1.1 disclamer

i'm making this article as a POC for intellectual knowledge. i'm not responsible of the use you are making of it.  be aware of your company security policies if you are using this article to bypass them.

1.2 General

this article is the continuation of my previous article concerning ssh over ssl:

ssh over ssl part 1 : server side

ssh over ssl part 2 : client side

it's objective is to show how to use ssh over ssl through an http proxy and we will reuse the 2 previous article setting but change the client side only.

2.reminder: how does it work?


the idea behind it is to protect your privacy when a proxy is blocking you. for example inside a random network you have to go through a proxy to go to internet but the proxy is blocking some website and/or protocol even if you change the port:



the solution is to build a ssl tunnel on port 443. it mimics a https session handler. indeed https is nothing else than a ssl tunnel with inside clear http.



 then inside this ssl tunnel instead of doing http we can do whatever we want. i decided to make some ssh to access my local network in ssh but also as a forwarder to access my local http network. thanks to it i can access in ssh but also any other protocol through my tunnel. 

i chose this method because i didnt want another layer of authentication. the ssl is anonymous like any https connection and the authentication is managed at ssh layer.


3. client configuration

 the server configuration is the same as in the other tutorial, i wont go through it again.


concerning the client, we are on a windows this time and we need to be able to mount the ssl tunnel. for that we are going to use "stunnel"

with this configuration:

accept = 25042
protocol = connect
protocolAuthentication = NTLM
protocolHost = myhomenetworkIP:443
protocolUsername = domaine\login
protocolPassword = password
connect = proxyIP:proxyport

you can use several different type of authentication, see stunnel doc for more details.


once it's done you can start stunnel, then connect your putty ssh on localhost 25042


you can also make a ssh tunnel using putty with this configuration:


then finally change the configuration of your firefox to use your ssh tunnel as a socks5 proxy on the 4242 port you define in putty









Add comment

Security code

Go to Top
Template by JoomlaShine