[guardian-dev] supporting SOCKS on Android via a custom SocketFactory
Hans-Christoph Steiner
hans at guardianproject.info
Thu Sep 22 15:52:19 EDT 2016
Hans-Christoph Steiner:
>
>
> Michael Rogers:
>> On 06/09/16 11:54, Hans-Christoph Steiner wrote:
>>> Have you run tests yet of HTTPS verification using your technique? You
>>> can take code from the NetCipher tests if you want.
>>
>> Thanks, that's a good idea. We've tried it with a few HTTPS sites but
>> haven't done any testing in depth.
>>
>>> I don't remember details now, but I know that when doing tricks with how
>>> Socket instances are created on Android, important pieces went missing,
>>> like hostname verification. In cases like these, it is important to
>>> remember that Android != Java. Android only promises to provide what
>>> they document in their SDK docs, not all of Java. And many companies
>>> choose to take that opportunity to get lazy/sloppy with their builds of
>>> Android.
>>
>> Unfortunately these device-specific issues are hard to test on anything
>> except a pile of real devices - any suggestions for how to reduce the
>> manual testing workload?
>
> I usually aim to test on one device from a major manufacturer,
> especially ones that are known to customize their ROMs a lot (e.g.
> Samsung). For a good survey, you have to use services like appthwack
> that let you rent lots of devices by the hour.
>
> So my memory is coming back on the technical details of all this. It
> seems that Apache Harmony/Android's implementation of sockets omitted
> the SOCKS support, even though the docs said it was there. They added
> it in some time recently, like 5.1 or maybe even 6.0. It would be good
> to find a real reference to that so we know when we can count on it.
I didn't find a solid reference yet, but this test for me confirms that
at least in terms of HttpURLConnection on android-22, SOCKS proxies do
not work:
URL url = new URL("https://facebookcorewwwi.onion");
Proxy proxy = new Proxy(Proxy.Type.SOCKS,
new InetSocketAddress("127.0.0.1", 9050));
HttpURLConnection connection = (HttpURLConnection)
url.openConnection(proxy);
connection.setConnectTimeout(0); // blocking connect with TCP timeout
connection.setReadTimeout(20000);
connection.getContent();
assertEquals(200, connection.getResponseCode());
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list