1/31/2007

How to make your own Web Proxy: Parts I and II

Today, we are going to learn how to make our own web proxy server on a Windows PC.

Unfortunately (yes, the bad news comes first and early), you'll need a few things to get it going, but I figured that if you're reading this blog, you already have most of the stuff.

Part One: Requirements

This whole project is a Windows-based proxy solution. It will allow you to theoretically connect from with a locked down work environment to a Homemade Proxy server. I realize that there may be better ways to do this using Linux, but this howto is focus for those shackled to the floors of MS.

You can consider this whole project's functionally split between four pieces of software:
-Privoxy: Open source Software Proxy Server for Windows.
-OpenSSH for windows: Open Source SSH Server.
-Putty/PortaPutty: Freeware (close Source) SSH Client.
-Portablefirefox: Portable version of the famous Firefox Browser

Hardware Requirements:
-USB Thumbdrive 128MB+
-A PC/Server outside of your work/target area
-Configurable Out-Facing Home Router (/w port forwarding)
-A Working Internet connection

Software Requirements:
-OpenSSH --> Home PC/Server
-Privoxy --> Home PC/Server
-PortaPutty --> USB Thumbdrive
-PortableFirefox --> USB thumbdrive

User Requirements:
-Knowledge of your Proxy Server's internal/external IP.
-Administrative privileges on the proxy machine.

Part Two: Installation and Configuration

Installation

1 - First thing's first, install OpenSSH on your PC at home.

2 - Second, Install Privoxy on your PC/Server.

3 - Lastly, we want to "install" PortaPutty and Portable Firefox on that Thumbdrive of yours.

Technically we can use any SSH client and Browser that we want, and of course they don't have to be "portable". I chose the portable version of the application because we can save these settings on the thumbdrive and take it with us, but technically you are not forced to use these programs.

Initial Configuration

Configuring Putty is a little bit of a doozy. What we're going to do is employ a technique commonly referred to as tunneling. That is we will take a type connection and forward it through a secure connection, namely SSH. The end result being an infrastructure that reroutes regularly blocked traffic to a non-blocked, secured connection as if to tunnel. This essentially gives you the security of SSH at the minimal cost of having a couple of extra steps in your everyday use.

- OpenSSH: Go to OpenSSH's site and download the latest version. Follow the instructions very carefully and make sure you can SSH into your server from another machine on the same network. This will be the most arduous task as this software is quite old and it requires the user to go through a lot of manual steps. Make sure that after you have installed it, the SSHD service is running as the SYSTEM account and make sure that the server is configured to respond on port/socket 443.

Privoxy:
-Configure it to run off of port 8118 (default).
-Configure Privoxy to run as a Service.

Putty:
-Click on Saved Sessions and type in a name
-In the Host Name area enter the IP Address of your PC/Server
-In the Port area, enter 443
-Select SSH as the Protocol
-Select the named profile and click on the save button.
-Go to: Connections--> SSH-->tunnels.
-In Source Port type: 8118
-In Destination type: 127.0.0.1:8118
-Select the options (Local, Auto).
-Go back to the sessions section
-Highlight "inside" and click save.

You have now configured your putty to reroute all of your PCs 8118 traffic to the server you're connecting to on port 8118.

Portable Firefox:
-Go to -->Tools -->Options, click on Connection Settings
-Select Manual Proxy Configuration
-In the HTTP Proxy input box, type: 127.0.0.1
-In the Port input box, type: 8118

You have no configured your portable firefox browser to seek web traffic at your proxy server's location and not it's default.

Testing

Testing the Proxy:
-Open up Putty
-Select the named profile
-Click connect
-Log in
-Open up your Firefox and check the proxy settings.
-See that you can surf on the net.

If so then you have configured your Proxy correctly. To double check this statement, log into the proxy server and stop the privoxy software.

Congratulations, you have successfully configured your own web proxy server! In the next installment, we will elaborate on tunnel ANY kind of internet traffic through SSH (requests for specific apps/setups are welcomed).

Please note that circumventing your company's firewall or using this knowledge in an illegal manner (as determined and described by the owners of the PC you are going to apply this to) is not condoned by codescribes.

Resources:
http://www.hackaday.com/2005/08/31/how-to-ssh-http-proxy-setup/

7 comments:

Matt Perry said...

Thanks, this guide helped!!

Blademonkey said...

hey no problem. Glad it's of use to someone.

Matt Perry said...

Very useful! I have to do a video project in school, and the county blocked all video sites. ^^

Blademonkey said...

ahh censorship, the mother of all hacks.

GeorgeR said...

Thanks, this is a great help :D.

Check out my blogs too, tell me what you think:
http://www.gadgetmeguru.blogspot.com
http://www.gamereviewsguru.blogspot.com
http://www.newsofwhat.blogspot.com
http://www.sportsnflguru.blogspot.com
http://www.sportsfifaguru.blogspot.com
http://www.mortalkombatguru.blogspot.com

Rob Reid said...

Creating your own proxy server is good but even simpler is creating your own web proxy.

You could host the page on your PC at home (as long as its setup as a server) or on a site you own or rent a domain etc.

You enter a URL, the site uses some server side code to get the content and parse all the links/src atts to go through the proxy and then any further surfing from that page is also proxified.

A simple web proxy you can use it located here:

http://www.darkpolitricks.com/2009/12/create-your-own-web-proxy-server/

There is an example, and the code is one simple PHP page you locate on a domain you can access from work/school etc.

tuckactives said...

Hi,

Am a student and want to do a proxy software for my project.
I have a suggestion to write a proxy application that installed on client pc and communicate with a VPS server.
User can connect via username and password and can send some request to server via the application.
For example they can ask from the server to unblock some special site for them,that usually is forbidden for other or another service.
In server Admin should to manage user request,user service,user info and so using radius authentication system...
I want to see if it possible and how much you will charge me.
mail me at dzzl_dizzle@yahoo.com if you can.


please
Thank You
Vin