Web browsing over SSH

It is possible to configure most browsers to use a SOCKS proxy for outgoing HTTP connections. This makes it possible to forward web browser traffic over an encrypted SSH connection.

The recommended browser for this purpose is Firefox, because it can be configured to resolve DNS names through the SOCKS proxy, so the names of the websites you're browsing don't leak out through DNS queries.

You will need an account at an SSH server which allows you to use port forwarding. Configure Bitvise SSH Client to connect to that SSH server, and enable the SOCKS proxy feature under the Services tab.

In Firefox, configure Bitvise SSH Client as the SOCKS proxy in Tools > Options > Advanced > Network > Connection > Settings. Use Manual proxy configuration, enter under SOCKS proxy, and port 1080. (This is assuming you left SOCKS proxy settings in the SSH client at their defaults.)

Open a blank Firefox tab and navigate to "about:config". Find the setting:


Set this setting to true.

You are now done. Firefox will connect to websites through Bitvise SSH Client's SOCKS proxy feature, and your web traffic will be tunneled over the encrypted SSH connection between your SSH client and the SSH server.

Note that the part of the traffic between the SSH server and the web server(s) will remain unencrypted. By using SSH tunneling, you are shielding your web traffic from prying eyes in your local network or at your local Internet Service Provider. However, the plaintext of your web sessions will now be available to the SSH server administrator, as well as to the ISP through which the SSH server connects to your destination web servers.