Home

Use SSH to Create an HTTP Proxy

Apr 16, 2009  By Rich Lundeen
 in

SOCKS is built in to OpenSSH, so it's a trivial matter to set up a local SOCKS proxy with the -D flag. For example:

$ ssh -D 12345 myuser@remote_ssh_server

will open up the port 12345 on your local machine as a SOCKS proxy so all your HTTP traffic can be specified to go through the SSH tunnel and out remote_ssh_server on the other end. Your proxy server is now set up.

Next, set up your browser to use the proxy server. Most browsers include proxy support. For Firefox 3, go to Edit→Preferences→Advanced→Network→Settings, and specify that you want to use a Manual Proxy, localhost, port 12345 and SOCKS v5 (although OpenSSH supports both versions 4 and 5).

Now your browser is using a secure tunnel to your remote SSH server.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

socks in download manager

omid's picture
Submitted by omid (not verified) on Tue, 07/13/2010 - 11:15.

hello guys ,

how can i set socks proxy configuration for download files in for example internet download manager ?
or is there any download manager that you know which can download with this type of proxy server , i mean socks host proxy ?

is it possible ?

Thanks A Lot ,
Omid

No easy

Frank Merlott's picture
Submitted by Frank Merlott (not verified) on Wed, 05/13/2009 - 15:22.

I don't think it is that easy, what about the server side configuration? Now that is the difficult part.

SOLVED: I'm getting white screens

Renich's picture
Submitted by Renich on Mon, 05/04/2009 - 22:48.

Ok, the problem was that I had something in HTTP Proxy (The first input). I had to leave it blank and add this config to SOCKS only.

SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server

but I'm sure it's gonna work with port 12345, hehe.

It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned!
Renich Bon Ciric

http://www.woralelandia.com/
http://www.introbella.com/

I'm getting white screens

Renich's picture
Submitted by Renich on Mon, 05/04/2009 - 22:19.

I'm using Firefox 3.0.10 and Fedora 10.

It seems to work partially. I'm getting white screens instantly and, if I shutdown the ssh tunnel, it gives me an instant error.

What could be wrong with my proxy? I'm using my super-cool Dreamhost server for the tunnel... anything they could be blocking?

It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned!
Renich Bon Ciric

http://www.woralelandia.com/
http://www.introbella.com/

plink.exe putty.exe on windows

Border's picture
Submitted by Border (not verified) on Mon, 04/27/2009 - 22:42.

You can use plink.exe or putty.exe on windows.

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

More details; also tunneling the DNS requests

Gerard Braad's picture
Submitted by Gerard Braad (not verified) on Fri, 04/24/2009 - 17:40.

ssh -D 8080 -f -C -q -N myuser@remote_ssh_server

-D 8080 : This does the dynamic stuff and makes it behave as a SOCKS server.
-f : This will fork the process into the background after you type your password.
-C : Turns on compression.
-q : Quiet mode. Since this is just a tunnel we can make it quiet.
-N : Tells it no commands will be sent. (the -f will complain if we don’t specify this)

In Firefox use about:config

network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .yourcompany.com
network.proxy.socks : 127.0.0.1
network.proxy.socks_port : 8080
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1

The setting remote_dns will make sure also your dns requests will be tunneled over the SOCKS proxy

When surfing web sites, just displays a blank page

gtkfreak's picture
Submitted by gtkfreak (not verified) on Thu, 04/23/2009 - 03:01.

I did exactly as the tip stated. Logged into the Ubuntu box and gave above ssh command.

However, when I enter www.google.com, it just displays a blank page. Would anyone know what it the problem.

Thanks

I'm wearing two pairs of Socks

Kvetch's picture
Submitted by Kvetch on Wed, 04/22/2009 - 22:46.

If you find a protocol/port blocked by a corp. proxy or just needing to tunnel more than just simple http/https thru your SOCKS proxy but your app doesn't support SOCKS check out proxychains. http://sourceforge.net/projects/proxychains/
Install proxychains
Create your ssh SOCKS proxy
# ssh -fqND 5555 thedoc@tardis
Edit the /etc/proxychains.conf
uncomment the "dynamic_chain", comment out the line "strict_chain" and add a line containing the ssh socks5 port "socks5 127.0.0.1 5555"
Then just run your app with the normal cli command but with proxychains prepending the line.
For example to run the command "emerge --sync" (part of everyone's favorite package management tool, portage) just do this
# proxychains emerge --sync

-nick

DNS requests won't be proxied!!

Anonymous's picture
Submitted by Anonymous (not verified) on Wed, 04/22/2009 - 13:07.

If you want your DNS requests from web browsing to be proxied also (SOCKSv5), make sure to open up "about:config" in Firefox and change "network.proxy.socks_remote_dns" to True.

It is called a SOCKS proxy

Ebrahim's picture
Submitted by Ebrahim (not verified) on Sun, 04/19/2009 - 21:44.

It is called a SOCKS proxy, not an HTTP proxy. An HTTP proxy is told to a proxy whose protocol is HTTP, e.g. Squid.

I'm agree with you.

guomsh's picture
Submitted by guomsh (not verified) on Wed, 04/22/2009 - 07:57.

I'm agree with you.

another great tip

Tuxly_Tuxford_McTuxtington's picture
Submitted by Tuxly_Tuxford_M... on Thu, 04/16/2009 - 21:22.

I'm learning a lot with these little tips. Keep it up! :)

Background the process

Vivek's picture
Submitted by Vivek (not verified) on Thu, 04/16/2009 - 12:30.

For those of us who want to use terminal to do something else other having an ssh session open while running the proxy, you can prepend -f -q -N like so:

ssh -f -q -N -D 12345 myuser@remote_ssh_server

provided that you can login into your remote ssh server without a password. See this page on how to log in without a password:

http://linuxproblem.org/art_9.html

Cheers

White Paper
More Resources
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions