Many employers and schools these days monitor their employee’s internet and messaging activity in an effort to increase productivity, among other reasons. While I don’t think their actions are necessarily inappropriate, I don’t think the IT manager at work really needs to know how many times I check my G-Mail account, or which RSS feeds I read. In this tutorial, I’ll show you how to protect your browsing, email, and messaging from prying eyes, no matter where in the world you are, or how elite their configuration is.
You can also use this tutorial to create a safe, encrypted connection when you’re on the road, and have to use a public, unencrypted wifi connection, but don’t want prying eyes to see what sites you’re visiting, or what your credit card number is. All of your data will be safe, and what you do on your breaks or lunch is hidden from people who really don’t need to know that you’re looking for a world of warcraft party in your area, or an alcoholics anonymous meeting.
We’ll be creating a windows based proxy server at your home that uses an SSH Encrypted connection, that will tunnel all of your email, messaging, and browsing traffic. Essentially this means every request your computer makes will be wrapped up in an encrypted package and sent to your home. From there, your home will make the request for you (hence proxy), get the web page you were looking for, wrap it up, and send it back to you in the same encrypted format. No matter who was watching the lines, all they’ll see is an encrypted data stream, not the data, or even what you were trying to get.
Advanced users: Bullet Points throughout the article show core steps that need to be taken, without the fluff.
What you need:
- A Computer (I use a 12 year old Celeron 700 mhz machine) at your
- An internet connection at home
- Some intermediate computer experience
Step 1: Install SSH on your “server”
SSH is an encryption technology that allows information to be transmitted from point A to point B in an encrypted manner. It’s capable of wrapping up pretty much any type of data, which is why it’s so useful here.
- Make sure the Windows user on your server computer is password protected
- Be logged in as that user for the rest of this tutorial
- Download OpenSSH For Windows, and install it:
SSH from SourceForge:
- Open up a Windows Command Prompt and issue the following commands (including the %’s):
cd program filesopenssh
mkgroup -l >> etcgroup
mkpasswd -l -u %username% >> etcpasswd
net start opensshd
The commands above created an SSH user for the Windows User you were logged in as, with that same password. Then it makes OpenSSH a service that it starts whenever you turn on your computer.
Step 2: Install your “Proxy Server’ who will act on your behalf
The proxy server is the piece of software that acts as the middleman for you. You ask your proxy for a web page (privately through the SSH tunnel we just installed), he then goes and gets the web page for you, sends it back via that same secret, private, hidden tunnel).
I’ve seen a couple of articles talking about home based proxy servers, but most of them cost $$$. Well, I’m not a fan of paying for stuff. The best solution I’ve found is FreeProxy, by HandCraftedSoftware. It’s not open source, but it doesn’t cost a dime, and I like that.
- Download FreeProxy and Install it:
FreeProxy, by HandCrafted Software:
- Download FreeProxy Configuration here.
Now that we’ve installed FreeProxy, we need to tell it what type of content to listen for. Fortunately, I’ve done that for you. Download the configuration file above.
- Import Configuration
- Open FreeProxy Control Center
- File > Open > Open ImASupercomProxyConfig.cfg
- File > Save
- Install FreeProxy as a Service:
- Start/Stop Menu > Service Mode > Start
Step 3: Configure your Windows Firewall and Router
Windows and your router both block all but the most common ports by default. you’ll need to free up port 22 on both your router and Firewall.
In addition, you’ll need to turn on “port Fowarding” for your router or DSL modem. Forward port 22 to your Proxy Server (The machine we’ve been working on). I wish I could give you detailed instruction here, but every router is different. This is where those “intermediate computer skills” come in handy.
Step 4: install and Configure Putty Tray
Putty Tray is an extension to the Putty SSH client. Essentially, Putty will take all of the requests that your Web Browser/Instant Messenger makes, and forward them to your proxy server at home, wrapping them in SSH along the way. I use Putty Tray instead of Putty because when you minimize it, it tucks itself away in the system tray.
- Download Putty Tray here.
Putty Tray doesn’t need to be installed. Just save that file where you can always get to it.
- Add listening Ports to Putty
Connections > SSH> Tunnels
Add Destination localhost:8080 and Source Port 80
Add Destination localhost:443 and Source Port 443
Add Destination localhost:1080 and Source Port 1080
- Save your changes, and connect to your server with Putty Tray
- Putty Configuration > Session > Load, Save or delete a stored session
Save your putty session so that you don’t need to make these configuration changes again.
- Enter your home IP address in the Host Name field.
if you don’t know your home IP, you can always get it by going to whatismyip.com. Make sure you know your IP address before you leave home.
- Check the SSH radio button, and click Open
- Putty Configuration > Session > Load, Save or delete a stored session
You’ll be prompted to accept an SSH certificate. Go ahead and do it and then login with your usual Windows login and password (The one you were using when you installed the OpenSSH server in Step 1).
Step 5: Tell your Programs to use your Tunnel
Now you just need to tell your programs to use your SSH tunnel, rather than the open internet connection they would normally. This is done by telling it to use a Proxy Server. Each program is a little different, but most network-useable applications should have a connections Settings page, or Network settings page, that allows you to specify a proxy server to use. Here are some common ones:
When configuring programs, they’ll all use this information:
http server: localhost Port: 80
https server: localhost Port: 80
SOCKS5 server: localhost Port: 1080
you can use the settings above to configure your favorite applications like so:
Tools > Options > General > Connection Settings > Manual Proxy Configuration
Tools > Internet Options > Connections tab > Lan settings > Use Proxy Server for your LAN
Windows Live Messenger:
Tools > Options > Connections > Advanced Settings
That’s all there is to it. Now every request that your browser or Messenger makes will be forwarded to your home first, and then back to you. All information to and from your house will be encrypted. there are draw backs. Your connection could be a little or a lot slower, depending on how fast your home internet connection is. But that’s a small price to pay for privacy, and peace of mind when you’re on the road!
Remember that your ‘server’ must be on in order for you to use it as a secure proxy, and Putty must be open and connected.
What I’ve done is set up Opera to always be configured with my proxy. So I use Opera when I need “secure browsing” and I use IE or Firefox when I don’t care. Talk about the best of both worlds.