Disclaimer: What I am about show you can get you fired at work. I have explicit written permission to do this where I work. I would suggest you do the same. The reason this can get you fired is because you can use it evade website blocking. If a company has gone through the trouble to implement website blocking, you can be certain that they have a policy that says if you circumvent it, you will be terminated. Don’t be stupid.

Have you ever been to a coffee shop or an airport or a technology conference where you wanted to login to webmail or a web forum that isn’t completely SSL encrypted, but you didn’t want someone to sniff your passwords or authentication cookies? You could use a VPN, but unless you already have that setup, that’s just another hoop to jump through. Why not use something you already have available to you to keep you safe. You can do this by using Secure Shell or SSH Tunneling. SSH is a protocol that was created to connect to a remote computer with a secure interactive shell. SSH can also do many other things - from copying files securely to remote systems using SCP to acting like a proxy server for your local client applications. For all the uses of the SSH protocol, look at the Secure Shell wikipedia article referenced above.

I’m going to show you how to use SSH to connect to remote SSH server and make this connection look like a SOCKS proxy to your applications. Once the connection is setup and created, you will need to configure your local programs to use the SOCKS proxy. Do this by telling them to connect to a port on your local computer that is tunneled over the encrypted connection to the SSH server. In order to do this, you will need an external SSH server to connect to you. You can run one at home or connect to a webhosting company where you have an account. I use DreamHost. If you run one at home, I’d recommend that you not run it on the default port (22) due to SSH brute force attacks.

Once you have your SSH server setup and available via the Internet, you will need to get an SSH client. The SSH client that I’m going to show you how to setup is putty. When you run putty, you will get a window like the one below. Type in your ssh server name in the field I have highlighted. (Throughout this entry, you can click on the screenshots to make them larger.)

Next click on SSH in the column on the left. Then click the Enable compression checkbox. By doing this, data sent by the server is compressed before sending and decompressed at the client end. This may make things a little faster if transferring large files.

Now you need to configure the tunnel. Click on Tunnel on the left side. Then pick a port and write it down. Any port will do. I’d recommend a number between 1024 and 65,553. I use 7777 because it’s easy to remember. Key that number into the source port field. Next select the dynamic radio button. Finally, press the add button. You will now have a screen that looks like mine. You should see D7777 in the list of forwarded ports. What you have done is setup a local port (7777) to forward to the SSH server. The SSH server will then forward your requests out to the Internet on your behalf from the Internet connection the SSH server is connected to.

Next you can save all of these settings so that all you have to do is run putty and double click the server to connect instead of having to setup the port forwarding every time. Click on Sessions on the left. Then type something memorable in the Saved Sessions field. I use the SSH server name. Press the Save button and you will then have a session with all your settings under Saved Sessions. Now when you want to create your tunnel, just run putty. Then double click your saved session and authenticate to your ssh server. Once you are connected, you will need to minimize putty for the entire time you plan on using the tunnel. I use a program called Actual Windows Minimizer to minimize putty to the system tray. It works in both XP and Vista.

To setup your clients to do this, set your client to use a SOCKS proxy with the localhost and port that we forwarded in putty. Because the SSH server is SOCKS compliant, you can use any network application that knows how to talk to a proxy server. I’m going to show you how to setup Firefox to use this tunnel using a plugin called FoxyProxy. You could just forward all of your web traffic through the proxy. FoxyProxy can setup filters in case you need access a web server on your local network. It also gives you an easy way to turn on and off the proxying your requests with just two clicks.

Once you get FoxyProxy installed, you will see FoxyProxy Patterns in the status bar. Right click on this to bring up the FoxyProxy menu. This is how you control if your traffic is being sent through the tunnel or not. I setup one filter called “Don’t send thru proxy” and another one called “Everything Else”. By default FoxyProxy sends traffic through the proxy based on the filters. This setting is called “Use proxies based on their pre-defined patterns and priorities”. The other options are to send all requests to each filter you have added. The last option is to not send any requests through the proxies/filters you have setup.

Click on options to add proxies to FoxyProxy. You should see a window that looks like the screenshot below. Click on Add New Proxy to begin configuration.

The first pattern we will add is one called “Don’t send thru Proxy”. Type this into the General tab. On the Proxy Details tab select “Direct internet connection”. Click on the Patterns tab.

Next click “Add New Pattern”. Make sure the Enabled checkbox is checked. Enter something you can remember in the Pattern Name field. Specify the network you don’t want to send through the proxy in the URL pattern field. Next select the Blacklist radio box. This means that anything matching this pattern won’t be sent through the proxy. The one shown below is my local network at home. Add other network patterns if you have them. You can add as many patterns as you need for sites or networks that you don’t want to go through the proxy. If you don’t have any reason for any sites to not go through the proxy, you can skip this step. When you close this window, you will get a pop-up saying that the patterns that match won’t go through the proxy. This is what you want, so click Ok. Close this window, and click on the Add New Proxy.

On the General tab, I named this one Everything Else. Click on the Proxy Details tab. This is where we will setup our proxy. Make sure the Manual Proxy Configuration radio button is checked. In the Host Name field enter 127.0.0.1. This is the local loopback address of your computer. In the port field, enter 7777 or whatever port number you chose when setting up the tunnel in putty. Select the SOCKS proxy checkbox and the SOCKS v5 radio button.

Next click on the Patterns tab. Then click on Add New Pattern.

This one is pretty straight forward. Make sure the enabled checkbox is checked. Type Everything in the Pattern Name and a single asterisk in the URL Pattern like in the screenshot. The Whitelist radio button should be checked. Click Ok and close all the other FoxyProxy windows and you are done.

Now all you have to do is open putty and connect to your SSH server and authenticate. Your traffic should now be sent through your SSH server. If you are getting a 404 error when you try to browse, something isn’t setup correctly. One thing you can try is telneting to the local port and see if it answers. You can do this from a command prompt type using the command “telnet 127.0.0.1 7777″. Change 7777 to whatever port you used when setting up the tunnel. If you get a blank window, it connected and everything is fine. If you got connection Connection Failed, something isn’t setup right in putty. Go check your settings there. To check to see if your web connections are actually being proxied, go to IP Chicken and check your IP address. Write down the IP. Now open up Internet Explorer and go there. Make sure IE isn’t using a proxy. You should have two different IP addresses. If you don’t, something isn’t setup in FoxyProxy correctly. You can setup the proxy manually in Firefox (bypassing FoxyProxy) by clicking on Tools > Options > Advanced > Network Tab > Connection Button > Manual Proxy Configuration. Setup the SOCKS Proxy on that screen with the correct port number. Once you get that working, go back and select Direct Connection to the Internet.

If you are running Linux, you can skip the putty client section. You can use the SSH client that comes with your distribution. The command line is: ssh yourlogin@yourserver.com -D7777 -o Compression=yes

Additional Tip:
Set your proxy server to resolve DNS requests instead of your computer; in Firefox’s about:config area, set network.proxy.socks_remote_dns = true. [via codeblog]