Thursday, December 15, 2011

Slinging yourself around the internet

Sometimes your need to use the Internet, but you have a connection you can't exactly trust (coffee shop and hotel wifi come to mind).  In other situations you may feel a need to hide your real IP address, possibly for security reasons.

There are more than a few tools which you can use to do these sort of things.  This post will focus on some of the more popular tools.  I am assuming that you are both running Unix of some kind or other, and know how to use it.  There probably are equivalent tools for Windows, but I am not familiar with them.

I am not going to tell you exactly how to install each and every one of these tools, because it varies from system to system, but I will provide basic information about how to use them.  I also suggest verifying that things are actually working before moving any sensitive information.

Additionally, these tools only work for TCP connections.  UDP will not work.

SSH Tunnels
If you have a Unix system, you probably have SSH installed.   People usually use it  to connect to other machines (pretty much as as an encrypted replacement for telnet) or to copy files from one machine to another.

SSH has a feature that even extremely skilled people are not always familiar with.  You can open a tunnel across the SSH session to another host.  When you start up the tunnel, it opens a port on your local machine.  If you connect to this port, the connection runs across the ssh connection and out the machine you connected to, to a host and port combination you specified when you created the tunnel.

Picture this scenario: you're out of town, and you want to take a look at your bank's web site.  Your only internet connection is an open wifi network, and having played with a sniffer or two in your day, you not want to send your banking information across such a network.  Back at home the router connected to your cable modem is configured to forward SSH to one of your computers (and a dynamic dns entry to go along with it), and a computer running a SOCKS proxy on
You fire up a terminal window and type:
ssh -L1081: , and then log in as normal.  After that, you configure your web browser to connect to a SOCKS proxy running on port 1081 on your local machine, then browse away.  

Everything your browser does now runs across your strongly encrypted SSH connection.  

It is important to note that you can use tunnels for a lot of things other than SOCKS proxies.  If you want to lock down access to a web based application, you can make a white list consisting of a single host and then open tunnels through that machine.

You now know how to run your applications which allow you to specify a proxy across a tunnel, but not all applications allow you to do that.  This is where a handy tool called  proxychains comes into play.

Proxychains is a pretty powerful tool, it actually allows you to run your connection through a series of different proxy servers.  However, this complexity is outside the scope of this post. If you simply specify a single proxy server (in this case localhost and the port you've opened) in the [ProxyList] section of the config file.  This is enough for basic functionality.

Once this is done, simply type: proxychains [command].  Your application will now seamlessly run across the proxy.

TOR, or The Onion Router is an anonymity tool originally developed by the US Navy, later the EFF, and currently by the TOR project.  While the technical details of how TOR works should be read about by the user, all that will be mentioned in this post is that TOR encrypts traffic and conceals its source.  When TOR is up and running on a system, it starts a SOCKS proxy that listens on port 9050.  If you point a SOCKS aware application at that port, it should go across the TOR network.
There is a tool similar to Proxychains called torsocks.  It is also used in a very similar manner (torsocks command).

You now have a basic idea of how to securely tunnel through part of the Internet to another part.  Please be aware that a good number of these tools are under constant development, so they may not behave exactly as specified.  The important things to grasp are the concepts of tunnels and proxies.  If those are understood, you should be able to correct for any minor differences encountered.

No comments:

Post a Comment