Charlie Harvey

SSH Tip: Proxy your browser with SSH

Written by Charlie on

I was just now trying to see how the New Internationalist website might look from Canada, to test some GeoIP set up that we’re working on. So I used a trick that I mainly use when I’m browsing the interwebs from public WiFi networks. Given the emergence of tools like Firesheep, which allows h4x0rz to steal your unencrypted social networking sessions, I thought now might be a good time to remind/share this tip with you.

Prerequisites

You’ll want to get a shell account on a server in the country you want to browse from, beware not everyone lets traffic through their firewalls; paid accounts should. If you’re just interested in local privacy on a WiFi network then an account in your own country would do the job. You’ll also want ssh installed and a web browser; I use Iceweasel.

Proxy it up

The first step is to get an ssh SOCKS proxy set up. In your shell type: ssh -ND 8080 your_user@your.shell.server.example.com . That wasn’t so hard, was it? You now have an encrypted proxy from your local host to your remote host to the interwebs running on port 8080. You'll be asked for your password on the remote host.

Make yer browser use it

OK, now you'll want your browser using the proxy. There are many browsers so some googling may be in order. In Iceweasel (hence probably firefox too) I can do this: Edit | Preferences | Advanced | Network | Settings (Connection) Manual Proxy Configuration SOCKS Host: 127.0.0.1 Port: 8080 No Proxy For: localhost, 127.0.0.1 Now go to a GeoIP Lookup site and you whould see yourself browsing through the IP address of your shell server.

Caveats

  • Doesn't pass your ICMP or DNS traffic over the proxy. Sniffers could figure out what sites you were visiting, for example.
  • May be slower -- traffic has to go through another hop. Some shell providers are doing it on limited bandwidth.
  • ISPs log stuff, don't rely on this for anonymity, tor would be better.
  • Always read the label. Your house may go up as well as down. I am not a lawyer. Your mileage may vary. Pictures for illustrative purposes only …


Comments

  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.