How to get SOCKS + SSH Tunneling over HTTP Proxy on iOS

ios tun 300x292 How to get SOCKS + SSH Tunneling over HTTP Proxy on iOS

SSH Tunnel over HTTP Proxy: iPhone, iPad and iPod Touch

This article assumes you have some knowledge of SSH, so I will not explain any basic terminology. Read the SSH manual first.

I needed a way to get secure networking on my iPhone and iPad. Unfortunately my connection does not play well if I use a normal SSH tunnel. The reason for this is because there is no easy way to specify an SSH tunnel to use the ISP’s required HTTP proxy.

This solution is for you if your ISP forces you to use a HTTP proxy but you still want an SSH tunnel. Requires a jailbroken device!!

 

SOCKS + SSH on iPhone/iPad
Only follow this guide if your ISP require you to use their own HTTP Proxy

 

Setting up an SSH tunnel over HTTP proxy

 

1. Download this .pac file (made by Thireus). You can make your own .pac file if you want.

2. Edit the .pac file and change it so that “var normal = SOCKS 127.0.0.1:1080″. You may use any port, but I will stick to 1080 in this tutorial. Rename the file to “proxy.pac”.

3. SSH into your iOS device, or use an application such as iFile, and place the .pac file in this location: /private/var/root/proxy.pac. Make sure that this file can be read, written and executed by root. This option will be in ‘access permissions’ in iFile.

I believe some older versions of iOS do not support local .pac files. In this case, put the .pac file in some publicly accessible place on the internet. Version 5.0+ of iOS works fine.

 

Install common Unix commands – You will use the power of unix that forms the base of iOS

4. Go to Cydia and install the following: connect.c, MobileTerminal, OpenSSH, inetutils, and screen. Optional: Automatic SSH.

5. In iOS go to: Settings/Network/Wifi/<your network>
Under ‘HTTP Proxy’ add “file:///private/var/root/proxy.pac”. This means MobileSafari and other apps will use this setting. In other words it serves as a SOCKS option for all apps!

So now your apps can connect to localhost:port which is running your SSH tunnel. However, this is not enough because your ISP may force you to use a HTTP proxy (or any other type of proxy).

 

Configure the HTTP proxy using connect.c

6. In iOS, go to: /etc/ssh/ssh_config. Open in a text editor (eg. iFile) and add the following line:

Proxycommand connect -H <my_isp_proxy>:<port> %h %p

You should change <my_isp_proxy> to the HTTP proxy that you are forced to use, and <port> to the port that it uses.

If you are not using a HTTP proxy then consult the connect.c documentation for alternative commands.

Notice: You may need to comment out this line when you do not want to use the HTTP proxy. Again, use iFile for this.

 

Configure the SSH tunnel

7. In MobileTerminal: Click on the ‘i’ button and add a shortcut with the following command:

autossh -M 12345 -D 1080 -C -p <ssh port> -N <user>@<ssh server>

This assumes you also installed automatic ssh from Cydia. If you didn’t then use the regular ‘ssh’ command and drop the ‘-M 12345′ option.

I used autossh because I want to re-create this tunnel automatically everytime the connection is lost. If you want to do this, I recommend setting up your SSH server to use keyfiles. This way, you never need to enter a password, and SSH will automatically connect and re-create your tunnel without user input.

8. Type ‘screen’ in MobileTerminal and press enter to exit the first page.

9. Run the shortcut you just created in MobileTerminal. Done! – ‘screen’ is a nice program that will let you revisit the terminal anytime. To resume your virtual terminal, exit the app, re-enter, and type ‘screen’.

10. Reboot your device. Now enter MobileTerminal and connect to your tunnel.

 

Test your tunnel

Verify your settings by checking your external IP address in MobileSafari. You should see your SSH server’s IP address and not your normal one.

If it worked, all of your traffic on your iPhone/iPad will go through your SSH tunnel. This is great for unsecured public wifi, or environments that have tough firewall restrictions: work or college.

 

How this works

The MobileTerminal shortcut creates an SSH tunnel that listens for connections on localhost:1080. All of your apps will connect to localhost:1080 because of the .pac file in settings. This accomplishes the main goal of forcing all apps to use a kind of SOCKS proxy.

The code you added in ssh_config forces you to use your ISP’s HTTP proxy to connect to the main SSH server.

There are other ways to accomplish this goal but this one seems to be the most stable for me.

Leave a comment if you are having problems. Read up on SSH.

Tagged with: ,
Posted in iOS
9 comments on “How to get SOCKS + SSH Tunneling over HTTP Proxy on iOS
  1. Adam says:

    Hello!

    Thank you for posting this article, i think its must be one of the very few articles that address tunneling on the iphone.

    I just seem to have some trouble locating some of the programs you mentioned. I have spend all day trying to find connect.c, inetutils, and screen and Automatic SSH in Cydia.

    How can I download them? Is there a repo that has to be added in Cydia?

    Would appreciate your help

    Thank you
    Adam

  2. Fadly says:

    Hi,
    Same question… Already have that repo, just don’t know how to find and install those program.
    :(

    • antd says:

      Go to Cydia and press the ‘Reload’ button at the top right of the screen. Then try the following:

      1. Press ‘Sources’ on the bottom menu
      2. Press the Cydia icon with the title “Cydia/Telesphoreo” from the Sources list.
      3. Now you have a list containing all of the required apps.

      Use the alphabet-menu on the right side to find each app.

    • antd says:

      I Just realised why some people are having trouble with finding these apps.

      It’s because you need to change your Cydia settings.
      Go to Cydia -> Manage -> Settings. Then change your user info to ‘Developer’.

      This will enable you to see all of the advanced apps that I talk about in this article.

  3. Question says:

    Can i disable it any time i want? If so, how? I may not want to tunnel every time and by editing the root files the changes could be permanent ?

  4. Teng says:

    Great article.
    But what if I don’t have an remote ssh server? I just want to use ssh tunnel my self, which is like ssh -D 1080 localhost, to surf the web securetly? While I do need an mandatory proxy to use the internet?

1 Pings/Trackbacks for "How to get SOCKS + SSH Tunneling over HTTP Proxy on iOS"
  1. [...] If your college, enterprise, or ISP requires an HTTP/HTTPS proxy then follow my *other* guide to setting up SOCKS + SSH over HTTP proxy on iOS. [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>