# Dynamic Port Forwarding

<figure><img src="/files/yI97TIDTtxRBtu3iwdQ7" alt=""><figcaption></figcaption></figure>

Dynamic port forwarding is a technique used in SSH that allows us to create a SOCKS proxy server. This enables us to route traffic through the SSH connection dynamically to any port on the remote server or through any other hosts accessible from that remote server.

* **Setup**: When we establish a dynamic port forwarding session, an SSH client listens on a specified local port and forwards traffic to the remote server, allowing connections to any host and port through the SSH tunnel.
* **Traffic Flow**:
  * Any application that supports SOCKS proxy (like web browsers, curl, etc.) can connect to the local port.
  * The SSH server will route this traffic through the established SSH connection to the desired destination.

## Example

```bash
ssh -D [local_port] [user]@[remote_server]
```

`-D` flag indicates we want to create a SOCKS proxy

```bash
ssh -D 1080 user@10.10.15.130
```

In this example:

* The SSH client will listen on `localhost:1080`.
* Any traffic directed to this port will be forwarded through the SSH tunnel to the remote server and then on to the final destination.

We must edit  `/etc/proxychains.conf` file to inform proxychains that we must use port 1080.\
add this into conf file

`socks4 127.0.0.1 1080`

## Using Proxychains to Access the Web Server

Once Proxychains is configured, you can use it to route your requests through the SOCKS proxy. Given the diagram with the setup:

* **Attacker (Kali)**: `10.10.15.128`
* **Pivot Host (Ubuntu)**: `10.10.15.130`
* **Target (Windows)**: `172.16.1.16` (running a web server on port `80`)

To access the web server on the Windows target through Proxychains, use the following command:

```bash
proxychains curl http://172.16.1.16
```

or we can use proxychains with metasplit

```bash
proxychains msfconsole
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.dollarboysushil.com/pivoting-and-tunneling/dynamic-port-forwarding.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.