Dress To Survive

Thank you for doing this for me

Just a thought as well: using tor sacrifices more speed than I am willing to wait for.

I do pretty much the same thing with just SSH and firefox, ssh has built in proxying already.

ssh -ND 8080 user@server.myhostname.com then just set the localhost:8080 socks proxy in firefox. You’ll still need to watch out for your DNS request. There is a setting in Firefox to make it proxy through ssh to the proxy also.

It need not be so complicated. If you have OSX or Linux at home, forget Squid and use the SOCKS5 proxy built into SSH:

ssh -f -N -x -D5000 username@home.machine.net

… then you can can setup your apps to explicitly use the proxy, or configure proxy settings in System Preferences > Network > Proxies (in OSX) for system-wide use. Just specify “localhost” as the proxy server, SOCKS5 as the proxy type, and 5000 (or whatever you like) as the port as the proxy host and you’re ready to go.

Also, you need only forward port 22 (the SSH port) from your router to your computer.

BTW - It goes without saying that this isn’t strictly anonymizing, the traffic appears to come from your home router. If you are doing something nefarious, you best keep that in mind.

Also, best to configure SSH to NOT accept passwords and use key-based access only. If you don’t do that, you run a much greater risk taht someone will brute-force access to your home machine.

cool idea
thanks…

[...] to mention during the interview. For example, I wanted to touch on my article on setting up an anonymizing proxy for OS X. I also jotted down quick notes on common questions. Some of these [...]

This is not anonmyizing. This is redirection. Tor and Jap are anonmyizing proxies. This is merely tunneling your traffic through a remote host. The firewall admin merely has to block ssh to your host to defeat it.

we don’t have a firewall at work but if we did I would quit. i love using high speed to check out sites i shouldn’t.

g.

Won’t the DNS lookups still go to the company (work) network? Tor/privoxy provide a way of redirecting the DNS lookups as well.

[...] Pesky Firewalls At Work With OS X Filed under: Uncategorized — recar @ 6:07 pm Beat Pesky Firewalls At Work With OS X I’ve written a comprehensive guide to visiting your favorite sites from your least favorite [...]

Trivial. And btw, you can do the same with any system, all you need is to get a proxy up running and establish the ssh tunnel.

Now, where I work, ssh is blocked, all internet access is through a web proxy. What I would like is a client app that will pack any traffic as https (yup, must be encapsulated with ssl to avoid deep packet inspection at the proxy) request forwarded to my home proxy. The home proxy will decode the traffic and forward to the correct recipient.

If that is possible any firewall can be defeated definitively, at the cost of lower MTU.

[...] read more | digg story [...]

nice!

some extra tips:
* use the ssh compression-option, might speed things up considerably as well
* use the firefox switchproxy add-on to easily switch between your normal and ’secure’ proxies

erik n: where i work i have putty (windows ssh client) connect to my ssh server op port 443 (on which openssh is listening off course). once putty knows which proxy to connect with and how to authenticate, it just passes through the proxy (which allows all encrypted outbound traffic to servers on port 443) without a worry.

mike: you can have firefox tunnel the dns-requests throurgh the ssh-tunnel as well, using (changing) the “network.proxy.socks_remote_dns”-setting in about:config.

I use Tor and it is much better with images turned off. There’s a really nice Firefox extension called ‘ImgLikeOpera’ that gives you the ability to toggle them on and off.

You can make this much more secure/safe if you only allow port 22 thru your home firewall/router and keep SquidMan configured to only allow localhost.

Because you are sending your traffic thru SSH it will look to your home machine like requests are coming from the home machine.

if you were to do this where I work you’d get caught and fired very quickly, this stuff is to easy to detect, its an april fools joke right?
tr

[...] Anonymizing Proxy for OS X Warning: This post is technical and atypical of normal content. Please refrain from heart attacking. (I am a programmer […] [...]

[...] it’s a few years late, but here is an excellent post on how to set up an anonymous proxy server on your home machine running Mac OS X, and then use it at work to avoid internal monitoring and/or [...]

Thanks a lot. This was not an easy thing to do.

in a properly configured network this would not work, if your network admin is so lacklustre that it does, you might as well bribe them with beer as go through all this. A proxy at work should be the only device capable of accessing the web through the firewall all your clients access that proxy - yes it breaks some things on the web but it stops this kind of thing and if something that is broken needs fixing you can always explicitly allow that device through your ‘pesky’ firewall.

I think you’re actually trying to get round the content filtering rather than the firewall itself.

