SOCKS Proxy Over SSH: If you have access to SSH, then you have access to run your own proxy server

Back in May we looked at how to setup Access Controls with NGinx. I didn’t mention how I test it though. In order to test the different rules, the requests needed to originate from different IP ranges, which in turn meant that I would need to send the requests from different networks. As I find the idea of fidgeting with cables or hotspots to be more than slightly annoying, I opted to tunnel request out of my internal network using a SOCKS proxy.

If you have access to an SSH server, you can turn it into an adhoc SOCKS proxy with one command. Our proxy can then be used to tunnel HTTP, and HTTPS, amongst other protocols.

ssh -D 8080 jdoe@example.com

Here, we start an SSH session as jdoe to the server at example.com. Additionally, the -D 8080 tells SSH to bind to port 8080 on the local machine and to proxy requests through the remote server.

At this point all that is left is to direct your browser to use localhost:8080 as a SOCKS proxy. As this varies from browser to browser, I’d suggest Googling to find out how to configure your particular browser.

With this change, your traffic will now appear to originate from the remote server.

Quick addendum: I’ve also used this technique more than a few times to verify that deployed sites didn’t inadvertently refer to assets stored on internal servers.