Use SSH to Create an HTTP Proxy

April 16th, 2009 by Rich Lundeen in

Your rating: None Average: 4.6 (27 votes)

SOCKS is built in to OpenSSH, so it's a trivial matter to set up a local SOCKS proxy with the -D flag. For example:

$ ssh -D 12345 myuser@remote_ssh_server

will open up the port 12345 on your local machine as a SOCKS proxy so all your HTTP traffic can be specified to go through the SSH tunnel and out remote_ssh_server on the other end. Your proxy server is now set up.

Next, set up your browser to use the proxy server. Most browsers include proxy support. For Firefox 3, go to Edit→Preferences→Advanced→Network→Settings, and specify that you want to use a Manual Proxy, localhost, port 12345 and SOCKS v5 (although OpenSSH supports both versions 4 and 5).

Now your browser is using a secure tunnel to your remote SSH server.

__________________________

Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer

Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Frank Merlott's picture

No easy

On May 13th, 2009 Frank Merlott (not verified) says:

I don't think it is that easy, what about the server side configuration? Now that is the difficult part.

Renich's picture

SOLVED: I'm getting white screens

On May 4th, 2009 Renich says:

Ok, the problem was that I had something in HTTP Proxy (The first input). I had to leave it blank and add this config to SOCKS only.

SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server

but I'm sure it's gonna work with port 12345, hehe.

__________________________

It's hard to be free... but I love to struggle!
Renich Bon Ciric

http://www.woralelandia.com/
http://www.introbella.com/

Renich's picture

I'm getting white screens

On May 4th, 2009 Renich says:

I'm using Firefox 3.0.10 and Fedora 10.

It seems to work partially. I'm getting white screens instantly and, if I shutdown the ssh tunnel, it gives me an instant error.

What could be wrong with my proxy? I'm using my super-cool Dreamhost server for the tunnel... anything they could be blocking?

__________________________

It's hard to be free... but I love to struggle!
Renich Bon Ciric

http://www.woralelandia.com/
http://www.introbella.com/

Border's picture

plink.exe putty.exe on windows

On April 27th, 2009 Border (not verified) says:

You can use plink.exe or putty.exe on windows.

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Gerard Braad's picture

More details; also tunneling the DNS requests

On April 24th, 2009 Gerard Braad (not verified) says:

ssh -D 8080 -f -C -q -N myuser@remote_ssh_server

-D 8080 : This does the dynamic stuff and makes it behave as a SOCKS server.
-f : This will fork the process into the background after you type your password.
-C : Turns on compression.
-q : Quiet mode. Since this is just a tunnel we can make it quiet.
-N : Tells it no commands will be sent. (the -f will complain if we don’t specify this)

In Firefox use about:config

network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .yourcompany.com
network.proxy.socks : 127.0.0.1
network.proxy.socks_port : 8080
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1

The setting remote_dns will make sure also your dns requests will be tunneled over the SOCKS proxy

gtkfreak's picture

When surfing web sites, just displays a blank page

On April 23rd, 2009 gtkfreak (not verified) says:

I did exactly as the tip stated. Logged into the Ubuntu box and gave above ssh command.

However, when I enter www.google.com, it just displays a blank page. Would anyone know what it the problem.

Thanks

Kvetch's picture

I'm wearing two pairs of Socks

On April 22nd, 2009 Kvetch says:

If you find a protocol/port blocked by a corp. proxy or just needing to tunnel more than just simple http/https thru your SOCKS proxy but your app doesn't support SOCKS check out proxychains. http://sourceforge.net/projects/proxychains/
Install proxychains
Create your ssh SOCKS proxy
# ssh -fqND 5555 thedoc@tardis
Edit the /etc/proxychains.conf
uncomment the "dynamic_chain", comment out the line "strict_chain" and add a line containing the ssh socks5 port "socks5 127.0.0.1 5555"
Then just run your app with the normal cli command but with proxychains prepending the line.
For example to run the command "emerge --sync" (part of everyone's favorite package management tool, portage) just do this
# proxychains emerge --sync

-nick

Anonymous's picture

DNS requests won't be proxied!!

On April 22nd, 2009 Anonymous (not verified) says:

If you want your DNS requests from web browsing to be proxied also (SOCKSv5), make sure to open up "about:config" in Firefox and change "network.proxy.socks_remote_dns" to True.

Ebrahim's picture

It is called a SOCKS proxy

On April 19th, 2009 Ebrahim (not verified) says:

It is called a SOCKS proxy, not an HTTP proxy. An HTTP proxy is told to a proxy whose protocol is HTTP, e.g. Squid.

guomsh's picture

I'm agree with you.

On April 22nd, 2009 guomsh (not verified) says:

I'm agree with you.

Tuxly_Tuxford_McTuxtington's picture

another great tip

On April 16th, 2009 Tuxly_Tuxford_McTuxtington says:

I'm learning a lot with these little tips. Keep it up! :)

Vivek's picture

Background the process

On April 16th, 2009 Vivek (not verified) says:

For those of us who want to use terminal to do something else other having an ssh session open while running the proxy, you can prepend -f -q -N like so:

ssh -f -q -N -D 12345 myuser@remote_ssh_server

provided that you can login into your remote ssh server without a password. See this page on how to log in without a password:

http://linuxproblem.org/art_9.html

Cheers

Post new comment

Please note that comments may not appear immediately, so there is no need to repost your comment.
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <pre> <ul> <ol> <li> <dl> <dt> <dd> <i> <b>
  • Lines and paragraphs break automatically.

More information about formatting options

Newsletter

Each week Linux Journal editors will tell you what's hot in the world of Linux. You will receive late breaking news, technical tips and tricks, and links to in-depth stories featured on www.linuxjournal.com.
Sign up for our Email Newsletter

Tech Tip Videos

See more Linux Journal Videos

From the Magazine

December 2009, #188

If last month's Infrastrucuture issue was too "big" for you then try on this month's Embedded issue. Find out how to use Player for programming mobile robots, build a humidity controller for your root cellar, find out how to reduce the boot time of your embedded system, and if you're new to embedded systems find out the basics that go into one. You can also read about the Beagle Board, the Mesh Potato and a spate of other interestingly named items. And along with our regular columns don't miss our new monthly column: Economy Size Geek.







Read this issue