Monday, June 11, 2007

How to bypass a proxy server with SSH

These steps will guide you on how to bypass a proxy server that may be blocking you from accessing that interesting web-site at work, school or wherever.

Please note that I do not make myself responsible for the usage of this. Use it at your own risk of getting fired or expelled from school. Main thing, use it with responsibility.

The steps of bypassing a web proxy are actually simple. This how to will enable you to even bypass socks proxies that need username and password, as long as they allow encrypted traffic over port 443 and/or 80.

You are going to need:
- A SSH server at the remote side (Windows or *nix)
- A proxy server at the remote side (I’m using squid, which can be installed either on a *nix or Windows box) which can be the same as the SSH server
- Port forwarding on you remote router (if applicable)
- Address for the local (blocking) proxy server (can be easily discovered by opening a web browser, running “netstat -a” and looking for a established connection on port 8080)
- Putty

I’ll lay it out in steps to make it easier:

1- Install Squid on the remote PC
Download and install squid (either the Windows version or *nix). Make sure you know what port is open and change if necessary (default is 3128).

Test it from another computer in the LAN or using

2- Install SSH server on the remote PC. Configure the listening port and configure a user if required. Test it to confirm that it’s working.

3- Configure port forwarding on your remote router to forward port we will use at your work (443 or 80) to the port the SSH server is listening to.

4- Download
Now we need to configure it with all the required information for the connection.

4.1 Open putty and fill out the “Host name” with your remote IP (home) and the port you will be connecting to your router or directly to the PC with SSH installed (port 80, 443…)

4.2 On “Connection => Proxy” we need to enter the Proxy type, Proxy, Port, Username and Password. Remember that this information is for the proxy that we are trying to bypass
- Proxy type - Could be HTTP, SOCKS 4, SOCKS 5
- Proxy hostname - IP or hostname of the proxy
- Port - Port used to connect to the proxy (remember the netstat command)
- Username - Username that you usually input into IE when accessing the web
- Password - Password you usually input into IE when accessing the web

4.3 Open “Connection => SSH => Tunnels” and enter the following rules.

- Source port - Port you are going to use on your browser (I use 80)
- Destination:port - LAN IP address of the Squid server and port that is listening to. If you are using one server as SSH and another as Squid, this must be the IP of the Squid server. Now if you are using the Squid server and the SSH in one PC, you need to do a loopback into the port that squid is listening to. Eg:

5 Configure your web-browser to send requests to the source port we configured on the previous step. I have downloaded a different browser (Opera) that I use to bypass the proxy.

That’s it. You should now be able to access the blocked pages when putty is open and connected.

Process Explanation:
1- Browser sends a request to (your PC)
2- Putty listens to the request and binds local port 80 to remote address on port 80
3- Putty connects to the proxy and authenticates using username and password
4- Proxy connects to address and port we configured on step 4.1 (your remote address)
5- Your router accepts the request and forwards it to the port the SSH server is listening to
6- A putty terminal window opens and asks for username and password for SSH server
7- SSH server authenticates username and password and binds configuration from step 2
8- Squid sends requests to the Internet and replies back to tunnel

All this process is encrypted starting from step 2, so local proxy is not aware of any of the information sent over the tunnel.

There are also another 2 things that you might want to add for security and flexibility.

=> Security
- Use a USB pen to store an RSA key, which can be used for authentication with your SSH server. You can them configure your SSH server to only accept connections if the key is provided.

There are many how to’s on the Internet that show you how to do this.
This one is a good tutorial for RSA and putty.

- You can also CHROOT you SSH user.
This is a good tutorial for Ubuntu.

- If you decide to use CHROOT you can also limit WAN connections only for that limited CHROOT user. Take a look

=> Flexibility
- As you are using a USB pen, your configurations will be saved to the registry, and not your pen. You will have to reconfigure putty every time you connect to a different computer.

A good idea would be to use a batch file that loads your configuration when you open putty, and deletes it when you close the connection, so no one has access to it. Check
this link.

Have fun setting this up…



Anonymous said...

Thanks for the tutorial. Can you please tell me, How can I Hide my home IP and also rotate the IP?

Yahya said...


Stewart Mclintock said...

Very detailed - I am not so technical but found something called Njutrino ( which runs from a USB pen and uses the same technique to secure browsing through a customised browser - for those without access to a box to SSH in to