This is the coolest trick I learned while working at Blinkx. At the time, our management really hated when we go on any type of instant messaging applications. I also suspected that our messenger conversations and other internet activities were being monitored. I was pissed so this is what I did to combat their nosiness.
Open an SSH Tunnel to a Remote Machine
There are a couple ways you can do this (one through Putty and one through Cygwin). Personally I like the Cygwin method since it requires one command line. I will discuss the Cygwin method here.
- Download and install Cygwin. Make sure that you also install the ‘openssh’ and ‘vim’ packages.
- Open a Cygwin terminal
- In your home directory create a script called tunnel.sh
- Place the following line into tunnel.sh
ssh -x -2 -D 1000 <username>@<remote-machine>
- Make your script executable
chmod u+x tunnel.sh
- Execute the script (enter your password to login to the box) and minimize the window (leave the connection open)
- For password-less login, you can setup SSH key authentication but this is optional
That’s it! Now you have an SSH tunnel to the remote SSH box on your localhost port 1000. All you have to do now is tell your applications to direct all traffic to that port.
Configure Internet Applications to Proxy Traffic Through Your Tunnel
There are two ways to get this done. One way is easy but it costs money. The other way is easy and time-consuming but it’s free.
If you want to pay to do it the easy way, you can use programs like ProxyCap to handle all of your traffic routing. I’ve tried quite a few of these applications and I find that ProxyCap is the most powerful. ProxyCap lets you have multiple tunnels open and lets you tunnel specific traffic to any of the tunnels depending on IP or Application based rules. Even though this is the easier way to tunnel traffic, you won’t need to purchase this software if you are just tunneling an instant messenger and/or a web browser application.
Configuring Firefox to Use Your Tunnel
- Go to Tools > Options > Advanced (button) > Network (tab) > Connection > Settings
- Configure your Proxy settings like the image below:
- Click “OK” and you are set!
Testing Firefox Proxy
In the web browser, check that your IP is different from before you tunneled your traffic by using cmyip.
Configuring AIM to Use Your Tunnel
- Open AIM connection preferences
- Set the Proxy settings
Testing AIM Proxy
Shutdown your proxy tunnel and try to send a message to someone. Your AIM should now sign off once it realizes that I cannot send any traffic through port 1000.
You should now be able to enjoy the internet without having to worry about “Big Brother” monitoring your traffic. This is also useful when you are traveling and are using an public network to do secure transactions (e.g. financial transactions). The only thing that can be seen by a packet sniffer is just a bunch of SSH encrypted packets being sent to your remote machine. Sniffer applications will have no idea what the contents of the packets are and where their true destinations are.