Skip to main content

ssh tunnel for web traffic from WiFi Hotspot

Just got my tunnel into my OpenWRT (running White Russian) router fixed so when I'm at a WiFi Hotspot or hotel I can securely tunnel through to my home router and jump off to the Internet from there.

I was making it WAY too hard trying to set up an OpenVPN server on an OpenWRT router, and an OpenVPN client on my laptop, building/signing/distributing certificates, using NTP servers to match time, etc, etc.   Bottom line is OpenVPN may be great between routers, but with a OpenWRT server and an Ubuntu client, I never got it to work.   

Turns out that all you need to do is put up a ssh server on your router at home (OpenWRT uses Dropbear).  Then, if you can ssh into your server from someplace, you can simply configure your browser to use that ssh tunnel as a proxy to reroute your browser traffic.  Works with Putty on Windows as well, but that is for N00bs!  If you are interested, Instructions are below, and it works like a champ for me (although, I haven't tried the Putty side).

First, get a Linksys WRT54GL router (Or WRT54G Version 4 or earlier, seehttp://wiki.openwrt.org/OpenWrtDocs/Hardware/Linksys/WRT54G for details), and install OpenWRT (it runs better than the default Linksys OS anyway, installing OpenWRT will be worth your while), the OpenWRT site walks you through the installation.  

Next, ensure that you have installed an ssh server on your router (Dropbear on OpenWRT running White Russian)---that's it!

To set up an ssh tunnel into your OpenWRT Box, all you have to do is the following:

ssh -D 9999 -C root@whateveryourhomerouteripaddressis.com

The -D switch - Specifies a local “dynamic” application-level port forwarding. We are also adding the -C switch for compression.

Here are the PuTTY Instructions

Next, put these settings into Firefox.

Firefox> Edit> Preferences> Advanced tab> Network tab> Settings button.

Select Manual proxy configuration
SOCKS Host: localhost Port: 9999
SOCKS v5
No Proxy for: localhost, 127.0.0.1


Bring up your browser, and BANG!  You'll be hitting the Internet from your home IP address, no matter where you are.  A side benefit is that you can ssh into your home network to do stuff if you want to! 

Comments

Popular posts from this blog

ADS-B plotting with Kali (and other SDR goodies)

Recently I wanted to try some Software Defined Radio stuff.   
I had a RTL-SDR, FM+DAB, DVB-T USB Stick Set with RTL2832U & R820T. that I got from: http://www.amazon.com/gp/product/B00C37AZXK/ref=oh_details_o04_s00_i00?ie=UTF8&psc=1
But, even though this dongle would break out FM radio stations, and ATC frequencies (like the local Ground Control, tower, and even ATIS), which was cool, it wouldn't break out ADS-B.   
Thus, I bought a Vantech Green Mini RTL2832U R820T DVB-T SDR DAB FM USB DIGITAL TV Tuner Receiver RTL-SDR Project + DAB dongle Tuner MCX Input from Amazon, and tried this.  
This dongle was able to listen to the 1090MHz frequency required for ADS-B (as it goes from 25MHz to 1700MHz).  There were tons of Windows programs out there for breaking out and plotting ADS-B Mode S broadcasts, but not many for Linux.  
For Kali Linux, here's how I got it running and plotting planes around my home:
0) before you start, you should do an apt-get update to ensure you hav…

Beaglebone Black as a Wireless Intrusion Detection System (WIDS)

Recently I have been wanting a wireless IDS (WIDS) to detect nefarious wifi activity.  I also had a Beaglebone Black hanging around that I wanted to put to good use.   This seemed like a perfect match, and indeed it seems to be so!

I did some research on WIDSs, and although there is SUPPOSED to be several out there, nearly all that I seemed to find was commercial and Windows-based products, not something I could use myself.   
About the only exception to that rule was Kismet, so I decided to give that a try.  Kismet is supposed to work as a WIDS, and per its documentation should catch the following attacks:
Kismet supports the following alerts, where applicable the WVE (Wireless Vulnerability and Exploits, www.wve.org) ID is included: AIRJACKSSID Fingerprint Deprecated The original 802.11 hacking tools, Airjack, set the initial SSID to 'airjack' when starting up. This alert is no longer relevant as the Airjac…

Temper Temperature monitor on a Beaglebone Black

Beaglebone Black as a temperature monitor:

Recently I wanted to monitor the temperature of my shed.  I thought I'd use a small computer such as a Raspberry Pi or a Beaglebone or Odroid.

My Raspberry Pi boxes were all in use, so I grabbed my Beaglebone, which was doing nothing.

I flashed it with the Debian9.32018-03-054GB SDIoTimage, but that seemed like it was running lots of bloatware and the ethernet interface wouldn't take a static IP with /etc/network/interfaces.

So I went with the Debian9.32018-01-284GB SDLXQTi image instead.  I still had the same problem, that lots of junk was running, and I couldn't configure my interface by modifying /etc/network/interfaces

So my first step was to get rid of all the bloatware.  If you're using a Raspberry Pi or something, you can skip this and just go to the second step below

STEP 1--Remove Blotatware from Beaglebone Black:

With some searching, I came across this post:
https://www.linuxquestions.org/questions/linux-newbie-8/inte…