Today, we are going to learn how to make our own web proxy server on a Windows PC.
Unfortunately (yes, the bad news comes first and early), you'll need a few things to get it going, but I figured that if you're reading this blog, you already have most of the stuff.
Part One: Requirements
This whole project is a Windows-based proxy solution. It will allow you to theoretically connect from with a locked down work environment to a Homemade Proxy server. I realize that there may be better ways to do this using Linux, but this howto is focus for those shackled to the floors of MS.
You can consider this whole project's functionally split between four pieces of software:
-Privoxy: Open source Software Proxy Server for Windows.
-OpenSSH for windows: Open Source SSH Server.
-Putty/PortaPutty: Freeware (close Source) SSH Client.
-Portablefirefox: Portable version of the famous Firefox Browser
-USB Thumbdrive 128MB+
-A PC/Server outside of your work/target area
-Configurable Out-Facing Home Router (/w port forwarding)
-A Working Internet connection
-OpenSSH --> Home PC/Server
-Privoxy --> Home PC/Server
-PortaPutty --> USB Thumbdrive
-PortableFirefox --> USB thumbdrive
-Knowledge of your Proxy Server's internal/external IP.
-Administrative privileges on the proxy machine.
Part Two: Installation and Configuration
1 - First thing's first, install OpenSSH on your PC at home.
2 - Second, Install Privoxy on your PC/Server.
3 - Lastly, we want to "install" PortaPutty and Portable Firefox on that Thumbdrive of yours.
Technically we can use any SSH client and Browser that we want, and of course they don't have to be "portable". I chose the portable version of the application because we can save these settings on the thumbdrive and take it with us, but technically you are not forced to use these programs.
Configuring Putty is a little bit of a doozy. What we're going to do is employ a technique commonly referred to as tunneling. That is we will take a type connection and forward it through a secure connection, namely SSH. The end result being an infrastructure that reroutes regularly blocked traffic to a non-blocked, secured connection as if to tunnel. This essentially gives you the security of SSH at the minimal cost of having a couple of extra steps in your everyday use.
- OpenSSH: Go to OpenSSH's site and download the latest version. Follow the instructions very carefully and make sure you can SSH into your server from another machine on the same network. This will be the most arduous task as this software is quite old and it requires the user to go through a lot of manual steps. Make sure that after you have installed it, the SSHD service is running as the SYSTEM account and make sure that the server is configured to respond on port/socket 443.
-Configure it to run off of port 8118 (default).
-Configure Privoxy to run as a Service.
-Click on Saved Sessions and type in a name
-In the Host Name area enter the IP Address of your PC/Server
-In the Port area, enter 443
-Select SSH as the Protocol
-Select the named profile and click on the save button.
-Go to: Connections--> SSH-->tunnels.
-In Source Port type: 8118
-In Destination type: 127.0.0.1:8118
-Select the options (Local, Auto).
-Go back to the sessions section
-Highlight "inside" and click save.
You have now configured your putty to reroute all of your PCs 8118 traffic to the server you're connecting to on port 8118.
-Go to -->Tools -->Options, click on Connection Settings
-Select Manual Proxy Configuration
-In the HTTP Proxy input box, type: 127.0.0.1
-In the Port input box, type: 8118
You have no configured your portable firefox browser to seek web traffic at your proxy server's location and not it's default.
Testing the Proxy:
-Open up Putty
-Select the named profile
-Open up your Firefox and check the proxy settings.
-See that you can surf on the net.
If so then you have configured your Proxy correctly. To double check this statement, log into the proxy server and stop the privoxy software.
Congratulations, you have successfully configured your own web proxy server! In the next installment, we will elaborate on tunnel ANY kind of internet traffic through SSH (requests for specific apps/setups are welcomed).
Please note that circumventing your company's firewall or using this knowledge in an illegal manner (as determined and described by the owners of the PC you are going to apply this to) is not condoned by codescribes.