Escaping firewall using SSH
This article about how to build a secure browsing environment and how to
escape firewall rules or even escaping ISPs rules over browsing (HTTP and HTTPS).
The idea here is to forward all your traffic down in a tunnel(SSH tunnel) into another server and that server forwards your traffic to its destination point.
The SOCKS protocol binds your browser to the tunnel via a local port.
First we going to try it on Linux OS and then on Android.
Components:
1- SSH installed on your local machine
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser
How To Do:
1- Establish a SSH tunnel between your local machine and the remote SSH
server ssh -D 4321 -f -C -q -N user@remote -p 22
-D: Launch a SOCKS server (SOCKS4 and SOCKS5 only) and bind it to a local port 4321
-f: Send ssh to go to background
-C: Enable compression mode for all data
-q: Enable quiet mode to suppress all warnings and messages
-N: Not to execute any remote commands
-p: SSH remote port
Note 1: Only root can forward privileged portsSo let’s suppose i got a SSH server on www.xshellz.com with username “HamzaMegahed”, when i execute this command
ssh -D 4321 -f -C -q -N [email protected] -p 22
Nothing happens because the program now is working in the background.
Note 2: You can choose your own (4321 is just an example)
Note 3: You can make sure that the process in working in the background usingps aux | grep ssh
and the output should be something likessh -D 4321 -f -C -q -N [email protected]
2- Bind your browser to SOCKS port
In Firefox –> From Edit menu –> Preferences –> Advanced –> Network –> Settings –> Choose “Manual proxy configuration” –> Set SOCKS Host to 127.0.0.1 or localhost and set SOCKS port to 4321
Now we gonna try to block all HTTP requests and then try to go escape
that block iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
Now all outgoing communications to port 80 will be dropped and you can confirm it by using any internet browser
Note 4: The previous rule only if you want PoC, and after you finish You
have to delete that rule or you firewall is going to block all your HTTP requests, you can flush all iptables rules with iptables -F
Then build our SSH tunnel ssh -D 4321 -f -C -q -N [email protected] -p 22
Then bind the browser to SOCKS port (4321) You will see that now port 80 is now working fine!
You can configure your local system to run all communications through SOCKS proxy without configuring each program (you don’t have to configure your Internet browser also)
1- Open gnome-control-center
2- Choose Network
3- Choose Network proxy
4- Set method to “Manual”
5- Clear all then set SOCKS host to 127.0.0.1 and Port 4321
If you want to stop the tunneling first ps aux | grep ssh
and kill the process with a name like this ssh -D 4321 -f -C -q -N [email protected]
by its PID number, don’t forget to set your browser back to “Use system proxy settings” when you done tunneling.
In case you run whole mode just set the method to “None” and kill the
SSH process.
Note 5: You can use this exact method on Windows OSs using PuTTY.
Note 6: You can choose any other Internet browser and do the same proxy configuration.
Components:
1- SSH installed on your android (i’m going to use ConnectBot)
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser
How TO DO:
1- Establish SSH connection between your mobile and the remote server by
creating a new connection to ssh by entering UserName@RemoteHost:Port
, in my case [email protected]
After starting the connection then enter my password when prompted
2- Configure port forwards by click on the menu then select port forwards then hit the menu again and select add port forward.
Choose a name for the port forward then change type to Dynamic(SOCKS), then set source port to 4321 then hit create port forward.
3- Open Firefox and in the URL bar enter about:config, then click on search icon and search for “socks” and do this configuration exactly
set network.proxy.socks –> 127.0.0.1
set network.proxy.socks_port –> 4321
set network.proxy.socks_remote_dns –> true
click on search icon again and search for “proxy.type”
set network.proxy.type –> 1
Done !!
You can make sure by checking your ip address
Note 7: You can setup a public key authentication to skip entering your password each time.
1- click on menu and select Manage pubkeys then click again on the menu and select generate.
2- Choose a name for your key and select Load key on start then generate.
3- Long press on your key and then select copy public key.
4- Access your ssh and then executeecho "paste your key here" >> .ssh/authorized_keys
. Make sure the key is loaded before you access the server or public key authentication fails.
1- Click on menu and select disconnect.
2- From Firefox hit about:config.
3- Search for “socks” and reset all Values.
4- search for “proxy.type” and reset it to 5.