[guardian-dev] supporting SOCKS on Android via a custom SocketFactory

Michael Rogers michael at briarproject.org
Wed Mar 22 08:23:14 EDT 2017


On 06/09/16 10:48, Hans-Christoph Steiner wrote:
> 
> The Briar folks are working on getting HTTP connections on Android to go
> through Tor via SOCKS.  They used a custom SocketFactory and Socket
> subclasses, with their own SOCKS handling.
> 
> https://code.briarproject.org/akwizgran/briar/merge_requests/308
> 
> Could we use this approach in NetCipher?  I think Torsten that said this
> approach requires android-14 at least, but we could just use HTTP
> proxies to support older platforms.

Hi guys,

Following up on an old thread to let you know that unfortunately the
approach we found for getting OkHttp to use a SOCKS proxy isn't safe. In
some cases OkHttp will try to resolve hostnames locally before creating
sockets, which leaks DNS lookups to the local network. Cure53 found this
in their recent audit of Briar. I'm currently trying to work out how big
a change is required to fix this.

Cheers,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 4660 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20170322/2f0a839c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20170322/2f0a839c/attachment.sig>


More information about the guardian-dev mailing list