#MacOsX : SSH SOCKS Proxy (SSH Tunnel Web Traffic)
After PRISM scandal you may feel the need to secure your connection and protect your privacy. Then it is a good idea to tunnel web traffic through a secure encrypted connection. This allows your traffic to traverse a local network without being visible to snoopers, even when visiting unencrypted web sites.
What you need:
- a modern browser like Firefox, Chrome or Safari (they support SOCKS4 protocol)
- ssh client (already installed in Mac Os X)
- a shell account (with ssh access)
If you don’t have a shell account, you can find a free one HERE, or HERE, or HERE, or HERE.
To start the local proxy type:
ssh -D PORT user@host
PORT is a local port between 1024 and 65535 (they do not require super user privileges),
user is the username at the remote machine, and
host is the identifier of the remote host.
That’s not enough, you need to configure the system to use the proxy. Go to
System Preferences > Network > [select active interface] > Advanced... > Proxies and check
Then modify SOCKS Proxy Server info to use the
PORT you chose before.
That’s it! From now on all connections on the active network interface will be tunneled through the proxy. 😎
NOTE1: you may want use proxy browser settings instead of system wide proxy settings, so you can tunnel only part of the traffic (e.g. the most sensitive one). This is easy, but the procedure slightly change between different browsers.
NOTE2: you may need to add the option
-p HOST_PORT if the remote host doesn’t use the standard ssh port 22, e.g.:
ssh -D PORT user@host -p 666