Leave a Reply

Your email address will not be published. Required fields are marked *

*

41 Comments

  • Sitwon 5 years ago

    The one thing about SSH tunneling is that not everyone has access their own VPS to SSH to and if you just want to tunnel occasionally it’s silly to pay for a whole VPS.

    My advice: Amazon EC2. You can spin up a server when you need it and spin it down when you’re done. Only costs you $0.085 an hour. A very mall price to pay for privacy on the go, and much better bandwidth than hosting your own on a residential broadband account.

  • Robin 5 years ago

    When you are not able to connect to port 22 because of firewall restrictions, instead of using this “phpbased proxy”, I recommend forwarding port 443 or port 80 on your VPS to port 22, so you can connect to ssh over an open port.

    Personally I have my homeserver running ssh on port 443 at home, so that whereever I am, I can connect to it to tunnel my traffic or access my data.

    Greats from Germany,
    Hope to see you all on 26C3: http://events.ccc.de/congress/2009/wiki/index.php/Welcome

    Robin

  • Great show and great info … thanks.

  • JC Denton 5 years ago

    I use FreeBSD Shell.com. http://www.freebsdshell.com and they allow me to do everything I need to do and it is ultra-cheap. I don’t have to set up nothing

  • JC Denton 5 years ago

    Also I might mention that you can do IRC and your IP is protected along with the fact you have a little node in cyberspace that you can use for offsite backup and can connect from anywhere. I’m currently using it to watch hulu

  • Jakob 5 years ago

    Great episode, some really usefull tips, clean and simple! The episode with OpenVPN ALS was also very nice, using ssh shell for me is just simple enough and basically all I need :)

    I don’t use Xchat, but doesn’t it support SOCKS ? Cause in that case you could just use the -D option. I know mIRC does, I’ve used that myself to tunnel my IRC, FTP and HTTP traffic through my box at home when I’m at school (wifi). A little side-note, I can highly recommend MyEnTunnel, http://nemesis2.qx.net/pages/MyEnTunnel , to establish and stay connected to your shell, if you wanna have a simple GUI.

    Thank for a nice show! Long time watcher, been watching all your episodes since the very first one.

    Jakob from Denmark

  • Jakob 5 years ago

    BTW, I was greeted with some error page when I submitted my post, the 2. captcha thingy, I guess.

  • JC Denton 5 years ago

    I have tried MyEnTunnel, its ok but still restricted. you get way more options and all together better range with the latter I mentioned.

  • Jakob 5 years ago

    JC Denton – I’m not sure what you mean. MyEnTunnel is just a GUI for plink (PuTTy). This app can only do what it is created for, maintaining and creating SSH tunnel(s).

  • JC Denton 5 years ago

    @Jakob yes you are right. What I’m saying is for all around functionality go with what I said. If you have a home server, etc. that type of thing then what you are saying works fine as a gui. So in essence what you are saying is 100% correct for what the app does.

  • For all the Mac heads out there that like things a little more simple…
    Checkout SSHTunnel It’s SSH without the typing…

  • I really loved this episode. It was practical, interesting and very informative.

  • jintoreedwine 5 years ago

    Hey, great episode. One note about using the SOCKS proxy in Firefox. By default, Firefox will NOT use the proxy for DNS lookups! You must configure that in the about:config . Here is an article that briefly discusses it: http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/

    The bottom line is that without that, people would know where you are going, but couldn’t look at the actual data. So I guess this setting is just for the extra paranoid … :)

  • napisani 5 years ago

    at 1:58 – what is that server set up. is it a virtual appliance? can you post the link or email me a link to its site.

  • Jakob 5 years ago

    @napisani – I think maybe it’s the web-config interface (cPanel or Plesk) for his VPS (@domain.com??)

    @jintoreedwine – Yeah great tip, that should really be in the shownotes! You can never get enough security ;)

    I still don’t understand that virtual application thing, does it come in a package with everything that is needed to run it, or ?

  • Allan Levene 5 years ago

    Excellent show. I’ve noticed that they are getting more meaty which is what they should be for a tech channel. If we want to watch fluff, we’d watch the increasingly fluffy news shows, or the E! channel.

