Whenever you are away from home and are using a free or open access internet connection, you are taking many risks that you might not be aware of. For instance, capturing web traffic of users at an open WIFI hotspot is insanely easy to do using aircrack-ng. Furthermore, there are various ways to orchestrate a man-in-the-middle attack on both wireless and wired connections (WIFI Pineapple, ARP poisoning, DHCP Exhaustion, etc.) These attacks are fairly simple to implement and the victim will never know that they are being attacked. The lesson to be learned is that any network that is “out of your control” is to be considered “hostile”.
If you need to use a hostile network to connect to the internet, you should tunnel your web traffic through a “trusted” network, such as your home network. There are 2 ways that you could do this: VPN or SSH. It’s easier to setup SSH on a machine at home and doesn’t require the end user to have a private certificate, so it’s the most convenient to use too. By tunneling your traffic through SSH, you are eliminating the possibility of someone conducting a man-in-the-middle attack and capturing your web traffic. I would highly recommend tunneling your traffic through a “trusted” network whenever you must use a “hostile” network to access the internet, such as WIFI hot spot or free internet access at a hotel.
Here’s how you can tunnel your traffic:
1.) SSH to your trusted network
ssh -fND localhost:$PORT username@my_trusted_network.com
This creates a tunnel to your trusted network (my_trusted_network.com) with your credentials (username) that only your own machine can use (localhost) on the port specified ($PORT). Once you are logged in, the SSH process will be in the background and the SSH tunnel to your trusted network is established.
2.) Configure Firefox to use the SSH tunnel for web traffic
Open Firefox, at the top menu bar click Edit –> Preferences. Click the Advanced option at the top. Select the network tab and click the Settings button next to “Configure how Firefox connects to the Internet”.
Select “Manual proxy configuration”. In the SOCKS Host text field, enter localhost and in the Port text field, enter whatever port you specified in $PORT when you established your SSH connection. Click OK to close the Connections Settings window, and then click Close to close the Firefox Preferences window. Your web traffic in Firefox will now be tunneled through your trusted network.
3.) Configure Firefox to use SSH tunnel for DNS
Even though you are using SSH to tunnel your web traffic, you are still vulnerable to a DNS man-in-the-middle attack. Also, if your DNS requests aren’t tunneled, the operator of the hostile network can still see where you are navigating to on the web when your client makes DNS requests to resolve hostnames to IP addresses. For these reasons (and for many others), it’s a good idea to tunnel DNS through your SSH tunnel too.
In the Firefox URL address bar, enter about:config. At this point, you may receive a warning from Firefox, which you will need to click through to get to the next step. In the Filter text field, enter network.proxy.socks_remote_dns. Double-click on the network.proxy.socks_remote_dns entry to set the value to true.
4.) Verify that both your web traffic and DNS are being tunneled through your SSH connection
To verify, run tcpdump:
tcpdump -i <interface> -v
Verify that all network packets from Firefox are being sent through your SSH connection.
1.) Tunneling Firefox traffic over SSH
2.) Tunnel Web and DNS Traffic Over SSH