2600 Magazine_ The Hacker Quarterly - Digital Edition - Summer 2011 - 2600 Magazine [60]
You'll need access to an SSH server somewhere on the Internet for any of this to work. You normally get access to one if you pay for web hosting (with any halfway decent web hosting company anyway). You can pay a hosting company like Dreamhost $10 a month and they'll let you create as many SSH users on their server as you want, so you can give them out to your friends who are looking for an SSH server to tunnel through. If you have a computer that is always on at home, you can even set up your own SSH server. For the purpose of my examples, I'm going to assume that your SSH server's hostname is "myserver" and your username is "me".
You're also going to need some SSH software. If you're using Linux or a Mac, you already have it. If you're using Windows, you'll need to download it. There's a pretty good SSH client called PuTTY, but unfortunately it doesn't support dynamic tunnels. So instead, I suggest either installing SSH with Cygwin ( http://www.cygwin.com/ ) if you know what you're doing, and, if you're not sure what you're doing, just use the OpenSSH Windows port ( http://sshwindows.sourceforge.net/ ). You don't need to install the server, just the client.
Opening an SSH Tunnel
To create a SOCKS5 proxy server with SSH (aka an SSH tunnel), open up a command prompt and type this:
ssh -D 8080 me@myserver
This will SSH to myserver with the user me so you can run commands, and it will also start a SOCKS5 proxy server on localhost, port 8080 in the background.
Tunneling Firefox Traffic
Open up Firefox and download the add-on called FoxyProxy Basic. This add-on makes it easy to switch between proxy servers. After you restart Firefox, it should say "FoxyProxy: Disabled" in the bottom right of the browser. Right-click on that and select Options. Click the Add New Proxy button. A window will pop up with two tabs at the top, General and Proxy Details. Click the General tab and set the Proxy Name to be something like "ssh tunnel". Now click the Proxy Details tab and make sure the Manual Proxy Configuration radio button is selected. Under Host or IP Address put "localhost", and under Port put "8080". Check the box next to "SOCKS proxy?" and make sure the SOCKS v5 radio button is selected. Then click OK and close the FoxyProxy options. You have just added your SSH tunnel proxy to FoxyProxy.
Now you can right-click on FoxyProxy in the corner of your browser and switch between "Disabled" and "ssh tunnel". Go ahead and set it to "Disabled" for now, and go to a website like http://displaymyip.com/ to see what the Internet thinks your IP address is. The IP address you see is your actual IP address. Now right-click on FoxyProxy and select "ssh tunnel", and refresh the page. If you opened your SSH tunnel correctly, it should now display a different IP address there, the IP address of your SSH server. Cool, huh?
So what's actually happening here? Since SSH connections are all encrypted, I'm going to use => to mean an encrypted SSH connection and -> to main a plaintext connection. The first thing you did was:
[home] -> [displaymyip.com]
And the website showed you your IP address. The second thing you did was:
[home] => [myserver] -> [displaymyip.com]
This time, the website showed you myserver's IP address instead. And better than that, your connection between home and myserver is encrypted, which means if anyone is trying to eavesdrop on you at your local network, they can't see anything.
Now, on to the tricks.
Protecting Yourself on Public Wi-Fi
On open Wi-Fi networks (and many other networks too), it's