Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

SSH Tunneling to Bypass Internet Filtering

Most company nowadays deploy web proxy like Websense to filter users from surfing unrelated websites. However, there are several ways to bypass the restriction and in this tutorial I'm going to explain on SSH tunneling to do the dirty work for me. This technique helps me bypass the filtering when I need to and it also secures my web browsing by encrypting the traffic between web browser and the remote web sites that I'm connecting to.

SSH, the Secure Shell, is a standard protocol that encrypts communications between your computer and a server. The encryption prevents these communications from being viewed or modified by network operators. SSH is especially useful for censorship circumvention because it can provide encrypted tunnels and work as a generic proxy client.

We're going to need a couple of things in order to create an SSH tunnel that you can use as a SOCKS proxy.

  • A remote server you can connect to using SSH. This is typically a remote Unix or Linux server that supports SSH logins. For this tutorial, I'm going to use free SSH account from cjb.net
  • Your organisation will need to let you connect to that site using SSH. By default SSH runs on port 22, so your organization will need to let you out on port 22. Alternatively, you can use other port as well. In this case, cjb.net also allows you to connect on port 443
  • SSH client such as putty

Step 1 - Setup your SSH server
If you don't have one, you can use the free SSH account provided by cjb.net. Open up their registration page here, fill up all information needed, user name, your email address, password (password have to include at least one number and letter), and leave Bash as your default shell and press Continue.You should got an email from cjb within an activation links on it. Click the links to activate your account. they will send you another email about your complete login information after fully activated.


Step 2 - Download SSH client Putty
Just go to the official Putty website, and download the putty.exe executable file. There is no installation process -- just download it, drop it in a folder, and it's ready to be used.


Step 3: Configuring a tunnel to your SSH server
We'll use Putty to create an SSH tunnel and connect to the remote server. For the purposes of this example,  we are going to connect to our SSH account at shell.cjb.net.

First, fill “Host Name (or Ip Address)” with your “accountname@shell.cjb.net” and port with “22” (change account name with your cjb login name, check your email from cjb net for detail). Since my company firewall does not allow outgoing connection  for port 22, I'm going to use port 443 instead.

In the textfield labeled "Saved Sessions", enter a name that you want to use to identify this configuration. This is typically the hostname or IP address of your remote server, but it can also be something like "SSH tunnel". In my case I'm just going to put cjb.


Next, on the left side of the putty window there is a navigation tree. In that tree you want to select the Tunnels item. You can find it by clicking the Connection node in the tree, then SSH, and then Tunnels. Under the section labeled "Add a new forwarded port" type in a port 1080 (or whatever port you wish to use) for the source port. Put localhost in the Destination field, then select the Dynamic and Auto radio buttons. Then click the Add button, and you should see the text D1080 show up in the textarea just above the "Add a new forwarded port".


That's all you had to do to configure Putty. Now all you have to do is login to your remote server. To do this, just click the Open button at the bottom of the window. You should see a Putty login shell open up to your remote server. Just login to your remote server with your username and password, and you're done. Next you're going to configure your browser to use SOCKS proxy.



Step 4: Configure you Browser to use the Putty SSH tunnel as a SOCKS proxy

Firefox
Start Firefox, then select the Tools menu, and then select the Options menu item. Now click the Advanced icon (on the upper-right of the dialog), and then select the Network tab.


Now click the "Settings" button. This brings up the Connection Settings dialog. On this dialog click the "Manual proxy configuration" radio button, then put the address localhost in the SOCKS Host field. In the Port field just to the right of the SOCKS Host field enter the port you used when configuring your SSH tunnel with Putty. In my case this port was1080.


Internet Explorer
Open your IE, go to Tools >> Internet Options and the windows below will pop up. Go to the Connections tab and click on the LAN settings.


Then under Automatic configuration, unchecked the Automatically detect settings check box. In Proxy server, checked the two check boxes as shown below. Next, click Advanced.


Put the address localhost in the SOCKS Host field. In the Port field enter the port 1080.


That's all you need to do here and your browser should be ready to go.

4 comments:

Mr.Hac said...

i think this trick will working great for me..thanks bro..i will try it!

dgodam said...

I hope so :)

WrongID said...

Nice tutorial

Mr. Singh said...

not working.Plz tell me other way

 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!