Learn it before you actually need it

Information - Communities - Tools - Do it yourself - See also

(eventually replace by Αναστασία's scissors)

Legislative framework

  • France



  • HerdictWeb by project of the Berkman Center for Internet & Society at Harvard University
    • seeks to gain insight into what users around the world are experiencing in terms of web accessibility; or in other words, determine the herdict.


Do it yourself

Create an SSH tunnel (to read content)

You need first to rent the server in an Internet location (country but eventually backbone position) that has access to the resources you are intersted in.

  • server side : create a new user without a shell or a home
    • useradd -s "/usr/sbin/nologin" temporarytunnel
    • passwd temporarytunnel
  • client side : keep open a tunnel with a defined local port
    • ssh temporarytunnel@server.com -D 3248 -N
    • configure your clients to connect through the tunnel (thus the same port)
      • for example in your browser proxy option select sock4 proxy pointing to port 3248
    • optionally configure your clients to use DNS through the tunnel tool
      • e.g. network.proxy.socks_remote_dns=true in Firefox
    • connect to a web server with geolocalization (by IP) to check which connection you are actually using

See also SSH Tunnelling according to CircumventionTools and Wikipedia:Corkscrew (program) to run the connections over most HTTP and HTTPS proxy servers or my notes on Lighttpd (and Apache on setting up a forward proxy).

Provide a temporary SSH tunnel (to publish content)

  1. check GatewayPorts yes in /etc/ssh/sshd_config
    1. more details at Shell and with man:sshd
  2. from the machine you want to share content ssh user@server.tld -R server.tld:port: -N
    1. this will open a specific port on the remote server tunneling to your local machine on port 443 (http over SSL) and avoid requesting for a prompt
  3. check that is working https://server.tld:port/
  4. share https://server.tld:port/ to people you trust

Note that you should consider

  • dynamically change the port in a deterministic way (using timestamp, weather, a mix...)
  • use locally a strict httpd policy (basically only allow traffic)
  • use an .htpasswd file else anybody which scans server.tld for open ports and find the https will be able to connect to it and crawl its content

See also