|« It pains me to say it||Hacking with socks »|
Wed, Apr 25, 2007
If you have to use Windows from various locations/computers, and are frustrated by firewalls or worried about who might be snooping on your browsing, this guide is for you.
This guide was written with Portable Apps in mind, and assumes that the remote machine you will be using is an always-on Linux PC. You can, however, use the non-portable versions of the software and adjust the instructions for other operating system combinations with very little difficulty.
To begin with, on your home computer, you need SSH. If you are connected to the web via a router, you can use SSH with its default configuration. Otherwise, if your PC can be directly accessed from the web, you must edit the configuration file /etc/ssh/sshd_config and change the port number from 22 to 443.
If you have a router, you must set it to direct all traffic to its port 443 to be forwarded to your PC's port 22. On my router, this looks like this (Click image to enlarge):
(10.0.0.3 is my home PC's address on the LAN.)
The reason we change the default SSH port is that some firewalls only allow web traffic through: They ban connections to port 22. To bypass this, we set SSH to listen instead on port 443, which is the port usually used by secure web pages - the ones with the https:// addresses with the locked-padlock icon. It just gives us a higher chance of being able to connect no matter where we are.
That should be pretty much all the configuration on your home PC done. The only other thing you need to know is your home machine's IP address. It helps if you have a static IP address here, but it's not vital: Just check the IP every time you reconnect.
Now let's switch to a Windows PC and install our Portable Apps. Go to the web page and download the portable versions Putty, plus Firefox, Thunderbird, Gaim, and/or any other packages you may want. Install them onto your USB stick.
Now run putty.
In the "Host name" field, put your home IP address, and change the port from 22 to 443:
Now in the Connection - SSH - Tunnels window, enter a port number such as 5678, check "Dynamic" and "Auto", then click "Add"
You should get the port number, prefixed with a "D", in the forwarded ports box:
That's all. Go back to the Session window, enter a "Saved sessions" name and click "Save"
This, when run, will give you a secure tunnel home if you have a direct web connection. If, however, you are behind a proxy server, you need to let Putty know about that.
Internet Explorer will usually be configured with the correct proxy settings, so find them from here: Tools - Internet Options - Connections - LAN Settings and see what's in the "Proxy server" field. Copy these settings into Putty's Connection - Proxy window as an HTTP proxy. If a username & password is needed, enter those too. Then return again to the Session window, enter a different name for the proxy-using settings, and click Save again.
Now double-click the appropriate saved session, and Putty will open an SSH connection to your home PC. It should look just like a normal shell, such as you'd see in any xterm window.
Now start up the portable Firefox. Tools - Options - Advanced - Network - Settings. Check the "Manual proxy configuration" radio button. Leave all fields blank, except for the "Socks host" entry. Set this to "localhost" and set the port to whatever you told Putty to use - in the above examples, 5678.
"Okay" everything, and now in the Firefox address bar, enter "about:config" and press "Return"
In the "Filter" box, type network.proxy.socks, right-click on the "network.proxy.socks_remote_dns" option, and select "Toggle" to make this entry "True"
Firefox should now be set up to use the tunnel set up by Putty: If you have web access at this point, you have succeeded. The process for setting up Thunderbird is much the same, only the "about:config" screen is accessed through Tools - Options - Advanced- General - Config editor. Other than that, the same settings apply.
To make "Gaim" work, go into "Preferences". In the "Networking" tab, configure it to use a SOCKS5 proxy, with the usual localhost and port number settings.
Gaim should now connect just fine.
Because all your web traffic is now running through the SSH connection, it is secure from any local snooping: All the web surfing is actually being done by your home PC, and uploaded through the encrypted connection to your local PC. Even the server you are connected to the Web through cannot see what you are doing, or what port you're doing it on, so long as the Putty connection is maintained.
|<< <||> >>|