As a straight way you can invoke plink command line to create the tunnel and then connect to the localhost from your application. Plink is the commandline version of Putty, you have tons of options and it is a very popular, safe and tested application.
You have an application (SSH Tunnel Client) that does it for you with a nice UI. It is a bit buggy but it works just fine.
This example connects the port 80 in the remote machine to the port 8000 of your local host.
plink.exe -L 127.0.0.1:8000:127.0.0.1:80 -C -pw 1234 -2 -l user myserver.com
What I don't recommend of this method is that the commandline contains the password and it is easy to see with any process manager, now the good thing of plink is that you have the source code available so you can integrate it in your project.
Edit
Now imagine that your application connects to "yahoo.com" to get some data, you can't modify the application but you can setup a Man in the Middle. You can execute the next command:
plink.exe -L 127.0.0.1:80:google.com:80 -C -pw 1234 -2 -l user myserver.com
Where myserver.com is a SSH sever that allows you to do tunnels and has access to google.com
Now go to your hosts file in C:\windows\system32\drivers\etc\ as administrator and add the next entry:
127.0.0.1 yahoo.com
You can test the setup with your browser and navigate to yahoo.com an you will see the google.com page. It seems simple but the real power is that all the traffic is passing through myserver.com.
Some advantages are
- All the traffic to yahoo.com is encrypted
- You can bypass proxy restrictions with this method
- You can get access to the intranet where myserver.com is located if you can connect to it from the outside
- You can log or modify the data of the connection
Be aware that this method is very likely to have problems with HTTPS connections because of the certificates authentication.