    Keep it up.

  • napisani 5 years ago

    @Jakob – the best way to think of a virtual appliance is like a small precompiled operating system with the dependencies already installed for the specific program that you are trying to run.
    for example.
    if you have a web conferencing virtual appliance the web conferencing program might require perl or sql.
    the virtual appliance has all that already installed. Sort of like a specified disk image for the use of one program.
    Hope that helps

  • RGuerra 5 years ago

    The proxy solution(and ssh tunneling) works only if the network admin allows all connections to go through the firewall and the router. I personally only allow our proxy server to go out, and other servers(like update servers, etc). All other machines are restricted inside, they can not even ping the gateway. So if the users change their proxy settings, they will not be able to surf.

  • Wonderful with some SSH-fu. The -D option popping up a SOCKS5 was just so amazing when I discovered it: http://twitpic.com/bt9vi

    Anyway there also was some SSH magic added to the oneclick VNC thing you ran a long time ago, to use it to “call home”:

    http://wiki.hak5.org/wiki/Episode_3x05#OneClick_VNC_Utility

    Next I’m absolutely setting up autossh…

  • marcoveee 5 years ago

    07:09

    disconnect :Unknown command

    Update that ;)

  • Ryonni 5 years ago

    I did the freebsdshell.com as recommended and it was perfect. and very easy too. I’m anonymous and have no problems getting past my work or the uni now. As were I couldn’t before. Thanks for the tip JC Denton

  • Julian Milligan 5 years ago

    Hiya all installed the php proxy script and was able to acsess facebook and btinternet login page , but they would not allow me to log in face threw an error saying make sure your are loging from facebook and not another site i think this is the only draw back from the script or am I doin somthing wrong.

    Julian

  • Ryonni 5 years ago

    @Julian, I had that same issue. You aren’t doing anything wrong. I finally gave up on that and went with a freebsdshell.com account. It just works. Hope this helps

  • Enahs 5 years ago

    Been doing this ssh-fu for a while. In the days of dialup I would create a ssh tunnel (v2 with compression) over my slow dialup to a linux box I had at work. Then I would port forward 3128 from my local linux serv to 3128 on the remote serv which was running squid proxy. It gave me a little speed bump because of the compression plus cacheing.

  • Ryonni 5 years ago

    yeah good ole compression, it works well for dial up, Don’t use on broadband

  • Explicitly wonderful and amazing people
    Need for an expert hacker to talk to him or a member of the team hak5

    my@hotmail.it

  • Nice segment about proxies and ssh tunneling but this is kinda old news. Plus PHPproxy is the worst code out there IMHO. Use Zelune because you can actually cache the cookies needed for Flash video i.e. You Tube works in proxy. Example is my site http://www.blank1.info or no ad mode http://www.blank1.info/final... Look forward to watching rest of episode.

  • Bigmos 4 years ago

    Fatal error: Call to undefined function ctype_alnum() in /var/www/xxxxxxxxx/htdocs/proxy/index.php on line 328

    ERROR PHP Proxy

    What wrong

  • This is the punish Hak5 – Technolust since 2005 » Episode 614 – Firewall evasion, SSH and virtual appliances! blog for anyone who wants to assay out out virtually this message. You observation so untold its nigh exhausting to debate with you (not that I real would want…HaHa). You definitely put a new spin on a message thats been scripted active for years. City squeeze, just high!

  • Excellent post at Hak5 – Technolust since 2005 » Episode 614 – Firewall evasion, SSH and virtual appliances!. I was checking continuously this blog and I’m impressed! Extremely helpful information particularly the last part :) I care for such info much. I was looking for this certain info for a very long time. Thank you and best of luck.

  • Nice post at Hak5 – Technolust since 2005 » Episode 614 – Firewall evasion, SSH and virtual appliances!. I was checking continuously this blog and I’m impressed! Extremely useful information specifically the last part :) I care for such info much. I was looking for this particular information for a long time. Thank you and best of luck.