Monday, March 2, 2015

Access blocked websites on work / office laptop with ssh tunnel to AWS cloud instance

Given the propensity of IT admins to block websites, using office laptops at home can be a very frustrating experience. While blocking certain malicious/nsfw websites definitely makes sense, I could never understand the logic behind blocking very useful blogs/discussion forums etc.

Now that our aim is clear, let’s get started. We need the following:

  • An open SSH port (port 22) on your laptop (on my work laptop, it’s blocked on office network but open on home/personal networks)
  • A credit card (required for AWS account)
  • A new Amazon AWS account (which comes with access to AWS free tier for a year)
  • A ssh client (e.g putty.exe on windows)
  • FoxyProxy plugin for chrome/firefox browser

The basic principle behind how it works:

Let’s go step by step, configuring the AWS instance, putty client and browser. Since this is  a guide meant for ‘power’ users, it would be better to skip step by step details:

Set up Amazon AWS
Set up AWS by following this guide and then launch an instance by following this guide.
Remember that the instance type you launch should be T2 micro instance if you want it to be free. When adding inbound traffic rules in security groups, allowing only SSH (from anywhere) would be enough.  For now, skip the part about connecting to the instance, it’s described in the next step below.

Set up SSH Client (putty)
Now that we have a Linux server running in the AWS cloud, we will configure Putty on our local machine to connect to the server. Follow instructions at connecting to AWS instance , ignore the “transferring files” part but before saving the session for future use, go to Conection->SSH->Tunnels and add new forwarded port with Source port: 8080, Destination: leave text field empty, Dynamic and Auto.

We now have a ssh client connected to our AWS instance, ready to pass our browsing data to the AWS instance in a secure manner, bypassing IT controls e.g Websense. We just need to tell our browser to how to pass the browsing data to the ssh client.

Set up Browser
We will use chrome/firefox because of their support for exceptional plugins. You might want to configure an alternate browser(other than what you regularly use) for this purpose.
Add FoxyProxy(basic version will do) to the browser. Now in FoxyProxy settings, change the default proxy settings (or add a new setting) to: Manual Proxy enabled, Host: localhost, Port: 8080, SOCKS proxy enabled. Enable FoxyProxy with the new settings.

That’s it, happy freedom to you! Browse whatever you want to your heart’s content. Remember to check back and stop the AWS instance after a year.
Since AWS instance is always on, so the only things you need to check before doing secure browsing is that Putty is connected to AWS instance and FoxyProxy is enabled in your browser.