Monday, March 1, 2010

SOCKS: Your only paranoid if they aren't out to get you

The Command

ssh -C2qTnN -D 9990


Secure a private connection from your laptop to your linux server in order to bypass local snoops and rules.


Firefox 3.x web browser. Debian-style linux server.


There are several blog posts on this very same subject (TODO: link helpful blogs here.) I wanted to add this post to get some more recent screenshots of foxyproxy (TODO: link foxyproxy here) and discuss some troubleshooting techniques.
Oh and this is meant for completely legal internet operations. Don't use it to subvert the law. You are completely responsible for everything you do to your computer and with your computer.


The scenario here is you, sitting in the local coffee shop. With your macbook and your 17word coffee order that makes you feel like some sort of a connoisseur. You are connected to their wifi. You are chatting over IM and reading web-pages and skyping over your fancy VOIP. There is no reason anybody should be monitoring what you are doing. But they could. They could have blocked access to meebo because they don't want you to jerk around at work... they could have blocked out the new york times website because it's a hotbed of liberal thinky think that might offend jesus.
Good news - that's not how the internets work. You have a linux server with an SSH server running on it. (TODO: blog on how to create a linux server with ssh running) You have firefox. You can make a relatively secure and private connection between your laptop and your linux server. The coffeeshop only sees an encrypted connection between your laptop and your linux box. Your linux box and the rest of the interweb sees you browsing free and easy from your linux box.

laptop in coffee shop <--secure cnx-->linux box<--normal internet surfing activity-->the interwebs

Set up the proxy connection on your laptop

open up a command line terminal


All modern macs have a terminal application.


Applications -> Accessories -> Terminal


Install cygwin. Make sure you get the SSH package. Open a terminal from Start -> All Programs -> Cygwin -> Cygwin Bash Shell
enter the command

ssh -C2qTnN -D 9990

You may be prompted to verify the servers key - type Yes. You will be prompted for a password - enter it. LEAVE THIS TERMINAL OPEN! Your connection will drop once you close this terminal.
Verify you have a connection up. Open up another terminal and type
telnet localhost 9990
. This should connect. It's more likely you will get a negative message if it doesn't connect than a positive message if it does connect.

Firefox and FoxyProxy

Install firefox. Then install the addon FoxyProxy.

I have always used the free version without experiencing any limitations. Feel free to pay if you want to support the developer.

Configure FoxyProxy

In firefox go to Tools -> FoxyProxy -> Options

Choose Add New Proxy on the left

set up your proxy details
host: localhost
port: 9990
Check the box 'SOCKS proxy?'
set up your url pattern
Select the URL pattern tab. Click the 'Add new pattern' button on the top left.
fill out the new pattern form like so:
hit OK and you've got your proxy configured.

now enable private-ish surfing through the tools menu

Closing Arguments

Now what do you have on your hands? Assuming you have the latest version of FoxyProxy and everything works as advertised. All of your DNS lookups should be done over the proxy so the local wifi cannot tell what you are looking for. And all of your browsing http traffic should be private from the laptop to the linux server. All the traffic should appear to the various servers in the cloud as if it originates from your linux server. There is NO privacy for bare http requests between your linux server and the interwebs.