Simple SSH Tunneling with FoxyProxy

Ever been to a coffee shop and got worried about hopping on their public wifi network to check your email?  If not, you should have been, and you should presently be concerned about wifi security anywhere you go — a topic we have covered here many times.

If you have remote access to a computer that runs SSH, you can quickly and effectively create a tunnel which will encrypt and protect your traffic while on a public wifi network.  It’s easy to set up and easy to use, as long as you can SSH into a server somewhere using Putty (on Windows) or the command line on Mac or Linux.

Setting Up Firefox

  • First, go get yourself hooked up with the FoxyProxy extension for Firefox.  Once that is set up and installed, you will see a new link for FoxyProxy in the bottom-right part of Firefox’s status bar.
  • Right-click that link and choose “Options”.
  • Click “Add new proxy”.  On the “General” tab, make sure all checks are enabled. You can give this new proxy connection a name if you want to.
  • On the “Proxy Details” tab, check “Manual Proxy Configuration”.
  • In “Host or IP” enter: localhost
  • Choose a port number, such as 8080 for the Port field. Remember that number.
  • Click the “SOCKS Proxy?” checkbox.
  • Click OK to close the settings tab. If you receive a warning about URLs, click OK to accept it.

Creating A Tunnel

Now fire up Putty or otherwise make a connection to your machine running SSH.  Be sure to use the following format:

That will start your SSH connection using the dynamic port forwarding option, and tells it to run over port 8080 (the port you set up in FoxyProxy) when it does so.  You will still be connecting to your server on the standard port 22.

Back in Firefox, right-click the FoxyProxy link again in the bottom bar, and select the proxy you set up before.  Voila – you are now tunneled.

You need to know that all that is being tunneled is what you are doing in Firefox.  Other apps you might want to use will need to be set up for using a proxy if you intend to have their traffic tunneled as well!


About Will Chatham

Will Chatham is an Information Security Analyst, OSCP, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

5 Comments

  1. I recently wrote a post on my own blog about this same thing exactly: http://blog.banditdefense.com/2009/03/27/dont-trust-your-network-tunnel-your-traffic/

    The only thing is I’m pretty sure you can’t use putty in windows to open the tunnel. Putty can be used for normal port forwarding, but it doesn’t have the ability to open dynamic tunnels. I suggested instead to download a windows port of OpenSSH.

  2. Good point, m0rebel. I hadn’t actually tried this on Windows when I wrote it. Thanks for clarifying!

  3. Putty actually can be used to do this on windows:

    putty -ssh @ -D 5555

    throw that in a shortcut or put putty in your /windows and run it from the RUN dialog box 🙂

  4. durrrr html filter took out part of the command, put the ip of the ssh server after the @ (no space inbetween)

  5. This post is going into my bookmarks.

Leave a Reply