Recently I accepted a job proposition in Shenzhen/China. So, China here I come. Things are great here, western propaganda has nothing to do with what's going on here, except one thing: internet filtering. Google results are censured, so only "accepted" results are displayed, sites like facebook.com, twiter.com, youtube.com, thepiratebay.org, openvpn.net and so many more... What do you do to pass this filtering? The solution is to encrypt your browsing session.
Using a simple SSH command, I can encrypt all my web browsing traffic and redirect it through a trusted computer when I'm on someone else's network. Today I'll set up a local proxy server that encrypts my online activity from my desktop. Here's how:
What I'll need.
- a SSH server to act as your proxy
- a SSH client on the computer you're using
Note: Mac and *nix machines have SSH client built right in at the command line. Windows users can set up OpenSSH with Cygwin or PuTTY
What we are going to do.
What I am doing is setting up a "middle-person" (the SSH server which will act as a proxy) between me and the internet. Using the proxy, my browser hands off web page requests to the proxy server, which handles the request and fetches the page for me from the internet. The web site actually thinks the request is coming from the proxy server, not from my computer, which is a good way to obscure my originating IP address.
The good thing about this is my traffic is over SSH which is an encrypted protocol. This prevents wifi sniffers from seeing what I am doing online.
Setting up the server.
On the computer which is acting as desktop I am going to open up a connection to the SSH server:
ssh -ND 9999 firstname.lastname@example.org
What this command does is hand off requests to localhost, port 9999, to the SSH server at test.org to handle.
- if your SSH server listen on different port that standard port (22/tcp), it can changed using -p switch
- the -N tells SSH not to open an interactive prompt, so it will just hang there, waiting. That's exactly what I want.
Setting up the client.
Once proxy's up and running, configure Firefox to use it. From Firefox's Tools menu, choose Options, and from the Advanced section choose the Network tab. Next to "Configure how Firefox connects to the Internet" hit the "Settings" button and enter the SOCKS information, which is the server name (localhost) and the port you used (in the example above, 9999.)
Save those settings and hit up a web page. When it loads, it's actually coming from the proxy server over an encrypted connection.
- Set your proxy server to resolve DNS requests instead of your computer; in Firefox's about:config area, set network.proxy.socks_remote_dns = true.
- For those with slower connections, you can use the -C command line option to use SSH's compression (gzip).