Comments on: Protecting your browsing with iPhone SSH tunnels http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/ Because we're damned if we do, and we're damned if we don't! Thu, 04 Mar 2010 04:51:21 +0000 http://wordpress.com/ hourly 1 By: Steve http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-985 Steve Thu, 04 Mar 2010 04:51:21 +0000 http://c22blog.wordpress.com/?p=540#comment-985 What's the advantage of this 3proxy approach over running squid on remotehost, setting up an ssh tunnel using ssh -p 64000 -L 8080:localhost:3128 -l username remotehost -f -C -q -N then setting the manual HTTP proxy localhost:8080 for the iPhone's Wi-Fi setting for the specific network? I've been using this squid approach successfully, but also have 3proxy and am wondering why I should use that. What’s the advantage of this 3proxy approach over running squid on remotehost, setting up an ssh tunnel using

ssh -p 64000 -L 8080:localhost:3128 -l username remotehost -f -C -q -N

then setting the manual HTTP proxy localhost:8080 for the iPhone’s Wi-Fi setting for the specific network?

I’ve been using this squid approach successfully, but also have 3proxy and am wondering why I should use that.

]]> By: Goran Cobanovic http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-456 Goran Cobanovic Sun, 06 Dec 2009 02:25:08 +0000 http://c22blog.wordpress.com/?p=540#comment-456 Great read, will come back for more soon, thanks Great read, will come back for more soon, thanks

]]> By: Cedric http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-441 Cedric Sun, 22 Nov 2009 16:52:08 +0000 http://c22blog.wordpress.com/?p=540#comment-441 Can you give me the name of the hosted VPN service? I'm searching besides 26c3 for a more secure dataconnection of my phone and it's hard to find a reliable and trustworthy service for 30$ Maybe you will add me at twitter @kernelpaniclite so we can DM? Can you give me the name of the hosted VPN service? I’m searching besides 26c3 for a more secure dataconnection of my phone and it’s hard to find a reliable and trustworthy service for 30$

Maybe you will add me at twitter @kernelpaniclite so we can DM?

]]> By: ChrisJohnRiley http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-440 ChrisJohnRiley Sat, 21 Nov 2009 08:20:28 +0000 http://c22blog.wordpress.com/?p=540#comment-440 Due to router issues I went with 2 options. 1 was a Dreamhost server that runs my US SSH server. The other is a hosted VPN service that encrypts from the device to a central server, then directly connects to the web. The service was something like $30 for a year, and at the time it was a lot more cost effective than buying a new router, configuring and setting up the VPN over a weekend before Blackhat. Still, there's plenty of time before next years events to set something up ;) Problem is, iPhone doesn't support OpenVPN (yet). If you've got a DECT eventphone you can call me on extension 2252 (BAKA) or you can catch me on twitter as I'll be using that to setup meeting and posting information about the conference. I'm @ChrisJohnRiley on Twitter. Due to router issues I went with 2 options. 1 was a Dreamhost server that runs my US SSH server. The other is a hosted VPN service that encrypts from the device to a central server, then directly connects to the web. The service was something like $30 for a year, and at the time it was a lot more cost effective than buying a new router, configuring and setting up the VPN over a weekend before Blackhat. Still, there’s plenty of time before next years events to set something up ;) Problem is, iPhone doesn’t support OpenVPN (yet).

If you’ve got a DECT eventphone you can call me on extension 2252 (BAKA) or you can catch me on twitter as I’ll be using that to setup meeting and posting information about the conference. I’m @ChrisJohnRiley on Twitter.

]]> By: Cedric http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-439 Cedric Sat, 21 Nov 2009 07:37:24 +0000 http://c22blog.wordpress.com/?p=540#comment-439 Ah, ok. What are do you have on the endside of the vpn? What hardware or software are you using? Yes, i'm heading for 26c3. Where can we find you?:-) Ah, ok.
What are do you have on the endside of the vpn? What hardware or software are you using?

Yes, i’m heading for 26c3. Where can we find you?:-)

]]> By: ChrisJohnRiley http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-438 ChrisJohnRiley Fri, 20 Nov 2009 23:25:38 +0000 http://c22blog.wordpress.com/?p=540#comment-438 After updating to 3.1.2 I've not had time to re-implement it on my iphone. There is however a new application in Cydia called "Automatic SSH" that is supposed to reconnect SSH sessions that drop. It could be interesting as one of the main issues is the SSH tunnel dropping and then traffic failing. The main reason I've not looked at this further however is the fact that not ALL traffic is protected. For my uses at conferences and the like, even 1 application not following the proxy rules is enough to make problems. I had to bite the bullet and go with a PPTP VPN solution for Blackhat/Defcon (although 99.9% of the time I was using 3G). If you're headed to 26C3 remember to say hi ;) After updating to 3.1.2 I’ve not had time to re-implement it on my iphone. There is however a new application in Cydia called “Automatic SSH” that is supposed to reconnect SSH sessions that drop. It could be interesting as one of the main issues is the SSH tunnel dropping and then traffic failing.

