SSH SOCKS Proxy tunnel for secure web browsing
When you are at the coffee shop, or at a conference, and you are not sure that you want to send all your data over the wi-fi network in plaintext, you want a secure tunnel to browse. You can use the “-D” flag of openssh to create a SOCKS proxy.
SSH SOCKS proxy is one of the way to have a secure tunnel for web browsing. It’s comes handy when we need to do secure browsing in a public network such as in a public WiFi environment, as the traffic between our host and the proxy is encrypted .
For this to work, we need to have an SSH server somewhere that we want to tunnel our traffic to, and an SSH client at our host.
Creating an SSH SOCKS tunnel is as simple as running the following command;
$ ssh -D any-port-no-above-1024 user@proxy-address e.g: $ ssh -D 8080 firstname.lastname@example.org This proxy address will be the SSH server address or ip. The command assumes we have a user account with the username jamee at the server with the address jaamee.com, and 8080 is our local port to be used for the tunnel.
The next step is to configure our web browser to use the tunnel. Now all you have to do is set the preference in Firefox to use a SOCKS proxy. The proxy is, of course, “localhost”, with the port 8080. To do it in Firefox on Linux, choose Edit in the menu and click on Preferences (or Tools->Options in Windows). Then choose Advanced tab and click on the Network tab. Click the Settings button next to the Configure how Firefox connects to the internet text, and fill up the SOCKS proxy information as the following;
That’s just it, and from this point forward Firefox will tunnel all the browsing traffic through our SOCKS proxy, and the end server will see our traffic coming from our SOCKS proxy server. This can also be considered as a VPN as servers in our proxy server’s network can be accessed with their internal adresses.