Comments on: HOWTO: Secure Firefox and IM with PuTTY

By: Putty, SSH, Tunneling (Proxy) by JM

Putty, SSH, Tunneling (Proxy) by JM — Sat, 03 May 2008 20:38:35 +0000

[...] very helpful tutorial on how to use Putty to Tunnel your Firefox activities through an SSH connection — essentially, make it look like your machine is wherever your server [...]

By: John

John — Mon, 10 Mar 2008 19:19:10 +0000

I have this working no problem. However, it will not work from my office. I can setup the SSH connectin from just about any network, but when I try it at work, putty can’t connect to my server….. is there a setting that I can adjust? How can my office admins block ssh on the network?

By: Will Boyce

Will Boyce — Wed, 16 Jan 2008 16:38:23 +0000

Hmm, I did all of the above (well, the necessary steps) as youtube is blocked from my new office, yet is a vital part of most news stories (especially on theregister.co.uk).. So, simple enough, ssh -D.. No joy! ssh hostname -L 8080:proxy:proxy_port works fine, but ssh hostname -D 8080 doesn’t work at all.. Firefox can connect to the proxy, but never loads anything. Anybody got any ideas about this odd behaviour?

By: S

Tue, 27 Nov 2007 17:45:55 +0000

I’ve used SSH tunnel with FF for a while, never knew about the DNS leakage. Kinda worried now. Anyway, I also wondered, why do you have to choose SOCKS(5)? Why not just use http proxy, use same proxy for all protocols? Is this leaking info too?

By: fulanpeng

fulanpeng — Tue, 14 Aug 2007 01:25:05 +0000

I tried out FreeCap working with Putty ssh tunnel for Skype. Skype is extremely aggressive. It can penetrate any firewall without any help of DNS, local or remote. If you just tell Skype to use your Socks proxy, it won’t work. It will go beyond of your proxy and find some other port to reach outside. If you put Skype in your FreeCap, Skype cannot find any other port except the proxy you set up. This way, all of your Skype traffic will go through your Socks tunnel. Also you can grad Firefox into FreeCap. MS Internet Explorer won’t work with FreeCap and Putty Socks tunnel. It uses the local DNS and by pass your tunnel.

Now if you fire the command:
plink.exe -D 7000 your_login@the_ssh_server -P 80 -N -C -pw “your_pass phrase” -i “the_private_key_file_you_created_by_putty_keygen”,
the man in the dark world will have hard time to read your traffic!

By: fulanpeng

fulanpeng — Sun, 12 Aug 2007 02:45:03 +0000

On the command window, you can fire this command. Then configure Firefox to listen to 127.0.0.1:7000

plink.exe -D 7000 your_login@the_ssh_server -P 443 -N -C -pw “your_pass phrase” -i “the_private_key_file_you_created_by_putty_keygen”

assuming you have already put the public key in your home/.ssh directory. Name it as authorized_keys.

By: fulanpeng

fulanpeng — Thu, 09 Aug 2007 19:56:47 +0000

I figured out. Actually there are only 3 portions of the job:
1, set up the ssh server
2, set up the client, putty or ssh
3, set up the browser.

To set up the tunnel, it is done in the second step. As long as the user be able to login from remote, the ssh server job is done. Do not need issue the command on the server side to talk to the client(ssh or Putty). The tunnel is built by the client on the client’s machine. This is hard to understand. Usually, on the server side, the server has to do something to cooperate with the client.
Sounds like Firefox won’t work with Socks4. We have to explicitly tell Firefox to use Socks5.

Now my tunnel is working. The big problem is:
which DNS the browser is using? When I input a wrong DNS on the TCP/IP property, browser won’t find the site. This seems that the browser is still using the local DNS. How do I know the browser is really using remote DNS. I have done the about:config part.

By: fulanpeng

fulanpeng — Wed, 08 Aug 2007 05:39:56 +0000

I set up the Firebox. I setup the ssh server on the server side and Putty on the client side. What should I do with the ssh server? Do I have to issue the command when I have logged into ssh server with the Putty?

After I am able to log in to the ssh server with Putty, then I set up the Firebox. Now the Putty part is confusing. Do we have to log into the ssh server while we are using Firefox? Please help me out! Now my Firefox saying the proxy server is refusing connection.

By: Foxhop

Foxhop — Tue, 07 Aug 2007 21:34:41 +0000

Not only does this tunnel out for privacy, but its an awesome method of bipassing annoying firewalls and site blockers. : )

By: totally superfluous rambling » Blog Archive » WPA Can also be Cracked!!

Thu, 10 May 2007 21:02:44 +0000

[...] I’ll be trying to figure out how to use secure email protocols. I’ve already tried to switch to using SCP instead of Dreamweaver or Filezilla to transfer files (and using Secure FTP when in Dreamweaver). So it’s pretty much just a change in how I do things. And just for my memory more than anything - here is a link to securing Firefox and IM. I’ll be looking into doing that. [...]