The main reason I’ve not looked at this further however is the fact that not ALL traffic is protected. For my uses at conferences and the like, even 1 application not following the proxy rules is enough to make problems. I had to bite the bullet and go with a PPTP VPN solution for Blackhat/Defcon (although 99.9% of the time I was using 3G).

If you’re headed to 26C3 remember to say hi ;)

]]> By: Cedric http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-435 Cedric Wed, 18 Nov 2009 19:52:04 +0000 http://c22blog.wordpress.com/?p=540#comment-435 26c3 is coming:-) Are still working on a solution for this? 26c3 is coming:-) Are still working on a solution for this?

]]> By: Steven http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-315 Steven Thu, 27 Aug 2009 06:56:12 +0000 http://c22blog.wordpress.com/?p=540#comment-315 Hi. I would to try this, but I am beginner at using the mobileterminal. I don't exactly understand how to place 3proxy.cfg file on the Iphone and run 3proxy. Also, I am using the iSSH on my iphone. Do I just type in the command that you have provided? Could you send me a more detailed set of instructions for a beginner? Thanks. Hi. I would to try this, but I am beginner at using the mobileterminal. I don’t exactly understand how to place 3proxy.cfg file on the Iphone and run 3proxy. Also, I am using the iSSH on my iphone. Do I just type in the command that you have provided? Could you send me a more detailed set of instructions for a beginner? Thanks.

]]> By: ChrisJohnRiley http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-245 ChrisJohnRiley Fri, 03 Jul 2009 03:43:04 +0000 http://c22blog.wordpress.com/?p=540#comment-245 Hi Bob, I can try and help, but I'm going to need some more information. Are you getting any error messages when trying to start 3proxy / SSH / or when you try and browse ? Some points to check. - Connect to your SSH server using a standard SSH command and make sure it connects (using password or PKI) - Run 3proxy without the forward through the SSH tunnel (comment out the parent line) and make sure your requests appear in the 3proxy log (should be somewhere in /var/logs) - Make sure that your terminal program is setup to remain open in the background with something like backgrounder. If you use the new version you can set an icon overlay to show that it's still active. If it's an SSH tunnel problem, but 3proxy is working, then you should get a plain text error page in Safari (not a popup). If 3proxy isn't listening then you'll probably get a popup. You can test this by just running the 3proxy without the SSH tunnel running and you should see the error page. Make sure you've setup the SSH tunnel and it's running before you start 3proxy. If that's doesn't help then shoot me an email (contact)(_at_)(c22)(dot)(cc) and I'll try and troubleshoot. Hi Bob,

I can try and help, but I’m going to need some more information.

Are you getting any error messages when trying to start 3proxy / SSH / or when you try and browse ?

Some points to check.

- Connect to your SSH server using a standard SSH command and make sure it connects (using password or PKI)
- Run 3proxy without the forward through the SSH tunnel (comment out the parent line) and make sure your requests appear in the 3proxy log (should be somewhere in /var/logs)
- Make sure that your terminal program is setup to remain open in the background with something like backgrounder. If you use the new version you can set an icon overlay to show that it’s still active.

If it’s an SSH tunnel problem, but 3proxy is working, then you should get a plain text error page in Safari (not a popup). If 3proxy isn’t listening then you’ll probably get a popup. You can test this by just running the 3proxy without the SSH tunnel running and you should see the error page.

Make sure you’ve setup the SSH tunnel and it’s running before you start 3proxy.

If that’s doesn’t help then shoot me an email (contact)(_at_)(c22)(dot)(cc) and I’ll try and troubleshoot.

]]> By: Bob Jones http://blog.c22.cc/2009/06/21/iphone-ssh-tunnel/#comment-244 Bob Jones Fri, 03 Jul 2009 03:02:39 +0000 http://c22blog.wordpress.com/?p=540#comment-244 Hey Mate, Ive tried this many times :( doesnt ever seem to work for me can some one help me? :D Thanks Bob Jones Hey Mate,
Ive tried this many times :( doesnt ever seem to work for me can some one help me? :D

Thanks
Bob Jones

]]>