Skip to main content

Facebook

Using Meerkat to secure wireless web browsing

A hot topic in the news today is Firesheep, a Firefox web browser extension that takes advantage of a security vulnerability in many popular websites like Twitter and Facebook and allows you to login to those sites as any other user on the network! This makes use of the practice of exchanging login information for web browser cookies that are then used to gain access, but which on open networks are subject to interception and reuse by other parties.

Our SSH tunnel manager Meerkat has always supported the ability to secure your web browsing on open networks. It does this with what's called a SOCKS proxy. The basic idea is you tell Mac OS X to use a proxy server, your web browser proxies all website requests through this server, and the server makes the actual requests for information to the website. The connection between your browser and the proxy server is encrypted via SSH, providing a workaround to network-based snooping.

Here's how to set it up:

Step 1: Add an SSH account to Meerkat

If you have an SSH account through your web hosting provider or someplace else, add the details to a new Meerkat account. [screenshot]

Step 2: Add a tunnel to Meerkat that uses this account

Be sure to check the Dynamic forwarding option and choose a high port (something in the 6000-9000 range is ideal) for the tunnel. [screenshot]

Step 3: Configure a SOCKS proxy in Network settings

In the System Preferences application, choose Network, then the AirPort connection, then Advanced... settings. Choose the Proxies tab, then SOCKS Proxy, then enter 127.0.0.1 as the hostname (this means the local computer, where the tunnel endpoint resides) and the port number from above. Choose OK, then Apply to apply the changes. [screenshot 1] [screenshot 2]

Step 4: Browse the web securely!

Just activate the tunnel in Meerkat. All web browser traffic will now go through the SSH account that you setup.

While these steps are a little involved, unfortunately web browser proxies aren't a simple procedure. One way that this can be automated is with Meerkat's free plugin for NetworkLocation, an application that can apply settings based on physical location changes. You can get the plugin in the NetworkLocation website's "Extras" section or from the sidebar on Meerkat's web page.

Have any questions about this? See the Meerkat support forums if you need a hand and we'll try to help out!

Happy -- and safe -- surfing!

Update: I've also heard tips from Meerkat users about setting their SOCKS tunnel to automatically start when using a particular web browser. Meerkat supports associating a tunnel with an app so that when the app stats, the tunnel is enabled and when it is quit, the tunnel is disabled. This is another great option to help with auto-configuration.

Syndicate content