Security:Dynamic SOCKS Proxy

From AMSN
Jump to: navigation, search

Using a SOCKS proxy is one technique used to secure communications over the internet. In order to use a SOCKS proxy you need an account on a remote system with an SSH server. For example a machine at home that you can tunnel to from work would be a good example.

I won't go into detail about how to set up your machine for ssh. To use ssh, you need to install an ssh server on the server machine, and an ssh client on the client machine. Mac OS X has an ssh server pre-installed, you just need to turn on "Remote Login" in the Sharing panel of System Preferences. Linux users can install openssh, which provides the ssh client and server. To create a SOCKS proxy run the following in a Terminal:

ssh -D local_port remote_host -N -l remote_username
  • -D local_port
  • This acts as your SOCKS5 server port. All traffic sent to this port will be redirected appropriately.
  • remote_host
  • This is the SOCKS5 server. This is the remote machine that all your traffic will be tunneled through.
  • -N
  • No prompt. Else you get presented with shell prompt for the remote machine in your terminal, and people can do bad things if they get onto your computer.
  • -l remote_username
  • Your username on the remote machine.

Then in aMSN, in preferences, choose the Proxy method, and choose SOCKS5 with the host as remote_host and the port as local_port (as you chose earlier). All your traffic will now be sent through the SOCKS server you've set up.

Passing the -v flag to ssh gives verbose output:

debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 2: new [dynamic-tcpip]
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 7070 for login.live.com port 443, connect from 127.0.0.1 port 52945, nchannels 4
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: channel 4: free: direct-tcpip: listening port 7070 for contacts.msn.com port 443, connect from 127.0.0.1 port 52949, nchannels 6
debug1: channel 5: free: direct-tcpip: listening port 7070 for firewall.amsn-project.net port 80, connect from 127.0.0.1 port 52951, nchannels 5
debug1: channel 3: free: direct-tcpip: listening port 7070 for contacts.msn.com port 443, connect from 127.0.0.1 port 52947, nchannels 4
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 7070 for storage.msn.com port 443, connect from 127.0.0.1 port 52953, nchannels 4
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 7070 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 7070 for storage.msn.com port 443, connect from 127.0.0.1 port 52955, nchannels 5
debug1: channel 4: free: direct-tcpip: listening port 7070 for contacts.msn.com port 443, connect from 127.0.0.1 port 52957, nchannels 4
Personal tools