Proxy says yes!

There’s nothing more annoying than sitting behind your works proxy and being denied access to your favorite blogging/social websites so here’s a way round it…. Most companies would frown on this kind of activity – tread carefully, you have been warned!!

What you need:

  • A linux server sat at home connected to the net running ssh, change the default port from 22 to 443 (https port)
  • You’ll need the ip address for this machine too

Let’s begin… On your restricted machine install proxychains, (debian based: sudo apt-get install proxychainsrpm based: yum install proxychains), we use proxy chains to channel our command line apps through the internal proxy. Once installed you’ll need to edit the config file which is located (on my machine anyway) @ /etc/proxychains.conf, there’s a couple of minor changes you need to make and an addition, I’ve removed a lot of the commented out options and added my proxy details to the bottom of the script too:

 bash |  copy code |? 
  1. #<!--DVFMTSC--> proxychains.conf<!--DVFMTSC--> <!--DVFMTSC--> VER<!--DVFMTSC--> 3.1
  2. #
  3. #<!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> HTTP,<!--DVFMTSC--> SOCKS4,<!--DVFMTSC--> SOCKS5<!--DVFMTSC--> tunneling<!--DVFMTSC--> proxifier<!--DVFMTSC--> with<!--DVFMTSC--> DNS.
  4. #
  5. #<!--DVFMTSC--> The<!--DVFMTSC--> option<!--DVFMTSC--> below<!--DVFMTSC--> identifies<!--DVFMTSC--> how<!--DVFMTSC--> the<!--DVFMTSC--> ProxyList<!--DVFMTSC--> is<!--DVFMTSC--> treated.
  6. #<!--DVFMTSC--> only<!--DVFMTSC--> one<!--DVFMTSC--> option<!--DVFMTSC--> should<!--DVFMTSC--> be<!--DVFMTSC--> uncommented<!--DVFMTSC--> at<!--DVFMTSC--> time,
  7. #<!--DVFMTSC--> otherwise<!--DVFMTSC--> the<!--DVFMTSC--> last<!--DVFMTSC--> appearing<!--DVFMTSC--> option<!--DVFMTSC--> will<!--DVFMTSC--> be<!--DVFMTSC--> accepted
  8. #
  9. strict_chain
  10. #
  11. #<!--DVFMTSC--> Strict<!--DVFMTSC--> <!--DVFMTSC-->−<!--DVFMTSC--> Each<!--DVFMTSC--> connection<!--DVFMTSC--> will<!--DVFMTSC--> be<!--DVFMTSC--> done<!--DVFMTSC--> via<!--DVFMTSC--> chained<!--DVFMTSC--> proxies
  12. #<!--DVFMTSC--> all<!--DVFMTSC--> proxies<!--DVFMTSC--> chained<!--DVFMTSC--> in<!--DVFMTSC--> the<!--DVFMTSC--> order<!--DVFMTSC--> as<!--DVFMTSC--> they<!--DVFMTSC--> appear<!--DVFMTSC--> in<!--DVFMTSC--> the<!--DVFMTSC--> list
  13. #<!--DVFMTSC--> all<!--DVFMTSC--> proxies<!--DVFMTSC--> must<!--DVFMTSC--> be<!--DVFMTSC--> online<!--DVFMTSC--> to<!--DVFMTSC--> play<!--DVFMTSC--> in<!--DVFMTSC--> chain
  14. #<!--DVFMTSC--> otherwise<!--DVFMTSC--> EINTR<!--DVFMTSC--> is<!--DVFMTSC--> returned<!--DVFMTSC--> to<!--DVFMTSC--> the<!--DVFMTSC--> app
  15. #
  16. #<!--DVFMTSC--> Quiet<!--DVFMTSC--> mode<!--DVFMTSC--> (no<!--DVFMTSC--> output<!--DVFMTSC--> from<!--DVFMTSC--> library)
  17. #quiet_mode
  18. #<!--DVFMTSC--> Proxy<!--DVFMTSC--> DNS<!--DVFMTSC--> requests<!--DVFMTSC--> <!--DVFMTSC-->−<!--DVFMTSC--> no<!--DVFMTSC--> leak<!--DVFMTSC--> for<!--DVFMTSC--> DNS<!--DVFMTSC--> data
  19. #proxy_dns<!--DVFMTSC--> 
  20. #<!--DVFMTSC--> Some<!--DVFMTSC--> timeouts<!--DVFMTSC--> in<!--DVFMTSC--> milliseconds
  21. tcp_read_time_out<!--DVFMTSC--> 15000
  22. tcp_connect_time_out<!--DVFMTSC--> 8000
  23. [ProxyList]
  24. http<!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <proxy<!--DVFMTSC-->−ip<!--DVFMTSC-->−here><!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> 80<!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> <!--DVFMTSC--> Proxy<!--DVFMTSC-->−User<!--DVFMTSC--> Proxy<!--DVFMTSC-->−Password

Once this is in place you should now be able to ssh to your linux box from behind the proxy:

 bash |  copy code |? 
  1. proxychains<!--DVFMTSC--> ssh<!--DVFMTSC--> <!--DVFMTSC-->−p<!--DVFMTSC--> 443<!--DVFMTSC--> username@home<!--DVFMTSC-->−machine<!--DVFMTSC-->−ip

You’ll see something like the following if proxychains is working correctly:

|S-chain|-<>-192.168.1.1:80-<><>-6.224.156.252:443-<><>-OK

6.224.156.252’s password:

So what is going on in the line above? We’re asking our local machine to ssh to the home machine on port 443. Why port 443? Well from my works pc every single external port is blocked, if I want to access anything externally I need to direct traffic through the proxy which has 2 ports open (80 for http access & 443 for https access). We’re also preceding the ssh command with the proxychains command, this directs the traffic via the internal proxy!

So that’s great, you can now ssh to your home linux box which you we’rent allowed to before! Superb, so what can we do with this?

Well to start with you can fire up a browser over your ssh connection using the -X flag on the ssh command:

 bash |  copy code |? 
  1. proxychains<!--DVFMTSC--> ssh<!--DVFMTSC--> <!--DVFMTSC-->−p<!--DVFMTSC--> 443<!--DVFMTSC--> <!--DVFMTSC-->−X<!--DVFMTSC--> username@home<!--DVFMTSC-->−machine<!--DVFMTSC-->−ip

Once connected to your linux box you can then fire up your browser (user@~$ firefox) and start surfing as if you were sat at your home machine (ie no restrictions!!), now I’m excited! It’s probably at that point you will want to jump up and share your ability to access you’re favorite sites with your colleagues – but please refrain from doing this as I’ve mentioned before it’s likely to be frowned upon so the longer you can keep this secret the better!!