I’ve been playing around with VPN’s and ssh tunnels to try and get my ipod touch to use something secure when I’m connecting to random wireless networks. Needless to say it’s not working so great. I want my itouch to tunnel everything through ssh to my server at home, but Apple hasn’t ever thought of that nor can I find any application to do so (and probably won’t as it would need to run in the background which Apple doesn’t allow, at least when your not jailbroken). It’s leaving me little choice but to jailbreak or else I can’t have secure connections without setting up a VPN over IPsec which is about as fun as it sounds.
So while I was toying around with different things, it occurred to me that many people don’t know how to secure their traffic and prevent people form listening in. I’m going to show you how you can take a windows PC or laptop, and route web traffic through a shell account you have ssh access to. I’ll then show you how to setup FireFox and the SwitchProxy extension to use the tunnel efficiently, as well as the basic premise to make any program you have access the tunnel as well.
First I guess I should explain just why you’d want to go to the trouble of doing all this. Well, whenever you use someone else’s connection whether it be a wireless access point at a coffee shop, shopping mall, neighbor’s or even plugged into a school’s network the bulk of your web traffic is sent as plain text. This means anyone who wants to can probably listen in on anything you say to your friends on an IM client, or even check your email if your not enforcing SSL. Even on a WPA or WEB enabled wireless connection your data would be easy enough to sniff if the attacker has time enough to crack the key. I know many people who even go to a coffee shop and setup their own laptop to act like an access point, collecting all the information for anyone who connects to it, in a classic man-in-the-middle attack.
Alright, so the first thing you need to do is open Putty. If you don’t have Putty already get it, it’s one of if not the best terminal program for Windows! Alright now that it’s open to go ‘SSH > Tunnels’ on the left hand menu. In this section, click on the radio button marked ‘Dynamic’ and put ‘9999’ (or any port of your choosing, providing it’s not in use) in the ‘Source port’ text box, click “Add”.
Now go to the ‘Session’ Menu on the left side again, and enter the server information. Then Name it, and click save. it should look something like this:
Alright so now that the session is saved with your tunnel settings your now ready to go. Login to your shell, and just leave it there for now (you can do anything you’d normally do, except leave [which will close the tunnel]), and open FireFox. Go to Tools > Options, then select the ‘Advanced’ Tab and click on ‘Settings’ where it says “Connection: Configure how FireFox connects to the Internet”.
Now select “Manual Proxy Configuration” and for the “SOCKS Host” enter ‘localhost’ and ‘9999’ for the port (unless you specified something else earlier). Accept all changes. Your now browsing the web through FireFox securely through your new SSH tunnel. Keep in mind if you close your Putty terminal you’ll get ‘connection refused’ messages until you either reconnect to the shell or you go into your settings and remove the proxy.
Now that you have the basic premise of how to setup your SSH tunnel through Putty, we’re going to install the SwitchProxy Firefox extention to make the switch to secure browsing simple and quick. SO go ahead and grab a copy of SwitchProxy from the Mozilla Add-on website. Install it, then restart FireFox (as required). You’ll now notice that in the bottom right corner it’ll say “Proxy: None”. You’ll also notice an annoying toolbar, which you can right-click on and remove luckily.
Alright, so right-click the bottom right corner, and select “Manage Proxies”, click “Add” then select “Standard”, name it, enter ‘localhost’ for the ‘SOCKS proxy’ and ‘9999’ for the port, and finally select “SOCKS v5″ and save changes. You can now right-click SwitchProxy in the bottom corner, and select ‘SSH Tunnel” (or whatever you named it) and switch effortless back and forth between secure and default connections.
Phew. That seemed like a bit of work, but it’s well worth it to have this setup for whenever you may find yourself in unknown territory. Keep in mind you can set ‘localhost’ and port ‘9999’ as ANY proxy you find in any program you use in order to secure it. Pidgin, MSN, AIM are all good candidates as are POP3 and IMAP mail clients if they aren’t (and even if they are) SSL enabled.
I hope this guide helps at least someone out there. If anyone has an ideas on how to tunnel through on an ipod touch be sure to let me know.
Edit: You may also want to go into FireFox’s about:config (but entering it into the address bar) and changing network.proxy.socks_remote_dns to true. This will send DNS requests to the tunnel as well for added anonymity.