SSH tunnel dynamic port forwarding implements SOCKS proxy + HTTP proxy (Privoxy)

1. Summary of the article

• Realization effect : ssh connects to the remote server for network forwarding, and the local service connects to the network proxy
• Environment : windows11/10
• Tools needed : MobaXterm (ssh tunnel port forwarding), Privoxy (socks to http proxy), a cloud server

 Two, steps

1. Use SSH to connect to the remote host from the local computer

Choose one of several methods: 

1. 命令行：ssh -C -N -D LOCAL_ADDRESS:LOCAL_PORT USER@REMOTE_ADDRESS
2. Putty client
3. MobaSSHTunnel in MobaXteam

MobaSSHTunnel

2. Privoxy installation and configuration

1. Download the compressed package version from the official website  http://www.privoxy.org/

2. Modify the configuration file:

• Specify the listening address and port of the HTTP proxy through listen-address. The default privoxy configuration file will have this item.

Its format is: listen-address [ADDRESS]:[PORT] 

The default value is: listen-address 127.0.0.1:8118

• Specify forwarding to socks proxy through forward-socks5

The default privoxy configuration file does not configure this item.

The format supported by forward-socks5 is more complicated, but here it only needs to be simply written as follows:

forward-socks5 / [SOCKS_ADDRESS]:[SOCKS_PORT] .

The position of "/" is a URL pattern, and the matching URL will be forwarded to the socks proxy specified by this project. The value of "/" indicates that all requests are forwarded to the socks5 proxy

For example: forward-socks5/127.0.0.1:9150.

! Note :

listen-address specifies the http proxy listening address to only allow local access to the port, and to allow local area network (LAN) access needs to be set to: listen-address 0.0.0.0:8118

3. Test and use

1. Browser

Chrome + Switchyomega: support socks5 proxy

2. Command line (Powershell)

curl -Uri www.google.com -proxy http://127.0.0.1:8118

The curl command in windows is actually a wrapped Invoke-WebRequest

3. python

Test with urllib3 library

http proxy test code:

import urllib3
import json

proxy_addr = 'http://127.0.0.1:8118'
print(f'代理地址：{proxy_addr}')

proxy = urllib3.ProxyManager(proxy_addr)
resp = proxy.request('GET', 'https://httpbin.org/ip')
print(resp.data.decode('utf-8'))

socks proxy test code :

from urllib3.contrib.socks import SOCKSProxyManager
import json

proxy_addr = 'socks5://127.0.0.1:80'
print(f'SOCKS5代理地址:{proxy_addr}')

proxy = SOCKSProxyManager(proxy_addr)
resp = proxy.request('GET', 'https://httpbin.org/ip')
print(resp.data.decode('utf-8'))

url = 'https://www.google.com'
resp = proxy.request('GET', url)
print(f'返回状态码:{resp.status}')

Four, the pit encountered

1. The ping fails but the browser can connect?

In short, it pingis ICMPthe protocol, which is at the network layer (third layer) , but ssruses socks代理the transport layer (fourth layer) . The upper layer protocol cannot work on the lower layer protocol, so ping fails, but through http (super The text transfer protocol, the application layer protocol, is socks代理higher than the layer number) but can be accessed.

Most of them do not support socks proxy, but support http proxy

2. The socks proxy is enabled for the ssh tunnel, what proxy is enabled for other proxy tunnels?

HTTPS proxy tunnel opens https, WebSocket tunnel opens ws, ICMP tunnel

References

Setting up and using a proxy server-doc document

Detailed explanation of Privoxy tutorial_What is privoxy?_ZhaoYingChao88's Blog-CSDN Blog