Web based http/https proxy
I'm considering getting a Linode.com account. I'm no linux guru (yet), but I like learning things by doing it. And Linode.com looks like a perfect place to learn since you can't really screw up things (and even if you do it's fairly easy to fix it again).
Anyway, I do have one final question before I sign up. Since I travel a lot I would like to know if it would be possible to install some kind of web based http/https proxy. I'll explain a bit more into detail what I mean with this. Since I travel a lot I often have to use public computers (Internet cafes) to get on the Internet. Call me paranoia but I never really trust those kind of computers/connections enough to transmit my personal details on/with them. That why I'm wondering if it would be possible to install software on your Linode that allows you to just open up a browser surf to your Linode (through https) and enter the URL you want to surf to (bank, visa details,…). So instead of surfing directly to a website you surf to Linode which forwards you to the requested website…
I know this can probably done through ssh, but I'm looking for a solution which doesn't require me to install any extra software (something I most of the times isn't possible anyway on those kind of computers).
Hope you guys understand what I'm trying to do… Also if somebody has a better way of doing it let me know!
Steven
7 Replies
@steven:
Since I travel a lot I often have to use public computers (Internet cafes) to get on the Internet. Call me paranoia but I never really trust those kind of computers/connections enough to transmit my personal details on/with them.
If you don't trust them (and you're right not to), then you can't use them for anything you're not willing to expose. There is no way to be secure when you're on an untrusted platform. A proxy might shield you somewhat from people sniffing the network but not at all from anyone with control of the machine.
However, you want to make absolutely positively sure that any proxy software you install requires authorization, so that only you can use it. Open proxies tend to attract jerks, who will cause problems to other linode users. See above paragraph.
There are HTTPS->HTTP proxies out there, but they're not very common, I believe, and I could foresee problems with using them.
The ideal solution, as you say, is with SSH. I should point out that PuTTY does not need installation - you can take it on a USB drive. However, I would point out that just as most public computers won't allow you to install software, most won't let you change proxy settings either. All of this means that you're probably going to be looking for something a bit more complex than a normal proxy.
@Ciaran:
The ideal solution, as you say, is with SSH. I should point out that PuTTY does not need installation - you can take it on a USB drive. However, I would point out that just as most public computers won't allow you to install software, most won't let you change proxy settings either. All of this means that you're probably going to be looking for something a bit more complex than a normal proxy.
On that note, you could do what I used to do in high school:
Browse the web with Links
Then, from your internet cafe, you could browse to your linode from a java-enabled web browser, and launch your VNC client there. I've found that internet cafes usually will allow running java applets from the browser in this way. Then you'd have your VNC desktop with browser inside, all inside the parent browser, and you could use this browser to surf the web more securely.
You'd still be vulnerable to keyloggers, but not much else, and it would work just about everywhere.
If you want to go the ssh route but can't use putty, you might consider the MindGate java applet ssh client that you could host on a linode web page. I have this myself, and use it at internet cafes across mexico, and I've never had it not work. It supports tunneling etc.
There are also java-based X clients out there that would be similar to the VNC option, except I find VNC to be more bandwidth efficient and better for this type of situation, since your apps fully run on your server and you for example can re-connect to your session if the connection dies or something.
It's best for using your own PC but connecting via public WiFi and so on.
It wouldn't protect you from key-loggers or screen-scrapers on the public computer though. Even using a remote desktop like VNC won't protect you from screen-scrapers.