Use Chrome securely from Starbucks via SSH SOCKS

Do you have a server that you can access with OpenSSH? Do you want to be able to browse the web, even non-SSL, unencrypted pages, without others on the network being able to see what you’re looking at or even hijacking your sessions? Given the existence of Firesheep, it is really easy for even unsophisticated users to hijack a web browsing session.

The method I’m presenting is easy and effective. OpenSSH makes this a snap. Your web browsing packets will be routed via an encrypted connection to your server.

Create a SOCKS Proxy Connection on localhost

First, in a terminal, open a SOCKS connection to your server with OpenSSH. Just add “-D 9999″ to your normal SSH command. This will create a SOCKS proxy on localhost at port 9999.

ssh -D 9999 username@myserver.com

Depending on your configuration, you may need to enter your server account password. Whatever your normal authentication is for SSH. This will even open a normal SSH session, you will get a shell prompt on the server like normal. If you do not want a shell prompt, use “-ND” instead of “-D” and the

You now have a proxy on your local computer using SOCKS on port 9999. Now we just need to use it.

Install Switchy! in your Chrome browser

This can be easily found in the Chrome Web Store.

Use your Shiny New SOCKS Proxy

Open the Switchy! Options dialog. Type the a name for this proxy in Profile Name. On the SOCKS Host line, enter “localhost” in the first blank and “9999” for the Port. Click the Save button. You are using a SOCKS proxy running on your localhost.

Then, select the proxy by clicking the Switchy! icon in Chrome and selecting the proxy name you just entered.

You are now using a secure connection to browse the web. Note that someone on the network where your server is hosted can still snoop your traffic, but not in the Starbucks where your are sitting.

Be Sociable, Share!

4 thoughts on “Use Chrome securely from Starbucks via SSH SOCKS

  1. Maybe you could add that if the person chooses firefox, he/she doesn’t even to install extensions. Just go to Edit->Preferences->Advanced->Network->Connection Settings; Fill in “localhost” on Socks Host and “9999” on Port, and you’re set.

  2. What about your DNS queries?
    I know that in firefox there is an option you need to set to be a bit more secure: network.proxy.socks_remote_dns;true

    otherwise an admin that their dns logs will still see which pages you hit.

  3. Absolutely true. With the method I described, an admin can see which sites you visited. This is not important to me, however. If i needed to visit a site without appearing in a DNS log, I would resolve the name on my server over SSH and then make an entry in my /etc/hosts file. But, again, this is not something I personally care about.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>