$ ssh -vND localhost:2222 [email protected]
$ /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/chrome --proxy-server=socks5://localhost:2222
Let's break down each command:
ssh -vND 2222 [email protected]
-v
: Be verbose -- prints SSH information tostdout
.-N
: Do not execute remote program, only forward ports.-D localhost:2222
: Local socket through which traffic is proxied.[email protected]
: Standard SSH semantics
.../Google\ Chrome --user-data-dir=/tmp/chrome --proxy-server=socks5://localhost:2222
--user-data-dir
: Where user data should be stored. More subtly, this must be set and must not be the default user data directory since this is the mechanism that signals to the operating system that this should be a new Chrome process and not another Chrome tab. (Roughly.)/tmp/chrome
: Where that user data is stored. I tend not to care about this data for long periods of time, so/tmp
is a good place.--proxy-server
: Signifies that only this new Chrome process should use a proxy. Otherwise, Chrome defaults to system-wide proxy settings.socks5://
: The protocol which is being used to proxy traffic issocks5
localhost:2222
: This is the socket that the previous SSH command created -- it's the proxying, encrypted tunnel toproxyinghost.tld
I was able to use my non-work Windows machine to access internal pages via this proxying mechanism.
# On VPN-connected work MacBook
$ ssh -vND fbbk.kingdom:2222 localhost
fbbk.kingdom:2222
makes the dynamic SSH tunnel bind to the LAN IP of my work machine so it is accessible to LAN-connected devices- SSH'ing to
localhost
means proxied web requests will look like they're being issued by my work laptop
# On Windows 10 desktop
> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors --user-data-dir=C:\chrome_temp --proxy-server=socks5://fbbk.kingdom:2222
--ignore-certificate-errors
is required because my Windows machine isn't managed, and therefore won't have the proper CAs installed used at work
Next step is to figure out how to put credentials around the proxy so a username and password is required before being able to use it.