Encrypt your web browsing session (with an SSH SOCKS proxy)

WiFiZoneTo download these tutorials for OFFLINE viewing or for archive purposes please (Click here to download)
(Clicking the “.zip” will open the Archive, un-zip the .mht files then use one of the plugins below to view them)

You can open .mht WebArchive files directly inside FireFox Or Google Chrome by installing a plugin

Before you continue please make sure you have read our how to Setup a Personal Home SSH server first.
As without understanding what a SSH server is and how it’s used this tutorial will not make any sense.
Once you are familiar with SSH Servers and Clients then this small tutorial will really help you out!

You’re at an open wireless hotspot, but you don’t want to send your web browsing data over it in plain text.
Or you want to visit a non-work-approved web page from the office computer without the IT team finding out.. sneaky…

Using a simple SSH command, you can encrypt all your web browsing traffic and redirect it through a trusted computer
at your home Today we’ll set up a local proxy server that encrypts your online activity from your Here’s how.

What you’ll need

  • An SSH server to act as your proxy.”SSH server” that allows you to login into it via SSH.
    (Most web hosts allow SSH access to the server) Check with your hosting account (Not Recommended)

So we’ll stick with the best option your home internet connection or a friends internet connection which
is UN-Restricted (i.e A friend in the USA who will let you use his network to bypass blocked websites in the UK)

  • An SSH client on the computer you’re using.Mac and *nix machines have SSH built right in at the command line.
    Windows users can set up OpenSSH with Cygwin. or just use PuTTY (This option is recommended)

How proxies work

In a nutshell, what you’re doing with a proxy is setting up a middle-person between you and the internet. Using the proxy, your browser hands off web page requests to the proxy server, which handles the request and fetches the page for you from the internet. The web site actually thinks the request is coming from the proxy server, not your computer, which is a good way to obscure your originating IP address.

Additionally, the connection between your computer and the proxy happens over SSH, an encrypted protocol.
This prevents wifi sniffers at the coffee shop from seeing what you’re doing online.

For the more visual readers in the house, a (quick and dirty) diagram:

Geek to Live:  Encrypt your web browsing session (with an SSH SOCKS proxy)

Now to Start your SSH tunnel

You’ve got access to an SSH server and you want to start using it as your proxy at work or in public areas.
To do so, you’re going to set up a “tunnel” which passes web traffic from your local machine to the proxy over SSH.

You have two ways of doing this

1. First method and one of the best since the 1990’s is to use a FREE Portable tool called PuTTY
Putty is such a great tool not only is it a completely FREE portable SSH Client! it also is a SSH Tunneler too!

Start PuTTY by double-clicking its icon

When the configuration window opens up select Session (Should be selected by default)
In the Host name or IP Address field enter the IP Address of the SSH Server at your house
In the port field enter the port you setup so you can login to your SSH Server remotely.

Finally make sure SSH is selected under Protocol (Should be selected by default also)

Thats it’ now click Open!


In the new dialog box enter your username and password.

Once you see the prompt, you are connected to the remote computer.
Now all you need to do is enter the following command! really simple!

ssh -ND 9999 username@yourhomeipaddress

replace username with your actual username and yourhomeipaddress with your server domain name or IP address.
What that command does is hand off requests to localhost, port 9999, to your server at yourhomeipaddress to handle.

Note: You noticed the port is different above than when you connected via PuTTY? The port used by putty
was to connect you TO the actual SSH Server via the PuTTY Client, Since you’re now connected TO the server this new
Port command is being controlled from inside the internal SSH Server (Some people get confused about this)

When you execute that command, you’ll get prompted to enter your personal password.

Once you authenticate, nothing will happen The “-N” tells ssh not to open an interactive prompt,
so it will just hang there, waiting. That’s exactly what you want more sneaky this way 🙂

The “-D” option just indicates that we are creating a dynamic port

So what’s option 2?

Decided the best way possible of doing this using a windows machine at work is PuTTY!
So by giving more options it’s going to get messy.. Trust me putty is the only tool you ever need!

If you want to setup a tunnel using putty’s built in tunnel features then follow this tutorial here

We are now at the very last part!

Set Firefox to use SOCKS proxy

Once your proxy’s up and running, configure Firefox/chrome etc to use it.

From Firefox’s Tools menu, choose Options, and from the Advanced section choose the Network tab.
Next to “Configure how Firefox connects to the Internet” hit the “Settings” button and enter this info

Make sure you have clicked SOCKSv5 and entered localhost for the SOCKS host, now enter the port 9999
Remember your letting the SSH Server handle web browsing from here on out! in other words your PC
at home or at a friends house is now the Proxy between work and the network at home.

Geek to Live:  Encrypt your web browsing session (with an SSH SOCKS proxy)

Save those settings and hit up a web page that was previously blocked in the UK.
When it loads, it’s actually coming from the proxy server over an encrypted connection. You’re golden!