Proxy Web Traffic

There is an assigned bug to sort out blocking webbugs and trackers, in the meantime there is Privoxy...

Privoxy

Follow Install Packages to install privoxy, then start it:

apt-get install privoxy
service privoxy start

Edit /etc/environment and add:

ftp_proxy=http://localhost:8118/
http_proxy=http://localhost:8118/
https_proxy=http://localhost:8118/
FTP_PROXY=http://localhost:8118/
HTTP_PROXY=http://localhost:8118/
HTTPS_PROXY=http://localhost:8118/

Reboot the phone to change the root filesystem to read-only and to ensure that sessions have the env vars above set (you can check in a terminal with printenv).

Visit http://config.privoxy.org/ to test it is working.

SSH tunnel

Set the root file system to be read-write and edit /etc/privoxy/config adding this line with the port the ssh tunnel will be on, in this case 3128:

forward-socks5   /               127.0.0.1:3128 .

Add a list of local networks you don't want the tunnel to be used for (so you can use the web browser to login to public wifi networks for example):

forward         192.168.*.*/     .

Create a script to start a ssh tunnel, eg ~/bin/proxy containing something like this (remove the v for non-verbose output in the terminal):

#!/bin/bash

if [[ $1 ]]; then
  REMOTE_SERVER=$1
else
  echo "Run this script like this:"
  echo "/bin/bash $0 server-name-from-ssh-config-file"
  exit
fi

ssh -vTnN -C -F "$HOME/.ssh/config" -D 3128 $REMOTE_SERVER

This works best if you have short names for servers in your ~/.ssh/config and have ssh keys set up.

Start the tunnel (note you might need to run it as follows unless you ssh to localhost first and have ~/bin/ in your $PATH, then you can simply type proxy after you chmod 750 ~/bin/proxy):

bash ~/bin/proxy your-ssh-server

Visit a page that reports your IP address, eg https://parrot.transitionnetwork.org/myip.shtml

Troubleshooting

If your network is very unreliable, try adding this to /etc/privoxy/config:

keep-alive-timeout 300