In any case if your IS & HR teams have done their job, any attempt to circumvent the security infrastructure will be a disciplinary matter

In the original design, you can let the proxy restricted to localhost only and use “ssh -L local_proxy_port:127.0.0.1:8080 Username_at_home@home_IP_address”, that should work too and be more secure (you do not want an open proxy). Forwarding the ssh port is enough. If your home ip changes often, get DynDNS. The -D option (”ssh -D local_proxy_port username@homebase” is better anyway as you do not need the Socks Proxy on homebase. If the SSH-Port 22 is blocked, maybe the IMAP-Port 143 is not. If you do not leave any logs, it might raise suspection, and the connection over your homebase will be slower than the direct way. Use FoxyProxy (firefox extension http://foxyproxy.mozdev.org/ ) for easy surfing if you only want to avoid the content filter and dont mind the admins seeing what you do on the non-blocked sites: Each time it discovers that a web site is blocked, it opens it using another proxy and remembers that. Sites can also be manually added.

But remember: You risk getting caught, and getting caught is bad. In my school, it meant trouble. (Guess why I know this details and why I want to stay anonymous) At work, it might mean a permanent solution to the content filter problem, as when you are fired, you do not need to worry about it anymore.

There is also (especially good for dormitories that have filtered internet access only) to run not only a ssh, but a VPN over the open port. EVERYTHING then works. Bittorrent, Edonkey, World of Warcraft, IRC, surfing without proxy, just a little slow (you probably won’t want to play Counterstrike, but WoW might work fast enough). Only drawback is that you may loose the connection to other subnets on the LAN while connected to the VPN. The admin will go postal when I show him (and other people of course) how his filter is worthless just a day before leaving *g*.

[...] and Responses 3 04 2007 The content filtering was really the locus of the issue I was trying to solve, as fanatical pointed out. To be honest, the Girlfriend wanted to play Neopets and it was filtered [...]

[...] Anonymizing by proxy Filed under: OSX — 0ddn1x @ 2007-04-03 15:35:54 +0000 http://dresstosurvive.wordpress.com/2007/04/01/anonymizing-proxy-for-os-x/ [...]

[...] Anonymizing Proxy for OS X « Dress To Survive (tags: mac howto tools) [...]

[...] Anonymizing Proxy for OS X « Dress To Survive (tags: osx proxy howto security mac networking apple) [...]

hello
in need u send me weekly anti filters
bye

I suppose this will not work when I am behind a router?
Does not seem to work for me? Testing my IP it is still showing my “real” IP.

hello i need an anti filter weekely plese send by

This post should be updated to reflect ssh’s builtin socks protocol. Its about 100x easier than this post with no detrimental effect. The encryption starts at the same point and ends at the same point. Also with ssh’s socks protocol you could actually be anonymous (think buying prepaid credit card then buying some cheap hosting under a fake name).

I use the ssh tunnel proxy solution and have it setup via the system properties but this does not seem to affect terminal apps like telnet. is there a way to force terminal apps or python apps to go through the proxy server?

Hi Jim. Photos i received. Thanks

Thanks for the tip. How can I setup a web page which allows me to type in the URL of the sites I want to visit? The connections config on my browser has been locked to prevent changes on the browser at work (remote pc).

This isn’t anonymizing. How does this hide your ip address from remote hosts?

I want to disguise my (blacked-out) country of origin in order to receive (paid-for) content. Will this format work for me?

[...] using simple tools in OS X. After this, you’ll have your own encrypted anonymizing proxy.read more | digg [...]

[...] using simple tools in OS X. After this, you’ll have your own encrypted anonymizing proxy.read more | digg story Posted in Uncategorized RSS 2.0 | Trackback | [...]

[...] using simple tools in OS X. After this, you’ll have your own encrypted anonymizing proxy.read more | digg [...]

When I enter in the terminal code i get this
“Macintosh-10:~ 11mennis$ ssh -L local_proxy_port:home_IP_address:8080 Username_at_home@home_IP_address
Privileged ports can only be forwarded by root.”

What should I do?

In terminal responds with “Privileged ports can only be forwarded by root.” on a macbook running OS X 10.5.2 and a macbook pro running the same. Any ideas?

stupid question -

I’m in europe and from here i get blocked when trying to access sites like pandora, etc, is squid the programme for me and if so, how do i use it?

sorry for the stupidness of the question - but any solution to my problem would be greatly welcomed!
Thanks!

I am also having problems. Got all the way to the last step and it says error resolving hostname. No address associated wit node name. I followed the directions to a tee