Web Browsing for the Paranoid

Have you ever longed for a secure connection for browsing the web through an access point that you do not completely trust? In this post I will present a method that, while not foolproof, should definitely give you some piece of mind to know that all of your web traffic is as secure as an SSH connection, rather than being sent “in the clear” or even simply through an encrypted HTTP session.

This post assumes that you meet the following prerequisites.

  • You have downloaded and installed Firefox.
  • You have downloaded and installed the FoxyProxy Firefox plugin.
  • You have a shell account (accessible via SSH) on a remote server.
  • You are using OpenSSH to connect to your shell account.

First, configure FoxyProxy to use a proxy server using the Manual Proxy Configuration. The proxy server should have a Host Name of “localhost” (without the quotes) and listen on Port 8080. Is it a SOCKS proxy? Yes, with SOCKS v5 enabled.

Next, set up URL patterns for the sites that you want to connect to securely. Alternately, you can tell FoxyProxy to Use proxy “localhost” for all URLs if you want to protect all web traffic through Firefox.

Once FoxyProxy is configured and enabled, you will find yourself unable to view any websites! Don’t worry, this is where you will use your remote shell account (you do have one, right?).

Start up a shell session and enter the following on the command line.

 ssh -fND 8080 myaccount@myserver

Substitute your account and server name as appropriate. In the command invocation above, the -f flag will cause ssh to run in the background, the -N flag will prevent ssh from executing any remote commands (such as starting a remote shell), and the -D flag will instruct ssh to act as a SOCKS server that listens for traffic on port 8080 of the local host.

Now you should be able to surf the web with the safety of ssh on your side!