Using iSSH and Linux sshd to create SOCKS proxy for Mobile Safari
879 views
Skip to first unread message
Chris
Feb 18, 2011, 11:40:24 AM2/18/11
to iSSH/iX11
First, I want to thank you for creating iSSH. It allows me to take my
Ipad on business trips and keep the laptops at home. The experience
at TSA lines in USA airports is more pleasant now.
I do have a question on using a ssh tunnel to create a SOCKS proxy for
Mobile Safari. I realize there are more straightforward ways to
secure personal web / internet traffic when browsing in coffee shops
with the Ipad (i.e. using hotspotshield VPN service). Nonetheless,
this illustrates the tunneling capabilities of iSSH and I'm caught up
at the moment with this science project ...
So I have a linux server sitting behind by home router / firewall will
all the necessary port forwarding and firewall work in place. I can
successfully launch ssh shells and pull up html from this linux server
while on the internet. I start by creating a tunnel with iSSH. This
effectively implements this ssh command line:
ssh -D 1080 -p 2200 -v us...@my-host.com "sleep 1000000"
I think the appropriate iSSH tunneling settings are:
Local Port: 1080
Remote host: localhost
Remote Port: 2200
The '2200' port is the TCP port on my internet firewall "my-host.com"
whose traffic gets forwarded to the sshd port on my internal linux
server.
To get Safari to use a SOCKS proxy, I found this clever workaround:
http://snipplr.com/view.php?codeview&id=16563
Essentially my web server serves up a .pac file to direct Safari to
use the SSH tunnel established by iSSH/sshd. The contents of
the .pac file are
function FindProxyForURL(url, host) {
return "SOCKS localhost:1080";
}
So when I test this setup I see SSH traffic between the ipad and the
linux server, but no http (odd!) I would expect some HTML traffic
from my linux server and the internet. But I do not see it on
wireshark. I think iSSH/sshd have a functioning tunnel and Safari
is making use of the Socks proxy by the nature of me seeing the SSH
traffic. Still I'm mystified on why I can not see HTML. Yes I
tried clearing the cache / cookies and history so I get fresh page
loads.
I remain suspicious of the security until I do see HTML traffic on the
linux server. I'm wondering if I would see HTML if I change the
remote port to 80 in the iSSH tunnel config?
Ipad on business trips and keep the laptops at home. The experience
at TSA lines in USA airports is more pleasant now.
I do have a question on using a ssh tunnel to create a SOCKS proxy for
Mobile Safari. I realize there are more straightforward ways to
secure personal web / internet traffic when browsing in coffee shops
with the Ipad (i.e. using hotspotshield VPN service). Nonetheless,
this illustrates the tunneling capabilities of iSSH and I'm caught up
at the moment with this science project ...
So I have a linux server sitting behind by home router / firewall will
all the necessary port forwarding and firewall work in place. I can
successfully launch ssh shells and pull up html from this linux server
while on the internet. I start by creating a tunnel with iSSH. This
effectively implements this ssh command line:
ssh -D 1080 -p 2200 -v us...@my-host.com "sleep 1000000"
I think the appropriate iSSH tunneling settings are:
Local Port: 1080
Remote host: localhost
Remote Port: 2200
The '2200' port is the TCP port on my internet firewall "my-host.com"
whose traffic gets forwarded to the sshd port on my internal linux
server.
To get Safari to use a SOCKS proxy, I found this clever workaround:
http://snipplr.com/view.php?codeview&id=16563
Essentially my web server serves up a .pac file to direct Safari to
use the SSH tunnel established by iSSH/sshd. The contents of
the .pac file are
function FindProxyForURL(url, host) {
return "SOCKS localhost:1080";
}
So when I test this setup I see SSH traffic between the ipad and the
linux server, but no http (odd!) I would expect some HTML traffic
from my linux server and the internet. But I do not see it on
wireshark. I think iSSH/sshd have a functioning tunnel and Safari
is making use of the Socks proxy by the nature of me seeing the SSH
traffic. Still I'm mystified on why I can not see HTML. Yes I
tried clearing the cache / cookies and history so I get fresh page
loads.
I remain suspicious of the security until I do see HTML traffic on the
linux server. I'm wondering if I would see HTML if I change the
remote port to 80 in the iSSH tunnel config?
