Velvet Star Monitor

Standout celebrity highlights with iconic style.

news

http proxy over ssh, not socks

Writer Andrew Henderson

The question is simple, but the answer is not : 

ssh -D 8080 user@host

or 

ssh -gCNf -D 8080 user@host

or

wathever with -D #

I need a kind of proxy that i can use with http_proxy variable, in an embedded device that doesn't support SOCKS.

What should i do?

3

9 Answers

Method 1: Use a HTTP proxy that supports using a SOCKS upstream, e.g. Polipo or Privoxy.

First establish a -D tunnel over SSH like always, then configure the HTTP proxy to use the SSH tunnel – example Polipo configuration:

proxyAddress = "::1"
proxyPort = 8118
socksParentProxy = "localhost:8080"
socksProxyType = socks5

Finally, point the app to Polipo using http_proxy=localhost:8118.

Method 2: Run your program inside the torsocks wrapper (or the older tsocks), which proxies all connections transparently. It was meant for use with Tor, but works with any SOCKS server, including ssh -D.

Method 3: Set up a HTTP proxy on your server, then use ssh -L to access it.

1

Every -D results into a SOCKS server. If your client can not handle SOCKS forget -D.

You must run a HTTP-Proxy on the remote host and forward with -L:

ssh -f -N -n -L8080:127.0.0.1:8080 host
1

I have the same issue that want to use HTTP proxy through SSH. Because many applications only support HTTP proxy, and HTTP proxy is easy to be used in command line environment.

Although searched several pages but I can't find a direct(can be chained with Polipo, Privoxy, or tsocks ) way to do this...

After a days' work, I finished a simple Golang version of HTTP proxy over SSH. Feel free to play with it: mallory.

Currently only support RSA key(located at $HOME/.ssh/id_rsa) and password authorisation.

host is the SSH server address, port is 22 if is not changed by your admin. The server side is just our old friend sshd with zero configuration.

mallory -engine=ssh -remote=ssh://host:port

or with username user

mallory -engine=ssh -remote=ssh://user@host:port

or with username user and password 1234

mallory -engine=ssh -remote=ssh://user:1234@host:port

After connected, a HTTP proxy will serve on localhost:1315.

ssh -L 8080:localhost:12345 user@host

This will open port 8080 on the local machine, and forward all data to port 12345 on localhost, as seen from the remote machine.

1

Run Privoxy at the remote host, then connect via SSH to Privoxy using the -L option:

-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a con- nection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.

(manpage source)

You can also use corkscrew (GPL)

Add the following to your .ssh/config

Host=RemoteServerIP or Name
User=UserLoginName
Port=PortNumber
ProxCommand=/usr/bin/corkscrew Proxy.Adress PortNumber %h %p
1

More detailed instructions for using privoxy, all of this can be run as your own user.

This will create a http proxy at 127.0.0.1:17470 that terminates on remote-ssh-server.

  1. Create a socks proxy at 127.0.0.1:17471 with ssh:

    ssh -f -NT -M -S ~/.ssh/ssh_socket-named-foobar -D 127.0.0.1:17471 remote-ssh-server

  2. Test the socks proxy at 127.0.0.1:17471 with curl:

    curl --silent --proxy socks4a://127.0.0.1:17471 -4

  3. Create privoxy config

    cat > ~/.config/privoxy-foobar.conf <<EOF
listen-address 127.0.0.1:17470
forward-socks4a / 127.0.0.1:17471 .
EOF

  4. Start privoxy which creates an http proxy at 127.0.0.1:17470 which will pass through socks proxy at 127.0.0.1:17471

    privoxy --pidfile "${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/privoxy-foobar.pid" ~/.config/privoxy-foobar.conf

  5. Test http proxy at 127.0.0.1:17470 with curl:

    curl --silent --proxy -4

  6. Kill everything when you are done

    ssh -S ~/.ssh/ssh_socket-named-foobar -O exit example.com # hostname is ignored, so yes it is fine to put example.com
kill "$(cat "${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/privoxy-foobar.pid")"

Notes:

  • You probably would want to change foobar in the commands to some name that makes sense to you, could run multiple proxies with different names like that.

On the isolated system, get proxychains and tmux. and set the last line of /etc/proxychains.conf to tell it you have a socks5 proxy at localhost with port 8080. Then also from the isolated system (and in tmux)

ssh -D8080 you@systemwithinternet

Leave it running, make a new shell in tmux with ctrl-b,c Then run whatever that needs internet access with proxychains like so:

sudo proxychains apt update

You can even detach and leave it going with CTRL-b,d Then you can break the ssh connection to the remote machine: it’ll keep going with the counter-connection still running in tmux.

Reattach later with tmux a to see how it went.

First we need to install polipo to create the HTTP proxy. Head over to the terminal and install it:

sudo apt-get install polipo

Once installed open the polipo configuration file: vim /etc/polipo/config and add the following lines:

socksParentProxy = “127.0.0.1:1337”
socksProxyType = socks5
proxyAddress = “::0”
proxyPort = 8123

Restart polipo:

sudo service polipo restart

Next set up your SOCKS proxy. If you’re already using it you don’t need to perform this step.

ssh -fN -D1337 user@server
2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Similar Journal

View All

What is the strongest fixed location equipment you can obtain at Level 1?

May 2026

What's the best strategy to keep the chaos low?

May 2026

Where do you find slime chunks?

May 2026

How should I distribute my bonus points with my Paladin at level up?

May 2026