FORUMS
Remove All Ads from XDA

[GUIDE] SSH Proxy with ConnectBot and ProxyDroid

23 posts
Thanks Meter: 20
 
By Dr.Tautology, Junior Member on 31st October 2013, 07:25 PM
Post Reply Email Thread
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.

Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.

Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box

The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.

An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
The Following 2 Users Say Thank You to Dr.Tautology For This Useful Post: [ View ] Gift Dr.Tautology Ad-Free
 
 
9th April 2014, 10:32 PM |#2  
Junior Member
Thanks Meter: 3
 
More
I would also add that you need to run connectbot first then run ProxyDroid. If you do it in reverse Connectbot will have problems connecting.
9th May 2015, 08:31 PM |#3  
Senior Member
www.whymacsucks.com
Thanks Meter: 115
 
More
Quote:
Originally Posted by Dr.Tautology

For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.

Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.

Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box

The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.

An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.

I know that this is an old thread but is there any way to ssh-tunnel wifi traffic only ? Especially "untrusted wifi" traffic only?

Thanks
7th October 2015, 07:05 PM |#4  
Member
Thanks Meter: 4
 
More
how to set up connect bot? please can you provide the information in detail?
16th March 2016, 04:13 AM |#5  
Senior Member
Thanks Meter: 51
 
More
Okay so I was using this setup of connect-bot and proxy-droid on kit kat. It was working great. I upgraded my phone to lollipop and connectbot would not port forward (the port data would be crossed out after connecting)

I decided to replace connectbot with ssh tunnel in this config
https://play.google.com/store/apps/d...=org.sshtunnel
it did not work with global proxy in ssh-tunnel so I used proxy-droid like the OP did and it worked.
so basically substituting connect-bot with ssh-tunnel from the OP

setup:
root required
instead of connect-bot configure ssh-tunnel
host= ip address of ssh server
port= 22
user=ssh username
password=ssh passworrd
check use socks proxy box
set proxy port to 56001
do not check global proxy

now configure Proxy droid same as mentioned by OP
Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001
Proxy Type: SOCKS5
Global Proxy: Check the box

this should work great for devices absent of vpn files but have root access
launch and connect ssh-tunnel the proxy-droid. then use a browser to connect to local lan.
I have tested using a rasberry pi running ssh and in sshd_config allowed root access and maybe also tcp forwarding.
I have also tested on dd-wrt 3.0beta with tcp forwarding checked. (ssh is mostly broken/disabled in v2.4)
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes