Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Bookmark

Today tutorial is about Create Secure Connection Using SSH and Putty to Prevent Sidejacking. About 2 weeks ago I write about Simple Sidejacking Using Firesheep, and then a few week after that tools reveal, there’s another application called Blacksheep to prevent the Firesheep attack.

When you using Blacksheep, there will be a pop-up appear when someone in your network using the Firesheep, and I think it’s a little annoying because you can do nothing when you know that someone there is watching you and waiting your packet data across the network.

Maybe you can try to create tunneling by using port 22 (Secure Shell). Below I will write the step by step how to tunneling using SSH.

This is my IP Address before tunneling process.

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Step by step Create Secure Connection Using SSH and Putty to Prevent Sidejacking:

1. You should have an SSH server(googling it), usually when you have web hosting, there’s an optional feature to enable SSH remoting.

2. Download Putty, and then configure it like in the picture below.

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

3. After you connected to the SSH server, input your username and password.

4. After you successfully log in, leave the SSH Window opened.

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

5. The next step you should do is configure your browser to communicate using SOCKS. I’m using Mozilla in this case.

6. Open Mozilla Firefox Browser, Click Tools –> Options –> Advanced –> Network –> Settings.

7. Follow the instruction below to configure Firefox to connect through SSH.

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Just finish all of the configuration, let’s check our IP address now using http://whatismyipaddress.com. Here’s my IP address now looks like.

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

Using SSH it’s another way to prevent the local area network eavesdropping or session sidejacking, but our packet data still can be sniffed at the server side(SSH server) because when you use SSH, the topology like this :

Create Secure Connection Using SSH and Putty to Prevent Sidejacking

One thing you can do to minimize attack is don’t use the "remember me" because it will store and make your session ID become static. Hope this post useful for you ๐Ÿ™‚

(Visited 831 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Pingback: Firesheep HTTP Session Hijacking Tools | Vishnu Valentino()

  • Pingback: Break SSL Protection Using SSLStrip and Backtrack 5 | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • analogi

    Mantaap Tutorialnya mas, ijin copy ilmunya ya….

    • v4L

      #analogi
      boleh bro…kalo copy jangan lupa backlink ke sini ya ๐Ÿ™‚

  • Pingback: Firesheep Session Sidejacking (Mozilla Firefox Extension) | Try n Error()

  • puppet

    can u gave me a list of ssh server that are good…
    i want free n fast ssh server acc…
    hope u can help me…

    • v4L

      #puppet
      Actually if there’s free SSH server it won’t last long…and also if it’s free SSH server 95% didn’t allow packet redirecting..
      you should buy your own a hosting or VPS or Cloud or something like that and check are they allowing packet redirection or not.
      for free shells, you can check here also (but I didn’t know it works or not http://shells.red-pill.eu/)

  • puppet

    how about shellmix.com???
    have you try it?

    • v4L

      #puppet
      I haven’t try it..maybe others can give a try and report? but usually free ssh frequently down or have frequent problem with the connection ๐Ÿ™‚

  • puppet

    yup…
    i have tires it last two day…
    1st tym i try…i was enable to tunnel the connection…
    but the next day…
    i got an error: proxy server is refusing connection…
    what are the possiblities???
    it the webserver down or what???
    if dat so,why i can connect trought the webserver(shellmix.com:ssh connetion) using putty???

  • Pingback: Hacking Windows 7 SP1 via Wireshark Using Metasploit + Backtrack 5 R1 | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • dikien

    thanks a lot it's very useful!!

    • v4L

      #dikien
      you’re welcome ๐Ÿ™‚

  • Daniel

    When I use kpym.com on putty it says: login as: password: what i should put there?
    I need that information because my f*ck brother are stealing my password when i enter on a HTTPS website like hotmail, he do that on the wifi… someone can help me?

    • v4L

      #Daniel
      1st you should have SSH server, so you will know what the username and your password of your SSH server.

  • Daniel

    Soooo, How can I have SSH server? Can you help me? Where I need to be registered?

    • v4L

      #Daniel
      you can ask to your ISP how to buy hosting with SSH server support…also you should ask to your provider are their server supported packet forwarding or not….

  • Daniel

    Thanks by answering. I haven't any idea what are you saying…. :S I'm a beginner….. ๐Ÿ™

  • bonn

    I already use this method using a server in my office network.

    However, my SSH-Server is connected through the office Gateway.

    Is it possible for the Gateway to sniff the packet from SSH-Server to the World?

    If so, how can I protect the packet being sniffed from the Gateway?

    Thanks!

    • v4L

      #bonn
      yes it’s very possible gateway sniff your packet…
      you can encrypt your connection using SSH and tunnel it http://www./computer-security/create-secure-connection-using-ssh-and-putty-to-prevent-sidejacking/

      if you don’t have, just pray they’re not interesting to see your packet ๐Ÿ™‚

  • alijanlou

    i dont have linux server but i install FreeSSHd on my windows, now when i use putty from other pc and connect to my ssh server no page was loaded (in firefox error is : server not found)
    can u help me?

    • v4L

      #alijanlou

      you need to make your computer forward the packet. http://www./tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/

  • Peminta Cheat

    Thanks mister Vishnu, Terus apakah bisa juga mengenkripsi data traffic menggunakan VPN?

    Karena tidak memiliki server SSH sendiri ;p

  • addy

    Hi

    I just want to know that how can I protect from sniffing? My housemate is an ethical hacker. As we share same router, I just want to save my system from sniffing. I think he uses wireshark for this purpose.
    Please help me if you can.

    Thanks
    addy

  • taib abdel

    please , what can i do to bypass websense triton , even tor and ultrasurf can’t bypass it , can i use ssh server to bypass this web filter websense triton if yes HOW please …thx in advance