Use SSH to Create an HTTP Proxy


SOCKS is built in to OpenSSH, so it's a trivial matter to set up a local SOCKS proxy with the -D flag. For example:

$ ssh -D 12345 myuser@remote_ssh_server

will open up the port 12345 on your local machine as a SOCKS proxy so all your HTTP traffic can be specified to go through the SSH tunnel and out remote_ssh_server on the other end. Your proxy server is now set up.

Next, set up your browser to use the proxy server. Most browsers include proxy support. For Firefox 3, go to Edit→Preferences→Advanced→Network→Settings, and specify that you want to use a Manual Proxy, localhost, port 12345 and SOCKS v5 (although OpenSSH supports both versions 4 and 5).

Now your browser is using a secure tunnel to your remote SSH server.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

socks in download manager

omid's picture

hello guys ,

how can i set socks proxy configuration for download files in for example internet download manager ?
or is there any download manager that you know which can download with this type of proxy server , i mean socks host proxy ?

is it possible ?

Thanks A Lot ,

No easy

Frank Merlott's picture

I don't think it is that easy, what about the server side configuration? Now that is the difficult part.

SOLVED: I'm getting white screens

Renich's picture

Ok, the problem was that I had something in HTTP Proxy (The first input). I had to leave it blank and add this config to SOCKS only.

SOCKS Host: port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server

but I'm sure it's gonna work with port 12345, hehe.

It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned!
Renich Bon Ciric

I'm getting white screens

Renich's picture

I'm using Firefox 3.0.10 and Fedora 10.

It seems to work partially. I'm getting white screens instantly and, if I shutdown the ssh tunnel, it gives me an instant error.

What could be wrong with my proxy? I'm using my super-cool Dreamhost server for the tunnel... anything they could be blocking?

It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned!
Renich Bon Ciric

plink.exe putty.exe on windows

Border's picture

You can use plink.exe or putty.exe on windows.

More details; also tunneling the DNS requests

Gerard Braad's picture

ssh -D 8080 -f -C -q -N myuser@remote_ssh_server

-D 8080 : This does the dynamic stuff and makes it behave as a SOCKS server.
-f : This will fork the process into the background after you type your password.
-C : Turns on compression.
-q : Quiet mode. Since this is just a tunnel we can make it quiet.
-N : Tells it no commands will be sent. (the -f will complain if we don’t specify this)

In Firefox use about:config

network.proxy.no_proxies_on : localhost,,,
network.proxy.socks :
network.proxy.socks_port : 8080
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1

The setting remote_dns will make sure also your dns requests will be tunneled over the SOCKS proxy

When surfing web sites, just displays a blank page

gtkfreak's picture

I did exactly as the tip stated. Logged into the Ubuntu box and gave above ssh command.

However, when I enter, it just displays a blank page. Would anyone know what it the problem.


I'm wearing two pairs of Socks

Kvetch's picture

If you find a protocol/port blocked by a corp. proxy or just needing to tunnel more than just simple http/https thru your SOCKS proxy but your app doesn't support SOCKS check out proxychains.
Install proxychains
Create your ssh SOCKS proxy
# ssh -fqND 5555 thedoc@tardis
Edit the /etc/proxychains.conf
uncomment the "dynamic_chain", comment out the line "strict_chain" and add a line containing the ssh socks5 port "socks5 5555"
Then just run your app with the normal cli command but with proxychains prepending the line.
For example to run the command "emerge --sync" (part of everyone's favorite package management tool, portage) just do this
# proxychains emerge --sync


DNS requests won't be proxied!!

Anonymous's picture

If you want your DNS requests from web browsing to be proxied also (SOCKSv5), make sure to open up "about:config" in Firefox and change "network.proxy.socks_remote_dns" to True.

It is called a SOCKS proxy

Ebrahim's picture

It is called a SOCKS proxy, not an HTTP proxy. An HTTP proxy is told to a proxy whose protocol is HTTP, e.g. Squid.

I'm agree with you.

guomsh's picture

I'm agree with you.

another great tip

Tuxly_Tuxford_McTuxtington's picture

I'm learning a lot with these little tips. Keep it up! :)

Background the process

Vivek's picture

For those of us who want to use terminal to do something else other having an ssh session open while running the proxy, you can prepend -f -q -N like so:

ssh -f -q -N -D 12345 myuser@remote_ssh_server

provided that you can login into your remote ssh server without a password. See this page on how to log in without a password: