Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

Bypass Firewalls Using SSH

SSH is a secure protocol that can be used to tunnel through firewalls. By using SSH, we can connect to a remote server and tunnel our traffic through the SSH connection. Firewalls are designed to protect networks from unauthorized access, but a firewall can also block legitimate traffic if not configured correctly. This can be a problem when we need to allow access to a specific application or service. One way to get around this issue is bypassing the firewall using ssh.

There are a few ways to bypass firewalls using SSH:



Step  to Perform SSH Tunneling:

In order to bypass a firewall using SSH tunneling, we will need to set up an SSH server on a machine that is outside the firewall. We will then need to connect to this server using an SSH client and forward traffic from the client machine to the server machine. For example, let’s say that we want to bypass a firewall that is blocking all traffic to port 80. We could set up an SSH server on a machine that has port 80 open and then connect to this server using an SSH client. Once we are connected, we could then forward traffic from the local machine to port 80  on the server machine. This would allow us to bypass the firewall and access websites that are normally blocked.

Now we see setting up a SSH server on a machine that is outside the firewall.



Step 1: Install the SSH server software on the machine.

 

Step 2: Configure the SSH server to listen on port 80 and allow traffic to port 80 through the firewall.

On Windows: 

New-NetFirewallRule -Name sshd -DisplayName 
'OpenSSH SSH Server' -Enabled True -Direction
Inbound -Protocol TCP -Action Allow -LocalPort
80 -Program "C:\Windows\System32\OpenSSH\sshd.exe"

 

Step 3:  Start the SSH server

Step to Connect the SSH Server and Forward Traffic:

Step 1: Install the SSH client software on the target machine: The OpenSSH client is included in Ubuntu Linux distributions by default. There are a few free SSH clients available for the Windows platform. The best one is Putty, which is available online on their site.

Step 2: Connect to the SSH server and forward traffic from the target machine to port 80 on the server machine. After starting Putty, fill in the following configuration details :

In the “Host Name” field, type the publicly 
accessible IP of the SSH server
Navigate to Connection > SSH > Tunnels
Add a new forwarded port:
Source Port = Target Port for Reverse Tunnelling
Destination = 127.0.0.1:[Target Port]
Direction = Remote
Click Add
Click Open to Start the SSH session

 

At this point, the target port will be mapped to the target remote SSH server. This means that clients on the remote network will be able to access the target PC as if it was on the remote network. Basically, this creates a private tunnel between two remote end-points, enabling remote administration of a fire-walled machine.

Perform SSH Port Forwarding:

Assuming we have SSH access to a remote server, we can use SSH port forwarding to bypass firewalls.  For example, let’s say we want to access a website that is blocked by a firewall. We can use SSH port forwarding to tunnel traffic from the local machine to the remote server, and then from the remote server to the website.

To do this, we would first SSH into the remote server. Then, we would use the following command to forward  traffic from the local machine (port, 8080) to the remote server (port 80):

ssh -L 8080:localhost:80 user@remote.server.com

Now, we can access the website by going to http://localhost:8080 in the web browser. The traffic will be tunneled through the SSH connection, and the remote server will act as a proxy.

We can also use SSH port forwarding to tunnel traffic from the remote server to the local machine. For example, let’s say we want to access a database that is only accessible from the remote server. We can use SSH port forwarding to tunnel traffic from the remote server to the local machine (port 3306) and then connect to the database using the local machine.

To do this, we would first SSH into the remote server. Then, we would use the following command to forward traffic from the remote server (port 3306) to the local machine (port 3306):

ssh -R 3306:localhost:3306 user@remote.server.com

Now, we can connect to the database using the local machine. The traffic will be tunneled through the SSH connection, and the local machine will act as a proxy.

Perform SSH SOCKS Proxy:

Assuming we have an SSH server running on a remote machine that we can access:

Step 1: On the local machine, open a terminal and run the following command:

ssh -D 9999 -f -C -q -N username@remotemachine

Step 2: This will establish a SOCKS proxy on port 9999 of the local machine.

Step 3: To use the proxy, configure the browser or other application to use a SOCKS proxy on localhost:9999.

Step 4:  Browse the web all traffic will be tunneled through the SSH connection.


Article Tags :
Ethical Hacking
Recommended Articles
1. Most Popular Methods Used By Hackers to Bypass Firewalls
2. How to Configure Firewalls in Windows?
3. What is Bitvise SSH Client?
4. How to Brute-Force SSH in Kali Linux?
5. Email Security Warning When Using SSL
6. Using a Reverse WHOIS API to Beef Up Cybersecurity
7. Throttling DDoS Attacks Using Discrete Logarithm
8. Port Scanning Techniques By Using Nmap
9. TCP Analysis using Wireshark
10. MITM (Man in The Middle) - Create Virtual Access Point using Wi Hotspot Tool
11. Footprinting Using Social Engineering Method
12. Application Level Hijacking Using Proxy Hacking
13. How To Generate Rainbow Table Using WinRTGen?
14. How to Improve Cyber Attack Detection Using Social Media?
15. How to make an ARP Spoofing attack using Scapy - Python
16. Threat Hunting Using Yara