If you ever find yourself in front of a public computer connected to the Internet and are concerned about the security of the path between you and a website you wish to visit, a SOCKS proxy can come in handy.
SOCKS proxies generally allow you to “bounce” a TCP connection off another server transparently– basically instructing another computer to make a connection on your behalf. When used in combination with Secure Shell (SSH), it can form an encrypted tunnel that insulates you from anyone attempting to grab traffic off the wire.
The following is a simple step-by-step tutorial about how to do this.
You will need:
-Putty SSH client: http://www.putty.org
-An account on an Internet-accessible server that accepts SSH connections and allows connection forwarding (enabled by default)
-A popular web browser or other software that supports SOCKS communications
Fire up Putty and navigate to the Session Category
Enter the hostname/IP address and port of the server on which you have an account.
(Note: The default SSH port is 22)
This tells Putty how to connect to the SSH server.
Under the SSH->Tunnels Category
Enter the following:
Source port: 8888 (or any port of your choosing. Just be sure to remember what it is)
Destination: hostname/IP address of the server on which you have an account
Also, select the “Dynamic” radio button.
This tells Putty that, upon a successful connection, a SOCKS tunnel should be opened from a port on the computer you are using to the SSH server.
The forwarded port is now added to the connection settings.
Click “Open” to start the connection
Putty will ask for your login credentials. In most cases, this will be a username and password. (For extra security and bonus cool points, have your SSH server only accept certificates)
At this point, your Putty-enabled SOCKS proxy should be active. But how do we test it out? Keep reading…
Fire up your web browser and navigate to its proxy connection properties menu.
For Firefox 3, it is in Tools->Options->Advanced->Network(tab)->Connection, Settings
For IE6, it is Tools->Internet Options->Connections(tab)->LAN Settings(button)->Advanced(button)
Find the SOCKS settings text box and enter the following:
Proxy Address/Host: localhost OR 127.0.0.1
Port: 8888 (or whatever port you decided to use in Step 3)
Ensure SOCKS Version 4 is selected
Note: DO NOT enter any other proxy settings for other protocols (this includes the “use proxy server for all protocols” option. Don’t enable it. I’m serious. If you do, things might not work correctly.)
Click “OK” until you’re back to your browser.
Go to http://ipchicken.com and check your IP address. It should be different from the machine you’re on. In fact, it SHOULD be the IP address of the SSH server (or whatever machine is handling its connections).
Pat yourself on the back. Or have your buddies do it for you– they’ll no doubt be impressed by your newfound computer skills. Enjoy browsing the web using your own personal SSH proxy.
NOTE: Although this could be useful when using a public computer– it won’t protect you from local machine monitoring tools (keyloggers, screen captures, etc). Always exercise due diligence when using untrusted computers.
Each Tuesday, Security Musings features a topic to help educate our readers about security. For more information about Gemini Security Solutions’ security education capabilities, contact us!