divisionbyzero

In our first installment, we looked at some solutions to provide a hospitable environment for proxy evasion. Today, we’ll dig deep into how to do this with my favorite protocol of all time, SSH.

OpenSSH is a glorious implementation of a critical network protocol. Most networks have disabled and banned the use of telnet, rsh, and ftp in favor of the more “secure” SSH protocol. OpenSSH runs on every platform I’ve encountered (using CygWin on Windows). SSH provides an encrypted channel for data transfer. Usually that’s Keyboard Interactive Sessions or Files (using SCP), however SSH is capable of setting up multiple channels and acting as a SOCKS4 or SOCKS5 Proxy.

From the manual:

-D [bind_address:]port

Specifies a local ``dynamic'' application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address.  Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine.  Currently
the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
as a SOCKS server.  Only root can forward privileged ports.  Dy-
namic port forwardings can also be specified in the configuration
file.

That’s a lot of technical mumbo jumbo, so what does it mean?! Well it means that if you have ssh and an ssh server outside of your work network that you can connect to, you can SOCKS5 Proxy all your Interesting Traffic elsewhere by issuing this command:

ssh -D3128 server

Then pointing your applications to SOCKS5 Proxy localhost port 3128 will encrypt all the traffic between you and the server that you’re connecting to. This only provides privacy from the LOCAL or CORPORATE network, and does not encrypt your traffic on it’s way to it’s external destinations!!!!

In the next installment, we’ll cover PuTTY.exe and how to evade proxies on Windows platforms.