Scenario
There you are minding your own business when suddenly you find yourself in a position where the fate of a bus full of orphan children depends on your ability to get some piece of information from packetstorm. Alas, the corporate or educational network is preventing access to the site as it claims it to be hacking related. With a deft action, like that of a swordsmen, you tunnel your traffic through an SSH connection and city gives you the key to the city for saving the lives of dozens of orphans. You go on to be on various talkshows, get your own wikipedia page, and live happily ever after.
Requirements
There are several ways to generate a ssh tunnel, in order to bypass firewall restrictions or encrypt traffic. More than likely the machine you are on is going to be a machine running windows, so I\'ll assume the machine your using has windows.
In order to tunnel your traffic you need another machine to tunnel through. Personally, I would prefer this machine to be Linux/Unix based. For the purposes of this article I\'m going to assume you have access to machine at home, or somewhere, that is running some flavor of Linux. If you don\'t have a Linux machine you can get a free shell account from a number of places. These will work just fine.
The servering machine, not the one your using, will need an SSH server installed, such as OpenSSH. Most Linux distrobutions will have this already installed. If not, you can easily install them through apt-get, yum, slapt-get, or whatever package manager your distribution uses. I\'m not going to go into the installation of OpenSSH there are articles a plenty available from searching Google.
You will also need the ability to get a small application on the machine your using. You can download it, bring it on a flash drive, or any other means. It does not need to be installed and can run from any location, such as your network home folder or the desktop of your roaming profile. So this shouldn\'t really be too much of an issue. The application you need is a SSH Client. I recommend PuTTY, as it is small and lightweight. You can download PuTTY from here.
The Setup
The Process
Normally when you want to view a webpage you are make a connection to the server and make a request for the source code of a page, at a specific location. Then your browser renders that code into a visible webpage. That data is transfered to you and passes through whatever network your on. This data can be read and filtered or denied by various network appliances. The goal is to communicate only with your server through an encrypted channel. Your server is the one actually making the requests to the various web servers and then passing that information to you through this encrypted channel. This is done by using PuTTY to connect to the remote SSH server to create the tunnel. Your browser is then set to route its traffic through the tunnel via the proxy settings.
Setting up PuTTY
When you launch PuTTY you will need to put in the address of your SSH server. If this is a machine at your house, for example, this could be the IP address of your router. You could also get a free dynamic host name for your network from many services such as DynDNS. Remember you will need to forward port 22 (or whatever port your SSH server is using) in your router. Also change the port number if your server is not running on the default of port 22.
Expand the SSH options in the configuration tree on the left of the window. Click "Tunnels" to bring up the tunnel settings. In the source port enter 8008, or any other port you want to use for routing connections. Then change the tunnel type from "Local" to "Dynamic" and click "Add". In the middle list it will now show "D8080", if you used port 8080. Click "Apply" and putty will attempt to connect to the server.
The first time PuTTY connects to the server it will ask to cache the host's key. Click "Yes".
When the PuTTY window opens it will ask you for a username and password. Enter the login credentials for your SSH Server. This is the username and password for a user on the system.
Setting Up Your Browser
Now you need to setup your browser to use the tunnel, instead of directly connecting to remote web servers. This can be done with any program that supports a SOCKS proxy. However, since we are worried about browsing in this article we will use IE as an example.
To setup the proxy click "Tools" and then "Internet Options". Change to the "Connections" tab and click "Advanced", under the proxy settings near the bottom. In the "Socks" section enter "127.0.0.1", or "localhost" in the address field. In the port field enter "8080", unless you used a different port in the tunnel section of PuTTY. Click "OK" and you are good to go.
Testing the Tunnel
One good way to test if the tunnel is working properly is to check how your IP address appears to the world before and after you set the proxy settings. For instance if you goto a webpage that displays your IP address like http://whatismyip.com or http://ipchicken.com before it will show the IP address of the network you are currently on. After you set the proxy settings that IP address will show the network of your SSH server. Depending on the latency of your connection to the SSH server it may not be able to browse for twenty or thirty seconds after setting everything up.
Additional Information
Being able browse unrestricted is a side effect of the traffic being encrypted through the SSH session. Content filters are not capable of sniffing the web content and then is not able to filter them. Also the traffic is on a completely different port inside a completely different protocol.
Because of this there are other more important uses for this technique than just getting around a school or work firewall. This is a very easy way to encrypt your traffic when you are browsing on any public network. Using a hotspot at a coffee shop or hotel is a serious security risk, because people you don't know and computers you don't trust could be sniffing your traffic. This is a quick and easy way to encrypt your web browsing and make that much more difficult.
Also, since you are routing through that SSH server you will also have access to resources located on that network that are not visible to the outside world. Such as a intranet webpage.
Well thats that, have fun.
|
