How to Tunnel HTTP with SSH

Tunneling your traffic is the process of sending data, like HTTP, over a different protocol. In this case, we'll show you how to send your browser traffic over the SSH protocol.

So why would you ever want to do this? By tunneling your traffic, you're basically using the destination computer/server as a proxy server. So if you want your traffic to look like it originates from a different location, then this is one way to do it.

For example, certain shows on Netflix can't be shown in the United States for contractual reasons, so traffic tunneling/proxies are used to get around these restrictions.

Setting up the Tunnel

Windows

Download PuTTY (putty.exe). In order to create your tunnel, you'll need an external server to connect to. This could be a home server, company server, or one you rent from a server hosting company.
Once you have a server and an account, open PuTTY and go to Connection > SSH > Tunnels. Enter 8080 in the Source Port box and select the Dynamic radio button. Click Add and D8080 will appear in the Forwarded Ports list.

OSX/Linux

Open Terminal or Console and run the following command:

$ ssh -D 8080 username@example.com

example.com would be the URL of the machine you're trying to connect to (it could also be an IP address).

Some of the more useful flags you can use are -C2qTnN, which have the following affects:

  • C: Requests compression of all data
  • 2: Forces ssh to try protocol version 2 only
  • q: Quiet mode
  • T: Disable pseudo-tty allocation
  • n: Redirects stdin from /dev/null (actually, prevents reading from stdin)
  • N: Do not execute a remote command (doesn't open the shell)

Sending Traffic through your Tunnel

Firefox

In Preferences > Advanced > Network > Settings... select Manual proxy configuration and then add 127.0.0.1 and port 8080 to the SOCKS Host. Make sure SOCKS v5 is selected, and then click OK. This will force all traffic through port 8080 on your local machine, which is the same port your SSH tunnel is listening on. Your tunnel will receive this traffic and forward it on to the server it is connected to.

Chrome

Wrench > Options > Under the Hood (Bonnet) > Change Proxy Settings > LAN Settings. In both cases you need to enable “Use a proxy server for your LAN” and then click Advanced. Add 127.0.0.1 and 8080 into the SOCKS row and click OK.

Resources