Hide Traffic with SSH


SSH Packet ExampleSecure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. SSH was designed to replace Telnet (an insecure shell), now nearly all Unix based computers use SSH to access their shell accounts. SSH uses Public-Key encryption, thus enabling it to provide confidentiality and integrity of data over an insecure network like the Internet.

So you can hide your shell commands, nice, but how does this allow me to hide my traffic. SSH can do much more then just remotely login to machines, it supports tunnelling, TCP port forwarding , file transfer and X11 connections. So for this tutorial I’m going to discuss using SSH to tunnel and port forward enabling us to encrypt our data across the Internet.

Now most of you reading this will probably want to know how to hide your web traffic form your system administrators, we  we can do in windows this by using PuTTY to create a secure tunnel to a remote server, the remote server will then retrieve the requested website and return it to your via the secure tunnel, this means any web monitoring/blocking software will not be able to see what your up-to and therefore will not block you.

1. First of all you’ll need PuTTY, you can download it for free from here. There is no install just runt the putty.exe and enter the connection details into the first page:

Host Name (or IP Address): The address of the server your going to establish your remote connection to.

Port: The port your server uses for SSH usually 22.

Connection Type: Leave at SSH

Saved Sessions: If you want to save the session, leave this along for now.

PuTTY Config Page

2. Now you have entered your connection details its time to setup the proxy, on the left hand side of PuTTY go-to SSH>Tunnels. You will now see the tunnel config page:

Forwarded Ports: This shows all the ports used for the tunnel

Source Port: This is the port we are going to hide our web traffic in, set this to 7070.

Destination: This is the address of the client computer, use 127.0.0.1

Set the button to Dynamic and Auto then click the Add button.





3. Now click the open button. This will open a new SSH connection with a secure tunnel to the remote host. You will need to login to the server using your Username and Password before you can tunnel any traffic to it. Once you are connected you need to make your Web Browser use the new tunnel, I’m going to use FireFox for this but all the browsers have similar settings for this.

Go to Tools>Options>Advanced>Settings Button

Select “Manual Proxy Configuration”

SCKS Host: 127.0.0.1

Port: 7070

Ensure SOCKS v5 is selected and click OK.

And that’s it, all your web traffic will now go through the secure tunnel. To test this you can try going to a web page that supposed to be blocked. Also if you disconnect the PuTTY connection you will not be able to browse the Internet, this is because FireFox can not  direct traffic through the proxy anymore. To solve this go back to your proxy settings and select “Use System Proxy Settings” and click ok, this will return FireFox to its normal.

Great now you can hide your web traffic, but at the beginning I said traffic and not just web traffic. Well you with SSH and Linux you can encrypt any traffic in in a similar way the command is:

sudo ssh root@127.0.0.1 -L *:80:www.google.com:80 -N

What this says is make a connection to 127.0.0.1 and tunnel all traffic from port 80 to www.google.com on port 80, so anyone that tries to navigate to your server will receive the google homepage, via a secure tunnel.

You can also use this to make other secure connections, lets try email:

sudo ssh root@127.0.0.1 -L *:110:mail.domain.com:110 -N

This will now route POP3 traffic between you and your email provider, just enter your address(127.0.0.1) into your mail client and your done.

You can also use this method to get passed firewalls, say for some reason your firewall has blocked POP3 Traffic but not blocked port 7070, well you could use:

sudo ssh root@127.0.0.1 -L *:7070:mail.domain.com:110 -N

This will now securely tunnel data from port 7070 to your email server on the correct POP3 port.

If you want more information on SSH Tunnels check out these great resources:




Please Leave any Comments or Feedback.

, , , , , , , , , , , , , , ,

Comments are closed.