Jump to content

SSHD for Internet Browsing


digip
 Share

Recommended Posts

Ok. I have Open SSH installed, and I set up and configured everything for the service, as well as my programs I wanted to use with it. I have it working with my web browser, but one thing I was noticed, the browser connects to the internet using the socks 127.0.0.1 7070 as the proxy or Secure Tunnel. All the page data is encrypted, but I can see with Wireshark that it will still get the login and password when doing any http posts to a website as well as see all cookie data. Is there a way to make all traffic encrypted using Open SSH tunnelling, or should I go with something else?

Link to comment
Share on other sites

Are you sure you're asking Wireshark to grab the data actually sent across the wire, as opposed to the local traffic between your browser and the proxy?

All data should be getting the encryption treatment.

Link to comment
Share on other sites

Another thing I noticed is it totally bypassed my Firewall(software). I see local traffic on 127.0.0.1 port 22 in the firewall logs, but it is not picking up any sites I visit in the log(which isnt a bad thing, but how do I know the firewall is protecting my browser and pc). My firewall software will filter ads and popups, but when using this method, the popups and ads get through.

I even set the firewall to connect through the proxy, and they still seem to be getting in(possibly due to returned ssh data, it doesnt see what it normally looks for?)

I would think that the request made from my end would show as garbled data like most of the captured packets on wireshark, but some of the things I am seeing are my passwords in plain text.

Let me look into it this:

Are you sure you're asking Wireshark to grab the data actually sent across the wire, as opposed to the local traffic between your browser and the proxy?

and I will get back to you guys. It may be I just have something not set properly, but wireshark says its the connection from me(my internet ip) and the sites ip address. I see nothing going to 127.0.0.1 in wireshark(which is what I thougt would be there if it was passing the data locally)

Link to comment
Share on other sites

Well, I am at a loss. I can still see most of the traffic that I want to filter out and my firewall does not seem to see the ssh and is bypassing it. All data captured with Wireshark is secure and encrypted except HTTP post and GET methods, as well as email traffic and passwords(except when seleting SSL from the email program pointed to the server I am connecting to that supports secure connections). Also, I can see any css, xml and javascripts in the packets. Just the basic text of the pages seems to be encrypted.

Here is my setup, so maybe I am not doing the setup correctly.

-Installed OpenSSH v3.8.1p1-1

-Added my user groups and passwd files

-Started the service

-Telnet into shell with PuTTY:

PuTTY set up:

- Host Name 127.0.0.1 port 22

- Conenction/SSH/Tunneling : Source Port 7070 (Dynamic),

Destination left blank

-Setup Browser proxy pointed to 127.0.0.1:7070 using SOCKS, not HTTP or others...

So, what are your settings or setup for SSH and what should I change or look into?

EDIT: Forgot to add that I am using Wireshark 0.99.4 (SVN Rev 19757) with WinPcap 4.0beta2

Link to comment
Share on other sites

Here is a packet captured for th forum logins. I have ommited important info, but the userid and password were found using a man in the middle attack. I am not sure if its because I am using vmware to capture the one machine, but I can see about 50% of the data flow unencrypted.:

POST /forums/login.php HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*

Referer: http://www.hak5.org/forums/login.php?sid=x...xxxxxxxxxxxxxxx

Accept-Language: en-us

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Host: www.hak5.org

Content-Length: 60

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: phpbb2mysql_sid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

username=digip&password=xxxxxx&redirect=&login=Log+inHTTP/1.1 302

Date: Wed, 28 Feb 2007 03:00:32 GMT

Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2

X-Powered-By: PHP/5.2.1

Set-Cookie: expires=Thu, 28-Feb-2008 03:00:32 GMT; path=/

Set-Cookie: phpbb2mysql_sid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; path=/

Location: http://www.hak5.org/forums/index.php?sid=x...xxxxxxxxxxxxxxx

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=87

Connection: Keep-Alive

Content-Type: text/html

Link to comment
Share on other sites

.....why are you using SSH?

Several reasons. To encrypt my internet traffic as well as bypass content filtering. I also wanted a secure way to log in remotely to my home box using VNC while on the road without setting up a VPN. A vpn does not give me crontol of the pc, only shared access to specific shared folders.

Also, I could use PC Anywhere, but why pay for them when you have Open SSH and PuTTY to do basically the same when adding VNC?

Link to comment
Share on other sites

a VPN would work better if you want to encrypt all the traffic because you cant set it up so that ALL your traffic has to go over the VPN connection and you can use VNC with a VPN connection...

but all a VPN connection or even a SSH connection does is encrypt if from your computer to your remote computer once it leaves the remote computer it's no longer encrypted.

The idea of using a VPN or SSH was for if you were using unsecured wireless networks at like starbux that's the only thing you really should be worried about.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...