Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hiding web traffic using SSH and Provoxy
#1

If you have been following my discription of SSH, you know that you can use ssh to create an encrypted tunnel from your local machine to some other machine on the network. I have already shown a method to tunnel your pop3 traffic to get those clear text passwords off the network. I have also shown a method of redirecting your NNTP traffic through a distant machine to 1) take advantage of the distant machines access to NNTP servers that you might not have access to, and 2) encrypt and tunnel your NNTP traffic off your current network to bypass obvious firewall logs and in the case where your system administrator might not appreciate you spending time reading usenet.

 

In this discussion, I'm going to show a technique of doing a similar thing with your web browsing traffic. By using a program called Privoxy, you can redirect all of your web browsing activity across an SSH tunnel and out through a machine on another network.

 

From the Privoxy home page at: [/url]http://www.privoxy.org/ "Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks"

 

Using this setup, you can take advantage of Provoxy's filtering capabilities to clean up some of the crap that comes across the network and onto your browser's window. OR, you can simply turn off the filtering and take advantage of Privoxy's web proxy functionality and use it only as a means of redirecting your traffic. The choice is yours and I leave it up to you to read the detailed directions that come with Provoxy to determine how you wish to use it.

 

This configuration is as follows:

 

Install Privoxy on your remote machine. My configuration, will all the comments stripped out is as follows:

 

user-manual file:///usr/share/doc/privoxy-3.0.2/user-manual/

confdir /etc/privoxy

logdir /var/log/privoxy

actionsfile standard # Internal purpose, recommended

actionsfile default # Main actions file

actionsfile user # User customizations

filterfile default.filter

logfile privoxy.log

jarfile jarfile

trust-info-url http://www.example.com/why_we_block.html

trust-info-url http://www.example.com/what_we_allow.html

debug 1 # show each GET/POST/CONNECT request

debug 4096 # Startup banner and warnings

debug 8192 # Errors - *we highly recommended enabling this*

listen-address 127.0.0.1:8118

toggle 0

enable-remote-toggle 1

enable-edit-actions 1

buffer-limit 4096

 

The majority of these options are default. The only critical option is the "listen-address" and you notice that I have it set to listen to localhost (127.0.0.1) and listen on port 8118. A handy option, but not critical, is to set your enable-remote-toggle and enable-edit-actions so that you can change your privoxy configuration from your browser without having to edit the config files directly. More information about that is contained in the Privoxy documentation.

 

When these options are set, start privoxy on your server and turn your attention to your client machine.

 

In my case, I configured my SSH client (SecureCRT) to open a tunnel from my local machine's port 40001 to port 8118 on the remote server running privoxy. Each SSH client is different so instead of going through the steps for multiple clients, I will stick with the configuration commands as if you were using OpenSSH's command line client on your local machine.

 

The SSH command line to open a tunnel from your local machine to a remote machine and redirect traffic from local port 40001 to remote port 8118 is:

 

ssh -L40001:remote.example.com:8118 remote.example.com

 

Note: this configuration would open a local terminal from the remote machine and the connection would stay up until you closed the connection. Read the previous SSH Tips-and-Tricks for suggestions on how to put this connection into the background.

 

Once the above connection is established, open your broswer window, go to the configuration, and find the section for configuring a proxy

 

In Firefox it is: Tools -> Options -> Connection Settings

Set the option for "Manual Proxy Configuration" and an entry for HTTP Proxy and SSL Proxy that looks like "localhost" and port "40001". Privoxy will not proxy FTP or Gopher so leave those options alone. Then restart your broswer.

 

The above Privoxy configuration has Privoxy logging its activity to /var/log/privoxy/privoxy.log on your server. I suggest opening a terminal on your server, perhaps the one that holds the connection for your SSH tunnel, and run a "tail -f /var/log/privoxy/privoxy.log" in that window. As you browse, you will see activity in that logfile on your connections. This is a good test to make sure that your configuration is working. Another test is to type [url=http://p.p/]http://p.p/ into your browser address bar. If you are using Privoxy, a Privoxy status window will appear that you can also use to modify your Privoxy configuration.

 

Note: The /var/log/privoxy/privoxy.log contains a list of every url you visit. If you are concerned about privacy, and I assume you are because you have read to this point, you probably want to clear that logfile every few minutes. You might want to use a simple crontab entry that runs "> /var/log/privoxy/privoxy.log" regularly. Another solution might be to "ln -s /dev/null /var/log/privoxy/privoxy.log" and send all the output directly to null.

 

Have fun.

 

P38

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)