What can SOCKS Proxy Do and How to Create ?

fahad

Member
I thought Socks Proxy Server can encrypt connections. Can it ? I tried

Guess xxx.xxx.xxx.xxx is my vps IP.


ssh -f -N -D xxx.xxx.xxx.xxx:1080 xxx.xxx.xxx.xxx
And I can connect to the proxy from my pc ! :)

But when i tried Wireshark to read datas , I got all datas !!!

I tried to login in a site which has no ssl and after login i check the Wireshark file and got the ID and password ! :(

Am i doing wrong ?
 

scv

Massive Nerd
Verified Provider
SOCKS is NOT encrypted. Use OpenVPN or IPSEC for reliable encrypted tunneling.

Do note in your example you're using the SSH SOCKS server. The data is encrypted via SSH once it leaves your machine, but it will remain unencrypted once it leaves the remote server.
 

fahad

Member
SOCKS is NOT encrypted. Use OpenVPN or IPSEC for reliable encrypted tunneling.

Do note in your example you're using the SSH SOCKS server. The data is encrypted via SSH once it leaves your machine, but it will remain unencrypted once it leaves the remote server.
IPSEC is cool i think . Any tuto you have for Ubuntu12.04 ? And About pptp vpn , it can encrypt contents , right ???
 

scv

Massive Nerd
Verified Provider
PPTP is not secure, the crypto is very weak. Only advantage is it's widely supported. IPSEC is only useful for a point to point tunnel on its own - for a generic VPN setup you'd need something like L2TP or GRE underneath it. There are many different ways of setting it up.
 

drmike

100% Tier-1 Gogent
I thought Socks Proxy Server can encrypt connections. Can it ? I tried

Guess xxx.xxx.xxx.xxx is my vps IP.




ssh -f -N -D xxx.xxx.xxx.xxx:1080 xxx.xxx.xxx.xxx
Am i doing wrong ?
A SSH socks based connection IS ENCRYPTED.  Unsure what you are isolating with Wireshark, but it isn't the 1080 SSH tunnel.  It's pre-tunnel or post tunnel.
 

wlanboy

Content Contributer
A SSH socks based connection IS ENCRYPTED.  Unsure what you are isolating with Wireshark, but it isn't the 1080 SSH tunnel.  It's pre-tunnel or post tunnel.
Browser <-> localhost <-> ssh tunnel <-> server <-> internet connection <-> external website

Just the ssh tunnel is encrypted. The traffic between browser and the ssh tunnel tcp port is not encrypted.

The red connections can be sniffed.
 

drmike

100% Tier-1 Gogent
Yeppers @wlanboy, good visual.

Just so everyone doesn't get antsy -- SSH TUNNELS are encrypted.  Yes you have plaintext info on your local computer or network prior to that tunnel and where the packets land remotely, unencrypted.

Same vulnerability points exist for VPN.
 

fahad

Member
Browser <-> localhost <-> ssh tunnel <-> server <-> internet connection <-> external website

Just the ssh tunnel is encrypted. The traffic between browser and the ssh tunnel tcp port is not encrypted.

The red connections can be sniffed.
If i do this :

From putty , Tunnel by 1080 port. After login to the server by that ssh and open a tunnel there too by


ssh -L 1080:IP:1080 [email protected]
1.Then if i connect firefox by 127.0.0.1:1080

2.Then If i connect firefox by IP:1080

What will hapen then ??
 
Last edited by a moderator:

wlanboy

Content Contributer
Won't work because ip:1080 is not a public service (and should never be).

But you should trust your local network.
 
Top