before (in this case, it’s 9999).

Now save those settings and load up a webpage that no-one ever goes to, like Yahoo. If the page comes up, you’ve got it made in the shade baby!

Have a great time being a hardcore internet badass,
Mic-B

P.S. — If you *really* want to be a hardcore proxy server user, you should also set up your proxy to take care of your DNS requests, too! In Firefox, type “about:config” (no quotes) into the address bar and hit enter. It should bring up a configuration page for Firefox. Scroll down to the “network.proxy.socks_remote_dns” entry and change it to “true”.

P.P.S. — Encryption and keeping yourself safe on the internets has always been a bit of an art more than a bonafide process… so what’s yours? Leave your tips and tricks in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *