klange
December 1st, 2009, 09:25 PM
Well, you've come to right tutorial!
What is SOCKS?
SOCKS is a networking tunnel protocol developed in the 90s to facilitate communication through a firewall. The idea is that it captures everything - both TCP and UDP - from "SOCKSified" applications and pipes it through a tunnel out to an endpoint. There are a number of implementations of SOCKS, but the one we'll be using allows any computer running sshd (secure shell) to be a proxy server.
So what is SSH?
SSH, or Secure SHell, is a remote command line that you can find in any UNIX-based system - Linux, OS X, BSD, etc. Solaris would be in that Etc., you should know this. But wait, I'm running Windows! There are plenty of SSH servers for Windows, but I personally recommend grabbing all of cygwin and installing OpenSSH for it. OpenSSH is the shit, and cygwin makes any Windows machine worth using.
Okay, so why would I want to do this?
Put simply, we can do lots of fun things with this little combination, the most basic of which is using any computer we have SSH access to as a proxy server for everything - web browsing, instant messaging, even games (though Steam is a bitch and doesn't like being SOCKS'd...). I'm sure you've all been in a situation where access to certain websites has been blocked. This is a fast, super-secure and super-easy way around that!
So how is this different from all those proxy servers on the Internet?
It's different because, unlike HTTP proxies, no one in their right mind would ever block SSH. Ever. In fact, in most secured and firewalled environments, SSH is one of the few things that is always explicitly available. Why? Because it's secure and used by every last server administrator out there. Consider it the Bill of Rights of the Internet: The Right to SSH. It's also different because you have control of the endpoint.
And how do I set this up?
First you need a server running the ssh daemon. This is most typically your home machine. It also helps to have a domain name set up with it, especially if your IP changes often. I won't explain that process here. Next, get OpenSSH server running. With the cygwin stack, your normal username and password can be used to authenticate with SSH. Finally, you'll need a client. On anything UNIX, just use `ssh`; on Windows, get PuTTY. PuTTY is awesome and has the required features we need.
Let's assume our server back home is example.com and our username is Bob. On UNIX-like OSes, we do this:
ssh -D 1080 Bob@example.comSee that -D 1080? That says "host a SOCKS server on port 1080". Port 1080 is the standard for SOCKS. Note that you'll be prompted for a password unless you know what you're doing and set up your SSH server with fancy things like key authentication.
To do this from PuTTY, see this tab:
http://thinkhole.org/wp/wp-content/images/putty-tunnels.gif
(Just use 1080 for the port...)
Now we start up our browser, set its proxy settings for "SOCKS 5", server "localhost", port "1080", and viola, all of our traffic through our browser goes through our proxy! I recommend getting a plugin like FoxyProxy so you can easily turn the proxy connection on and off for Firefox (it's also available for Thunderbird if you want to proxy your mail).
You can also forward anything else using a SOCKSifier like WideCap (http://www.widecap.com/).
Tune in next week when I'll explain to you how to do all of this over DNS packets, effectively getting you free Internet at airports and hotels.
What is SOCKS?
SOCKS is a networking tunnel protocol developed in the 90s to facilitate communication through a firewall. The idea is that it captures everything - both TCP and UDP - from "SOCKSified" applications and pipes it through a tunnel out to an endpoint. There are a number of implementations of SOCKS, but the one we'll be using allows any computer running sshd (secure shell) to be a proxy server.
So what is SSH?
SSH, or Secure SHell, is a remote command line that you can find in any UNIX-based system - Linux, OS X, BSD, etc. Solaris would be in that Etc., you should know this. But wait, I'm running Windows! There are plenty of SSH servers for Windows, but I personally recommend grabbing all of cygwin and installing OpenSSH for it. OpenSSH is the shit, and cygwin makes any Windows machine worth using.
Okay, so why would I want to do this?
Put simply, we can do lots of fun things with this little combination, the most basic of which is using any computer we have SSH access to as a proxy server for everything - web browsing, instant messaging, even games (though Steam is a bitch and doesn't like being SOCKS'd...). I'm sure you've all been in a situation where access to certain websites has been blocked. This is a fast, super-secure and super-easy way around that!
So how is this different from all those proxy servers on the Internet?
It's different because, unlike HTTP proxies, no one in their right mind would ever block SSH. Ever. In fact, in most secured and firewalled environments, SSH is one of the few things that is always explicitly available. Why? Because it's secure and used by every last server administrator out there. Consider it the Bill of Rights of the Internet: The Right to SSH. It's also different because you have control of the endpoint.
And how do I set this up?
First you need a server running the ssh daemon. This is most typically your home machine. It also helps to have a domain name set up with it, especially if your IP changes often. I won't explain that process here. Next, get OpenSSH server running. With the cygwin stack, your normal username and password can be used to authenticate with SSH. Finally, you'll need a client. On anything UNIX, just use `ssh`; on Windows, get PuTTY. PuTTY is awesome and has the required features we need.
Let's assume our server back home is example.com and our username is Bob. On UNIX-like OSes, we do this:
ssh -D 1080 Bob@example.comSee that -D 1080? That says "host a SOCKS server on port 1080". Port 1080 is the standard for SOCKS. Note that you'll be prompted for a password unless you know what you're doing and set up your SSH server with fancy things like key authentication.
To do this from PuTTY, see this tab:
http://thinkhole.org/wp/wp-content/images/putty-tunnels.gif
(Just use 1080 for the port...)
Now we start up our browser, set its proxy settings for "SOCKS 5", server "localhost", port "1080", and viola, all of our traffic through our browser goes through our proxy! I recommend getting a plugin like FoxyProxy so you can easily turn the proxy connection on and off for Firefox (it's also available for Thunderbird if you want to proxy your mail).
You can also forward anything else using a SOCKSifier like WideCap (http://www.widecap.com/).
Tune in next week when I'll explain to you how to do all of this over DNS packets, effectively getting you free Internet at airports and hotels.