Chris
Feb 18, 2011, 5:29:28 PM2/18/11
to iSSH/iX11
Never mind. I figured it out.
Yes I needed to change Remote Host and Remote port to point to my web
server. And I needed to configure Apache to become a HTTP proxy.
Once I did that, I saw the SSH traffic on wireshark and saw the HTML
traffic and access_log entries..
On Feb 18, 11:40 am, Chris <cvita...@gmail.com> wrote:
> First, I want to thank you for creating iSSH. It allows me to take my
> Ipad on business trips and keep the laptops at home. The experience
> at TSA lines in USA airports is more pleasant now.
>
> I do have a question on using a ssh tunnel to create a SOCKS proxy for
> Mobile Safari. I realize there are more straightforward ways to
> secure personal web / internet traffic when browsing in coffee shops
> with the Ipad (i.e. using hotspotshield VPN service). Nonetheless,
> this illustrates the tunneling capabilities of iSSH and I'm caught up
> at the moment with this science project ...
>
> So I have a linux server sitting behind by home router / firewall will
> all the necessary port forwarding and firewall work in place. I can
> successfully launch ssh shells and pull up html from this linux server
> while on the internet. I start by creating a tunnel with iSSH. This
> effectively implements this ssh command line:
>
> ssh -D 1080 -p 2200 -v u...@my-host.com "sleep 1000000"
Yes I needed to change Remote Host and Remote port to point to my web
server. And I needed to configure Apache to become a HTTP proxy.
Once I did that, I saw the SSH traffic on wireshark and saw the HTML
traffic and access_log entries..
On Feb 18, 11:40 am, Chris <cvita...@gmail.com> wrote:
> First, I want to thank you for creating iSSH. It allows me to take my
> Ipad on business trips and keep the laptops at home. The experience
> at TSA lines in USA airports is more pleasant now.
>
> I do have a question on using a ssh tunnel to create a SOCKS proxy for
> Mobile Safari. I realize there are more straightforward ways to
> secure personal web / internet traffic when browsing in coffee shops
> with the Ipad (i.e. using hotspotshield VPN service). Nonetheless,
> this illustrates the tunneling capabilities of iSSH and I'm caught up
> at the moment with this science project ...
>
> So I have a linux server sitting behind by home router / firewall will
> all the necessary port forwarding and firewall work in place. I can
> successfully launch ssh shells and pull up html from this linux server
> while on the internet. I start by creating a tunnel with iSSH. This
> effectively implements this ssh command line:
>
Dean
Feb 18, 2011, 7:54:04 PM2/18/11
to iSSH/iX11
Yikes! That's twice now someone replied to their own support request
recently. I should probably get on the ball and I apologize for my
late reply. iSSH itself doesn't provide for a SOCKS proxy and it
hasn't been a priority as there is no direct, automatic way to
configure one for MobileSafari (except as shown here) And you solved
that by using an additional machine. Now that I've seen a way to
configure a proxy for MobileSafari, I may add the SOCKS component as
well.
Dean
recently. I should probably get on the ball and I apologize for my
late reply. iSSH itself doesn't provide for a SOCKS proxy and it
hasn't been a priority as there is no direct, automatic way to
configure one for MobileSafari (except as shown here) And you solved
that by using an additional machine. Now that I've seen a way to
configure a proxy for MobileSafari, I may add the SOCKS component as
well.
Dean
Chris
Feb 18, 2011, 11:00:46 PM2/18/11
to iSSH/iX11
No worries !
Anyway I want to propose a slight change on how to get Safari to
utilize the local tunnel. I'm finding the use of the PAC file to be
a bit problematic. I think a more straightforward and reliable way
may be to just use the manual HTTP proxy settings under "Settings ->
Wifi -> <AP Name> -> HTTP Proxy -> Manual" with the server set to
"localhost" and Port set to "1080" in my example.
Anyway I want to propose a slight change on how to get Safari to
utilize the local tunnel. I'm finding the use of the PAC file to be
a bit problematic. I think a more straightforward and reliable way
may be to just use the manual HTTP proxy settings under "Settings ->
Wifi -> <AP Name> -> HTTP Proxy -> Manual" with the server set to
"localhost" and Port set to "1080" in my example.
Reply all
Reply to author
Forward
0 new messages