Configuring Firefox to use PuTTY as a SOCKS 5 proxy

This post was published 3 years 25 days ago, so if it contains anything technology-related, keep in mind that this information may have since been superseded or become irrelevant.

While in Qatar, I am unable to visit some of the websites I used to while at home. This is because some websites, depending on content type and other factors, are configured to deny content to IP address blocks originating from certain countries, or allow only US IP address blocks.

Well, I decided to come up with a way to make websites think I am visiting them from my home in Texas, and that is to configure PuTTY to work as a SOCKS 5 proxy and then tell Firefox to talk to PuTTY instead of directly to the Internet. What this means is that all requests made by the browser will be sent over an encrypted SSH tunnel to a remote SSH server, who will then make the requests and send the results through the tunnel back to the browser. And the best part is that you don’t need to install or configure anything on your remote SSH server!

This can also come in handy for people who use Wi-Fi hot spots in coffee shops, airports, hotels or other unsecured, “guest” connections. All browser traffic will be encrypted until it leaves the remote SSH server. It’s kind of like a VPN, but only for browser traffic without as much IP overhead, and a LOT easier to setup.

What is PuTTY? Well, most Linux-lovers who are forced to use Windows as a client OS are mostly likely already familiar with it if not already using it. If this isn’t you, then this article may be a bit cryptic. Discussing PuTTY and how to use it is beyond the scope of this article. Also, this article assumes you have access to an SSH server. If you have PuTTY and are ready, then let’s go!

We will be creating a shortcut which contains the necessary command to launch PuTTY as a SOCKS 5 proxy server. Right-click on your desktop (or wherever) and choose New -> Shortcut. In the location, enter the following:

Of course, replace items in [brackets] with your actual values and make other adjustments as necessary. Also, this assumes that you use public key authentication. You can alternatively specify your password using the -pw option, but this is not secure, as anyone with access to your PC can take a peek at the shortcut properties. I recommend that you learn how to implement public key authentication.

The command line is explained below:

• -ssh
  Tells PuTTY that we will be making an SSH connection
• -C
  Tells PuTTY to compress the connection — this will significantly improve web browsing performance
• -N
  Tells PuTTY not to invoke a remote shell (SSH2 only)
• -D 8080
  Creates a dynamic TCP port on which PuTTY will listen for connections to forward to the remote host

Launch the shortcut, and you should see a PuTTY window with no shell (empty). If so, you can move on to configuring Firefox and Internet Explorer. If not, check the command carefully. If what you have looks like the example above and it doesn’t work, then I don’t know what to tell you — the example above came straight out of my shortcut. Feel free to leave a comment if you want help.

In the address bar in Firefox, enter “about:config” in the address bar and you will see a complete list of configuration directives. In the Filter bar, enter “proxy” to weed out everything that we don’t intend to mess with. Next, make the following changes, making additions where necessary:

• network.proxy.socks = 127.0.0.1
  
• network.proxy.socks_port = 8080
  
• network.proxy.socks_version = 5
• network.proxy.type = 1
• network.proxy.socks_remote_dns = true
  
• network.http.proxy.pipelining = true

The last two directives are important. First, network.proxy.socks_remote_dns = true means that Firefox will send all DNS requests through the proxy instead of resolving them locally. You can leave this off, but then you would “leak” the websites you visit by communicating with the local DNS server. Web browsing would still work and your HTTP traffic will still traverse the tunnel, but it would be wise to hide DNS and send it through the tunnel, too.

Second, network.http.proxy.pipelining = true means that Firefox will be allowed to send multiple requests all at once, thus enhancing web browsing performance. I think this only applies to HTTP proxies and not SOCKS proxies, but it doesn’t hurt to enable it anyway.

I should note that most of the configuration options above can be accessed simply by going to Tools -> Options, selecting Advanced, choosing the Network tab and clicking the Settings button, but not the last two! I figure that since we have to go into advanced configuration anyway, may as well do it all from there. Pick your poison.

Once you’ve set those, now it’s time to try it! It would be wise to close Firefox and re-open it if you’ve just now made those changes. Then you can try to visit whatsmyipaddress.com and you should see the public IP address of the remote SSH server (or its gateway if it’s behind a firewall router). In fact, the IP address you see may even match the host PuTTY is connecting to.

Anyway, if you are seeing a web page with a public IP address, then this shows that the browser can talk to the Internet, and that it is doing so through your tunnel. If PuTTY isn’t working, your browser shouldn’t be able to browse ANY website and will return an error page. If you see the public IP address of your local connection/gateway, and not of the remote SSH server, then you mis-configured Firefox.

You can stop here if you like, but depending on your use, it may be wise to configure Internet Explorer to use the SOCKS proxy as well. Now, you may be asking, “Why do I need to configure Internet Explorer if I don’t even use it?” Well, we aren’t really configuring Internet Explorer, per se — we’re configuring Windows to use a proxy. The reason is that Internet Explorer is an integral part of Windows, and many software applications (i.e. Flash and Java) use the Internet Settings to determine proxy their own settings. Of course, many Internet-capable applications do have their own proxy settings, but they usually default to using the Windows settings.

1. Open the Internet Options from the Control Panel
2. Select the Connections tab, and then click the LAN Settings button
3. Fill the Use a proxy server for your LAN checkbox, and then click the Advanced button
4. Make sure all boxes are blank, end then enter 127.0.0.1 and 8080 for the Socks field
5. Click OK on all dialog boxes, and you are finished

Now you can browse securely from anywhere to your SSH server. But what if you don’t have an SSH server? There are ways of achieving this, one of which would be to ask a geeky buddy of yours for an account on his server. But then you would be chewing up his bandwidth as if you were at his house, and he may not want that. But it doesn’t hurt to ask, and as long as he knows you will respect his bandwidth, he may “hook you up”! Otherwise, you’ll have to seek the solution on your own, as that is also beyond the scope of this article.

From now on, all you have to do is clickity-click on the new PuTTY shortcut we created, and then browse away! Of course, there are other ways of achieving the same thing: you could just run PuTTY and create a new host profile and set the necessary port-forwarding parameters. You could also use openssh and cygwin. This is merely one way. Enjoy!

No related posts.