Friday, June 01, 2012

Extreme Browsing


If you are testing security or you simply want to surf without tracks you might enjoy TAILS which is a bootable DVD running Debian.  Essentially this will allow you to turn most any machine into a completely safe virtual browsing envrionment.  Check out the download here:

Surfing "Home Style" with Socks

SSH tunneling for a home-away-from-home experience.  Ever find yourself behind a corporate firewall or untrusted network and want to check your personal email or your facebook account to see what you need to bring to the party tonight?  If you just need to browse safely you can easily do this via SSH and get your encrypted session from wherever you are to home.  Your home computer will then make requests on your behalf and pass the data back to your browser in an encypted session. If you're checking email you can usually do this via the web as well even on your POP accounts as most POP providers have browser front-ends you can access if you have the URL.

How do you set up this little magic trick and surf stright though firewalls and super IDS/IPS systems?

1) Set up a linux box at home with port 22 (SSH) incoming and outgoing on your firewall.  (Make sure the account has limited privileges and a very strong password)  If you know what you're doing you may even want to set up certificates.  

2) If you're on linux you're good to just open a shell and SSH -D (see the detail below) to your home machine and skip to step 3.  If you're on Windows you'll need Cygwin or Open SSH etc.  I have a small Windows app that I wrote to accomplish this in about 800KB if you want to set up on Windows and don't care to install a bunch of stuff.  [If you comment with your email I can send you a copy]

The popular thing is to use -N -L and pick your ports but there's a far easier way for the browser using built-in Sox proxy capability. Using a Sox proxy you can shorten your SSH command and save yourself some head ache and configure your browser more easily.

Execute on your client machine:
ssh -D 9050 [username]@[]
( is the IP or address of your linux box at home which is running SSH)

Your tunnel awaits!  Your session will expire eventually but while SSH is connected you will be able to set up your browser and surf safely using the port you chose.

3) Set your browser to use a Sox proxy at port 9050 (or whatever port you want to default to.  Type in your destination into the browser such as: and voila you're surfing around all sensible precautions and filters.

You can set a specific browser instance (say Chrome or FireFox or IE) to always connect Socks.  This way you can keep your regular browser normal and playing nicely through the firewall and then open your browse-by-home super secret browser and surf like you're on your home network.

Of course this violates all corporate policies we know and love.  It also gives you a taste of what can be done if you let your home network or corporate network get hacked.  You shouldn't use this if you intend to stay compliant with any sensible regulation or policy.  But in a pinch this will get you home-style access from behind the great firewall of China.

You are what you surf so be safe.