Security Stuff!!
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode
  1. Hamza Megahed
  2. /
  3. Escaping firewall using SSH

Escaping firewall using SSH

This article about how to build a secure browsing environment and how to escape firewall rules or even escaping ISPs rules over browsing (HTTP and HTTPS).
The idea here is to forward all your traffic down in a tunnel(SSH tunnel) into another server and that server forwards your traffic to its destination point.
The SOCKS protocol binds your browser to the tunnel via a local port.
First we going to try it on Linux OS and then on Android.

Linux OS

Components:
1- SSH installed on your local machine
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser

How To Do:
1- Establish a SSH tunnel between your local machine and the remote SSH server ssh -D 4321 -f -C -q -N user@remote -p 22

-D: Launch a SOCKS server (SOCKS4 and SOCKS5 only) and bind it to a local port 4321  
-f: Send ssh to go to background  
-C: Enable compression mode for all data  
-q: Enable quiet mode to suppress all warnings and messages  
-N: Not to execute any remote commands  
-p: SSH remote port

Note 1: Only root can forward privileged ports
So let’s suppose i got a SSH server on www.xshellz.com with username “HamzaMegahed”, when i execute this command
ssh -D 4321 -f -C -q -N [email protected] -p 22
Nothing happens because the program now is working in the background.
Note 2: You can choose your own (4321 is just an example)
Note 3: You can make sure that the process in working in the background using  ps aux | grep ssh and the output should be something like ssh -D 4321 -f -C -q -N [email protected]

2- Bind your browser to SOCKS port
In Firefox –> From Edit menu –> Preferences –> Advanced –> Network –> Settings –> Choose “Manual proxy configuration” –> Set SOCKS Host to 127.0.0.1 or localhost and set SOCKS port to 4321

PoC

Now we gonna try to block all HTTP requests and then try to go escape that block iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
Now all outgoing communications to port 80 will be dropped and you can confirm it by using any internet browser

Note 4: The previous rule only if you want PoC, and after you finish You have to delete that rule or you firewall is going to block all your HTTP requests, you can flush all iptables rules with iptables -F
Then build our SSH tunnel ssh -D 4321 -f -C -q -N [email protected] -p 22
Then bind the browser to SOCKS port (4321) You will see that now port 80 is now working fine!

Configure SOCKS proxy in whole mode

You can configure your local system to run all communications through SOCKS proxy without configuring each program (you don’t have to configure your Internet browser also)
1- Open gnome-control-center
2- Choose Network
3- Choose Network proxy
4- Set method to “Manual”
5- Clear all then set SOCKS host to 127.0.0.1 and Port 4321

Disable tunneling mode

If you want to stop the tunneling first ps aux | grep ssh and kill the process with a name like this ssh -D 4321 -f -C -q -N [email protected] by its PID number, don’t forget to set your browser back to “Use system proxy settings” when you done tunneling.
In case you run whole mode just set the method to “None” and kill the SSH process.

Note 5: You can use this exact method on Windows OSs using PuTTY.
Note 6: You can choose any other Internet browser and do the same proxy configuration.

On Android

Components:
1- SSH installed on your android (i’m going to use ConnectBot)
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser

How TO DO:
1- Establish SSH connection between your mobile and the remote server by creating a new connection to ssh by entering UserName@RemoteHost:Port, in my case [email protected]

After starting the connection then enter my password when prompted

2- Configure port forwards by click on the menu then select port forwards then hit the menu again and select add port forward.
Choose a name for the port forward then change type to Dynamic(SOCKS), then set source port to 4321 then hit create port forward.

3- Open Firefox and in the URL bar enter about:config, then click on search icon and search for “socks” and do this configuration exactly
set network.proxy.socks –> 127.0.0.1
set network.proxy.socks_port –> 4321
set network.proxy.socks_remote_dns –> true

click on search icon again and search for “proxy.type”
set network.proxy.type –> 1

Done !!
You can make sure by checking your ip address

Note 7: You can setup a public key authentication to skip entering your password each time.
1- click on menu and select Manage pubkeys then click again on the menu and select generate.
2- Choose a name for your key and select Load key on start then generate.

3- Long press on your key and then select copy public key.
4- Access your ssh and then execute echo "paste your key here" >> .ssh/authorized_keys. Make sure the key is loaded before you access the server or public key authentication fails.

Disable tunneling mode

1- Click on menu and select disconnect.  2- From Firefox hit about:config.
3- Search for “socks” and reset all Values.
4- search for “proxy.type” and reset it to 5.