Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Direct ALL android traffic through SSH tunnel [closed]

I am trying to completely conceal all traffic on my phone from the wireless provider.

I would like to do this by directing the traffic through an SSH tunnel to my home router through iptables (not sure if they help?).

The phone is rooted and is running CyanogenMod 7.1 (and is therefore iptables-capable).

I've looked at this question, but I am still sort of shaky on the details. That question sort of describes how to do this for a single port - but how can I do this for every single packet on every single port?

This question is of both practical and academic interest. Thanks.

like image 229
CatZilla Avatar asked Feb 16 '12 22:02

CatZilla


People also ask

Can SSH tunnel be blocked?

With SSH Proxy, PAN-OS firewalls can be configured to decrypt SSH traffic and detect when SSH port forwarding is used. The firewall can then be configured to block the SSH tunneling traffic with a security policy. As a result, this will deny the applications that are tunneled inside SSH.

Is SSH tunnel safe?

Secure Shell, or SSH, is used to create a secure channel between a local and remote computer. While SSH is commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel between computers for forwarding other network connections that are not normally encrypted.

Is SSH tunnel two way?

With Two-Way SSH tunnel you can connect to any destination under a single condition, which is, the ability to ssh login from the destination to the source. If you can do that, you can as well reverse login from source to destination even if it is behind firewall or NAT.


1 Answers

This doesn't solve your use case because this only directs the traffic of firefox, but you don't need root.


TL;DR

  1. Install Termux app on android, EDIT IMPORTANT: Termux does not receive updates on Play Store anymore. Install the application and add-ons from F-Droid instead.

  2. In termux install openssh pkg i -y openssh

  3. ssh into server using dynamic port forwarding ssh user@server -D12345

  4. Install Firefox Beta on android (at this time, plain Firefox doesn't support configuring with about:config)

  5. Open Firefox Beta, and go to about:config

  6. Search proxy

  7. Look for and set the following properties:

    network.proxy.allow_hijacking_localhost: true
    network.proxy.socks: localhost
    network.proxy.socks_port: 12345
    network.proxy.type: 1
    

    make sure network.proxy.socks_port matches with the port in the ssh command above

  8. Done!, you are now navigating through the ssh server on Firefox


Full instructions using ssh-keys

Usage

  1. Open Termux and run ssh user@server -D12345 (or just press Up+Enter if you have run this command previously)
  2. Navigate using the proxy-configured Firefox
  3. Done!, your traffic is going through the server

Install

Setup Android

Termux

  1. Install Termux

  2. Configure ssh client by running the following commands:

    # Ask for storage permission
    termux-setup-storage &&
    # Install openssh
    apt install -y openssh &&
    # Generate an SSH key
    ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa &&
    # Set a password for the private key
    # Get public key
    echo -e '\nCopy the following public key:'
    cat ~/.ssh/id_ecdsa.pub
    
  3. (Optional) If you have access to the server with ssh, then run:

    ssh-copy-id user@server
    

    If not, you need to manually add the public key to the server. This is explained below in the Setup server section

Firefox

  1. Install Firefox Beta - normal firefox might work if you can access to about:config

  2. Open Firefox and go to the url about:config, search proxy and set the following configurations:

    network.proxy.allow_hijacking_localhost: true
    network.proxy.socks: localhost
    network.proxy.socks_port: 12345
    network.proxy.type: 1
    

    make sure network.proxy.socks_port matches with the port used in the ssh command in the Usage section

Setup server

If you succesfully run the command ssh-copy-id there's nothing to do here.
But if not, you need to manually add the public key generated:

echo 'public key' >> ~/.ssh/authorized_keys

In the future I will be keeping this up-to-date here: https://github.com/madacol/knowledge/blob/master/Ssh%20poor-man's-vpn%20on%20android.md

like image 55
Madacol Avatar answered Sep 30 '22 18:09

Madacol