10/02/2016

Secure browsing and Escaping firewall by using SSH

Secure browsing and escaping firewall by using SSH

This article about how to build a secure browsing environment and how to escape firewall rules or even escaping ISPs rules over browsing (HTTP and HTTPS).

The idea here is to forward all your traffic down in a tunnel(SSH tunnel) into another server and that server forwards your traffic to its destination point.
The SOCKS protocol binds your browser to the tunnel via a local port.
First we going to try it on Linux OS and then on Android.

Linux OS

Components:
1- SSH installed on your local machine
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser

How To Do :

1- Establish a SSH tunnel between your local machine and the remote SSH server
ssh -D 4321 -f -C -q -N user@remote -p 22
-D : Launch a SOCKS server (SOCKS4 and SOCKS5 only) and bind it to a local port 4321
-f : Send ssh to go to background
-C : Enable compression mode for all data
-q : Enable quiet mode to suppress all warnings and messages
-N : Not to execute any remote commands
-p : SSH remote port

Note: Only root can forward privileged ports

So let's suppose i got a SSH server on www.xshellz.com with username "HamzaMegahed"
When i execute this command
ssh -D 4321 -f -C -q -N HamzaMegahed@shell.xShellz.com -p 22
Nothing happens because the program now is working in the background

Note: You can choose your own (4321 is just an example)
Note: You can make sure that the process in working in the background using ps aux | grep ssh
The output should be something like "ssh -D 4321 -f -C -q -N HamzaMegahed@shell.xShellz.com"

2- Bind your browser to SOCKS port
In Firefox
From Edit menu ---> Preferences --> Advanced --> Network --> Settings
Choose "Manual proxy configuration"
Delete all data from all data for (HTTP, SSL, FTP) and set ports to 0 except SOCKS Host
Set SOCKS Host to 127.0.0.1 or localhost and set SOCKS port to 4321


POC :

Now we gonna try to block all HTTP requests and then try to go escape that block
- We gonna use iptables to drop all HTTP (port 80)
iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
Now all outgoing communications to port 80 will be dropped and you can confirm it by using any internet browser

Note : The previous rule only if you want POC , and after you finish You have to delete that rule or you firewall is going to block all your HTTP requests
you can flush all iptables rules with iptables -F

- Then build our SSH tunnel
ssh -D 4321 -f -C -q -N HamzaMegahed@shell.xShellz.com -p 22
- Then bind the browser to SOCKS port (4321)
You will see that now port 80 is now working fine!

Configure SOCKS proxy in whole mode:
You can configure your local system to run all communications through SOCKS proxy without configuring each program (you don't have to configure your Internet browser also)
1- Open gnome-control-center
2- Choose Network
3- Choose Network proxy
4- Set method to "Manual"
5- Clear all then set SOCKS host to 127.0.0.1 and Port 4321


Disable tunneling mode:

If you want to stop the tunneling first ps aux | grep ssh
and kill the process with a name like this "ssh -D 4321 -f -C -q -N HamzaMegahed@shell.xShellz.com" by its PID number . Don't forget to set your browser back to "Use system proxy settings" when you done tunneling.
In case you run whole mode just set the method to "None" and kill the SSH process.

Note: You can use this exact method on Windows OSs using PuTTY.
Note: You can choose any other Internet browser and do the same proxy configuration.

On Android
Components:
1- SSH installed on your android (i'm going to use ConnectBot)
2- Remote SSH server, you can get one for free http://shells.red-pill.eu
3- Internet browser

How TO DO:
1- Establish SSH connection between your mobile and the remote server by creating a new connection to ssh by entering UserName@RemoteHost:Port So in my case HamzaMegahed@shell.xShellz.com

after starting the connection then enter my password when prompted

2- Configure port forwards by click on the menu then select port forwards then hit the menu again and select add port forward.
Choose a name for the port forward then change type to Dynamic(SOCKS) then set source port to 4321 then hit create port forward.


In Firefox:

Open Firefox and in the URL bar enter about:config
click on search icon and search for "socks" and do this configuration exactly
set network.proxy.socks --> 127.0.0.1
set network.proxy.socks_port --> 4321
set network.proxy.socks_remote_dns --> true

click on search icon again and search for "proxy.type"
set network.proxy.type --> 1

Done !!
You can make sure by checking your ip address

Note : You can setup a public key authentication to skip entering your password each time.
1- click on menu and select Manage pubkeys then click again on the menu and select generate.
2- Choose a name for your key and select Load key on start then generate.

3- Long press on your key and then select copy public key.
4- Access your ssh and then execute echo "paste your key here" >> .ssh/authorized_keys  .Make sure the key is loaded before you access the server or public key authentication fails.

Disable tunneling mode:

1- Click on menu and select disconnect. 
2- From Firefox hit about:config.
3- Search for "socks" and reset all Values.
4- search for "proxy.type" and reset it to 5.


No comments:

Post a Comment