SSH Tunneling, Independent Games, Updating Multiple Blogs At Once, and Password Protecting Applications

In this extensive episode Matt shows us how to setup SSH tunneling to securely transmit HTTP traffic and more while on the go. Shannon checks out some student entries to the 2009 Independent Games Festival, including City Rain, Glitch, Froggle, Blazar, and Akrasia. Darren puts together a PHP script that, in conjunction with Ping.fm, allows you to update multiple blogs at once including your own hosted Wordpress. Plus this weeks LAN Party, revamped Trivia and viewer questions.

Chris Gerling joins us at the top of the show via skype from a SANS conference where he is currently getting schooled in forensics.

Matt is obsessed with Clicky Keyboards. I'm a fan of the Model M and the PC-XT's 83 Key Keyboard.

Our next LAN Party game will be Quake 3 on Saturday, January 10 at q3.hak5.org. Check out all the details at our brand spankin' new Hak5 LAN Site (with leetness by Squarespace)

Darren mentions Post_Break's article on Mubix's Room362 site about ways to detect nearby Jasagers.

Setup an SSH SOCKS proxy!

For episode 416 of HAK5, I showed how easy it really is to tunnel all kinds of traffic from HTTP, FTP, and more over a secure SSH Socks proxy.

Some of you may be thinking to yourself... "HOLY CRAP WHAT ARE THESE TERMS?!" And I'm here to assure you that it's going to be OK! Really it is.

What you'll need

  • An SSH server to act as your proxy. Simple enough really! If you're using windows I highly recommend freeSSHd. If you're on a mac check out this page for instructions on how to enable remote logon. Linux users, you should know how to do this. ;)
  • An SSH client on the computer you're using. Mac and *nix machines have SSH built right in at the command line. Windows users can do like I did in the episode and download plink (available here). There are other people out there that will recommend Cygwin, but for this purpose, it's really overkill.

How proxies work

In a nutshell, what you're doing with a proxy is setting up a middle-person (no not a pineapple, but close) between you and the internet. Using the proxy, your browser hands off web page requests to the proxy server, which handles the request and fetches the page for you from the internet. The web site actually thinks the request is coming from the proxy server, not your computer, which is a good way to obscure your originating IP address.

Additionally, the connection between your computer and the proxy happens over SSH, an encrypted protocol. This prevents wifi sniffers from seeing what you're doing online.

Start your SSH tunnel

So you've got your ssh server setup at your house or workplace. Great! To connect to it we're going to setup a local proxy server on your client that you'll be browsing the internet from, which will then "tunnel" web traffic from your local machine to the remote server over SSH. The command to run on your linux / mac client in a terminal window is :

ssh -ND 9999 you@example.com

For Windows it's as simple as browsing to the directory you saved plink to and running

plink.exe -N -D 9999 you@example.com

Of course, you're going to replace the you with your username on your SSH server and example.com with your server domain name or IP address. What that command does is accept requests from your local machine on port 9999 and hands that request off to your server at example.com for processing.

When you execute either of those commands, you'll be prompted for your password. After you authenticate, nothing will happen. The -N tells ssh not to open an interactive prompt, so it will just hang there, waiting. That's exactly what you want.

Set Firefox to use SOCKS proxy

Once your proxy's up and running, configure Firefox to use it. From Firefox's Tools menu, choose Options, and from the Advanced section choose the Network tab. Next to "Configure how Firefox connects to the Internet" hit the "Settings" button and enter the SOCKS information, which is the server name (localhost) and the port you used (in the example above, 9999.)

Save those settings and hit up a web page. When it loads, visit http://www.ipchicken.com to see if it's using your remote ssh server to tunnel traffic. If you are, GOLDEN!

If you feel there's something I've missed, hit me up here (http://www.mattlestock.com)

PS: Remember that you'll need to open your firewall a bit by cracking open port 9999 on your local machine and port 22 on your server for SSH.

--Matt

Congrats to VickiWong who correctly answered last week's trivia. Answer: Stiletto as it is not a submarine launched ballistic missile like the other two. We would have accepted the fact that Polaris and Trident are US ICBMs while Stiletto is a USSR ICBM.

Update multiple blogs with Ping.fm and custom URLs

I don't know about you guys but keeping up with all the latest blogs, social networks, and micro messaging services is a lot of work! And I don't know how many times I've neglected my blog(s) because I was simply too lazy to login and update, login and update, login and update.

In my segment this week I'll be showing you how to use ping.fm's Custom URL feature to update blogs by email. Ping.fm is great for updating multiple status services like Twitter and Identica, but I'm just concerned with blogs.

I personally use three blogging services; Posterous, Tumblr, and Wordpress hosted on my own domain, DarrenKitchen.net.

The first two are easy to update with a Ping.fm Custom URL since they feature rich posting via email. Wordpress on the other hand is a bit lacking. Sure Wordpress has a built in post via email feature but it's severely lacking. To alleviate this I recommend installing the Wordpress Postie plugin. This little guy is awesome, with features like roles, authorized addresses, photo and file upload, signature removal and custom CSS just to name a few.

Once installed and configured all we need to do is edit some the sample PHP code, upload it to our web server, rename the file to something obscure, and add the URL to Ping.fm as a custom URL.

Resources:

--Darren

2009 Independent Games Festival Student Entries

The Independent Games Festival is an annual festival awarding students and independent developers $50,000 in prizes. This year, IGF will happen March 23-27 in San Francisco.

In my segment, I test out a few student entries that were free for download.

The first one was City Rain, which is sort of like Sim City in a way. You play the mayor of a new town, and have to make quick choices as to what kind and where new buildings will go. Buildings quickly fall out of the sky and you have to make your decisions quickly.

I also tried out Froggle. In Froggle, you play a, well... froggle. You're incredibly long tongue is used to eat flies and fling yourself over cartoony environments. I really liked the shading and humor aspect of this game.

The third game was Blazar, which really brings me back to the old school arcade games! You control a ship which has the ability to destroy asteroids or bounce them away. Your goal is to grow a black hole from tiny to huge.

The last game I demo'ed was Glitch. Glitch is a first person shooter that exists in a large cube arena. The environment is constantly moving and the enemies are made out of little cubes themselves. This game was fun!!

The last game which I didn't demo but mentioned was Akrasia. I liked Akrasia because of it's educational touch. This is the description from the IGF website:

Akrasia is a single-player game that challenges game conventions and is intended to make the player think and reflect. It is based on the abstract concept of addiction, which is expressed metaphorically throughout the game.

The game is set in a maze that represents the mind. The maze has two states ñ a normal and a psychedelic state. To enter the game, the player collects a pill-shaped object and thus enters the game as "addict". From "chasing the dragon" to working through "cold turkey", this game models the essential dimensions of the addiction gestalt as identified by its creators.

--Shannon

Questions

We answer view question about password protecting applications and feature a program called Empathy

Until next week we welcome your feedback and remind you to Trust your Technolust