SSH

SOCKS Proxy

A SOCKS proxy allows us to easily route our internet traffic through a remote server.

This can be really useful where you want to do things like test firewall configurations, geolocation detection and anything else that requires you to be able to make requests from a different IP to the normal office one.

Setting up a SOCKS proxy is very simple, as we can do it with SSH which is already installed.

Scripts

Here are some basic scripts

Start

Simple enough, starts the SSH daemon in the background, connecting to localhost over port 2020 listening for proxy connections on port 1080

1
2
3
4
#!/bin/bash
echo "starting socks proxy daemon"

ssh -f -N -D 0.0.0.0:1080 localhost -p2020

Stop

This is a simplistic approach to finding and killing the running daemon created above

1
2
3
4
#!/bin/bash
echo "stopping"
kill $(ps waux | grep "ssh -f -N -D [0]\.0\.0\.0" | cut -d ' ' -f 6)
echo "stopped"

Systemd Unit

And here is a simple Systemd unit you can use to have the proxy running all the time

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
[Unit]
Description=Simple Proxy
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
ExecStart=/path/to/proxy/start.bash
ExecStop=/path/to/proxy/stop.bash
TimeoutSec=30
Restart=on-failure
RestartSec=30
StartLimitInterval=350
StartLimitBurst=10

[Install]
WantedBy=multi-user.target

Firewall

Warning

You must ensure that the port the proxy is listening on is properly firewalled and restricted so that only we can access it.

Using with Chrome

To use the configured proxy with Chrome, I'd suggest installing Proxy Helper

Warning

I would strongly suggest you make a whole separate Chrome user called "Proxy Test" so that you don't inadvertently route all your traffic through the configured proxy.

In Proxy helper, you need to go to the options and enter the IP address for the server running the proxy and the port number you set the proxy listening on, and then in another tab you need to press the blue icon and select SOCKS to enable the configured SOCKS proxy.

If it spins for ages and eventually fails, you have not configured the firewall correctly.