How to Tunnel HTTP Requests through a Forward Proxy ?

Your ISP can actually track the website that you visit, just by examining the routers’ or the gateways’ log file. This log file contains the logs of the client (you) and the IP address or domain name of the website visited. Although the ISP cannot keep a track of the data transferred to and from the website in case the website uses HTTPS, but it still is concerning to know that someone can potentially review your browsing patterns.

But there’s a way to take back control of your browsing privacy! We’ll explore how to tunnel your HTTP requests through a forward proxy.

A forward proxy acts as a middle-man between you and the websites that you visit. All the web traffic is routed through the proxy server. Your ISPs’ router would think all the traffic is going to the proxy server, instead of the website and the website would think all the traffic is originating from the proxy server.

Requirements

1. An EC2 instance: We are going to route all our traffic through this EC2 instance, and this is where our proxy application is going to listed to the incoming requests and forward those requests to the websites.
2. SSH Connection: You should also be able to SSH into the EC2 instance to install and configure the proxy.

TL;DR

Skip to the next section to see a detailed explanation.

Install tinyproxy on the EC2 instance using the following command.

sudo apt install tinyproxy

Open the /etc/tinyproxy/tinyproxy.conf

sudo vim /etc/tinyproxy/tinyproxy.conf

In this file, add the following line to allow tinyproxy to accept remote connections.

Allow 0.0.0.0/0

To exit vim, press Esc and press :wq to write and quit.

Restart tinyproxy.

sudo systemctl restart tinyproxy

Open the firewall for port 8888/tcp.

sudo ufw add 8888/tcp

You’re all set. Add the IP Address of the EC2 instance in your HTTP proxy settings of your local machine along with the port number (8888).

On a Mac, go to Settings > Network > Wi-Fi > Click on Details > Proxies. Enter the IP address of your EC2 instance and the port number of the proxy server.

Brief Explanation

SSH to your EC2 instance. SSH is a protocol to send command to a remote host.

ssh -i <path-to-ssh-private-key> ubuntu@<ip-address-of-ec2-instance>

Once you’re logged in to the EC2 instance, run the following commands.

sudo apt update
sudo apt upgrade

Installing a proxy client. tinyproxy is a open-source and lightweight client. We’ll be using tinyproxy.

sudo apt install tinyproxy

Starting the tinyproxy daemon and enabling to start on boot.

sudo systemctl enable tinyproxy
sudo systemctl start tinyproxy

Verify that the tinyproxy is running.

sudo systemctl status tinyproxy

You must see that the status would be active(running), which would mean that tinyproxy is running.

Configuring tinyproxy to accept remote and localhost connections. Allowing 0.0.0.0/0 would allow any machine in the world to connect to your proxy server. If your ISP provides a static IP address, configure tinyproxy to accept connection only from that IP address. In most cases, ISP uses a dynamic IP address, so allowing 0.0.0.0/0 would be appropriate.

Open the tinyproxy configuration file.

sudo nano /etc/tinyproxy/tinyproxy.conf

Add the following line in the configuration file. These line would allow the proxy server to accept connections from anywhere, IPv6 loopback, and localhost respectively.

Allow 0.0.0.0/0
Allow ::1
Allow 127.0.0.1

Once you’ve made the changes, exit by pressing Ctrl + O, Enter, and Ctrl + X.

Restart tinyproxy.

sudo systemctl restart tinyproxy

By default, tinyproxy runs on port 8888. Allow traffic through this port.

sudo ufw add 8888/tcp

Make sure that the security group attached to this EC2 instance also allows traffic on port 8888.

Setting up of tinyproxy is done. It’s time to route the traffic from your local machine to the proxy server.

On a Mac, go to Settings > Network > Wi-Fi > Click on Details > Proxies. Enter the IP address of your EC2 instance and the port number of the proxy server.

To verify that the proxy has been configured, on any browser, go to https://ipinfo.io/what-is-my-ip. You should see the IP address of the EC2 instance instead of your own IP address.

SSH Tunneling(Optional).

We are now connecting from the local machine to the remote proxy server (EC2 instance). This connection is unencrypted. A workaround for this is SSH Tunnelling.

SSH Tunneling opens an encrypted tunnel between your local machines’ port 8888 and the port 8888 of the remote server. This would mean that the local machines’ port 8888 would act as the proxy servers port 8888.

ssh -L 8888:localhost:8888 ubuntu@<ip-address-of-ec2-instance> -i <path-to-ssh-private-key>

Any data sent to your local machine on port 8888 would tunnel it to the proxy server.

Finally, update the proxy setting by replacing the IP address of EC2 with localhost or 127.0.0.1.