Tag Archives: tunnel

HowTo: Shared Hosting as Socks Proxy

Problem

You need a proxy to connect to a service that would only accept connections from a certain location.

You have a shared hosting account on a server in location that is accepted by the service where you want to connect. Could you use it as a proxy server.?

You could install one of those proxy scripts made in php but that would only let you browse the web, what you want is be able to proxify any application and for that you need a socks server working with one of those proxifier applications  (like tsocks on linux/unix ).

So could you use a socks proxy on your shared hosting account?

Solutions

The solutions are listed starting with the most simple working on the most permissive hosting accounts and ending with the most complex suited for the least permissive accounts.
There will be further posts describing the solutions in detail. This post is mostly an introduction.

  1. SSH Tunnel

    This is the simplest but it assumes that your hosts allows ssh access to your account and they don't block ssh tunnels.

    1.  

    This creates a socks server on your local host , then you can use it in the proxifyer app to forward all connections through it.

  2. Custom SSH Tunnel

    This is a solution for those hosting accounts that don't allow ssh tunneling, but allow you to connect over ssh and run a program ( antinat - a socks server ) once connected over ssh.

    ( One might wonder: why create a tunnel when you could just run antinat and connect directly to it? If you can do that then that's the best way to do it but most shared hosting servers would have all ports blocked so you would not be able to connect to any port other then the standard ones ( 80,443,25,110,143, etc ) but those are only available to root and are already busy anyway. )

    The idea is to forward the traffic from your computer to the proxy server through the actual ssh connection instead of using the standard tunneling mechanisms which are blocked by server's configuration.

    For this you would need a program on your host to act both as a socks server ( sort of ) and as a forwarder through a ssh connection. On the other side ( hosting account ) you would need another program that would receive data from the ssh connection and forward it to antinat. Both programs would actually have to forward data both ways.

    Both forwarders would have to multiplex connections and forward them through a single ssh connection because most hosting accounts only allow one connection / user

  3. Callback Socks server

    This is a solution in case your hosting account has no ssh access.

    It's similar to previous solution but in this case instead of having the local forwarder connect to the remote ( hosting ) forwarder through ssh, you eliminate the remote forwarder and just have the socks server connect back to the local forwarder and then forward everything through that connection.

    This would require modification to the socks server as antinat doesn't have this callback feature built in.

    Another requirement is that you are able to upload and run antinat on the server. Usually you can do this by just calling it in a php script ( eg.: system('antinat') ) or from a perl script if the host offers cgi access.

  4. Custom script ?

    What if for some reason (no cgi or php system() blocked ) you can't run antinat?

    Well in this case I'm guessing it would be possible to write a script that you could call over a http connection, and forward through it, but php's socket functions would need to be available and script's max execution time would limit your connection time so don't expect much of this.

I have used solution #1 and I wrote the software and patches required to make #2 and #3 work. In the following weeks I'll write the posts to describe them in more details.

You can subscribe to my RSS feeds or connect with me on one of the social networks listed in the sidebar if you want to be notified when they are posted.

If you know other ways of doing this or ideas about my solutions I'd love to read about them in the comments.