Dynamic SOCKS Proxy using PuTTY

 SSH is a powerful tool, and PuTTY is by far my preferred SSH client on Windows. Using SSH, you can use an SSH server as a proxy for any application that will allow you to use a SOCKS-type proxy. Of course, there are a lot of other tunnel types that SSH will allow you to do (X forwarding, remote to local, local to remote, etc), but this type of tunneling is especially useful. I’m posting this mainly because there isn’t a whole lot of documentation out there about this particular topic, and the stuff that did exist wasn’t so clear when I first started using this a few years ago. Without further ado…

Dynamic Proxy Using PuTTY

Requirements:

  • An SSH server that you can login to, and that supports TCP forwarding. By default, OpenSSH ships with TCP forwarding enabled.

Steps:

  1.  Download PuTTY, and execute it
  2. When you open it, on the left side, expand “SSH”, and select “Tunnels”. The screen should look something like so: Putty
  3. Pick a port between 1025 and 65535. We will refer to this as “X”.
  4. Under source port, select “Dynamic”, enter “X”, and then enter “myservername:X” under destination. Click on “Add”, and “D X” should appear under ‘forwarded ports’.
  5. Next, select “Session on the left side. Set hostname to ‘myservername’. Click ‘Open’ to login to the server. Enter your username and password, and as long as the window is open and you’re logged in, the dynamic proxy will be open. You can tell your applications to use ‘localhost:X’ as the SOCKS proxy server to use, and it should work nicely.

Configuring network applications to actually use the proxy is beyond the scope of this document, but its pretty straightforward if there is an option to use such a proxy. Also, this can also be done on Linux/Unix using a commandline SSH client as well, refer to the documentation on how that works.

6 Responses to “Dynamic SOCKS Proxy using PuTTY”

  1. Visaruth says:

    It’s a great wonderfull issue.
    You are right this particular topic have a few information to know (especially for newby like me)

    Thanks a lot…… ^ ^

  2. Jim says:

    Great run through! Worked first time for me. Also decided to name it and save it as a “saved session” so I can just click and go.

    I wrote a similar article using cygwin (or any command line style ssh) here :

    http://www.opssa.net/2009/01/how-to-test-your-website-remotely/

  3. y says:

    In FireFox, don’t forget to go to about:config and set network.proxy.socks_remote_dns to true. Otherwise, DNS will leak out of the proxy, and some places may use DNS servers to enforce blocking of sites.

  4. Truls says:

    There’s no need to add myservername:X as destination, that parameter isn’t used for dynamic port forwarding.

  5. Neat article, I’ve been interested in web security mechanisms for a few years now.

  6. Andreas Huwe says:

    Hello,
    I tried to run a dynamic proxy using the instruction but my java application which should use the proxy makes an error message:
    Error connection to the SOCKS server (192.168.178.6:8888) Winsock error: Connection refused (10061)
    Where is the problem? Maybe the java applicaiotn causes the problem or the proxy server or the final server?

    Bes Regards,
    Andreas

Leave a Reply