[guardian-dev] supporting SOCKS on Android via a custom SocketFactory

Nathan of Guardian nathan at guardianproject.info
Wed Mar 22 08:54:53 EDT 2017



On Wed, Mar 22, 2017, at 08:23 AM, Michael Rogers wrote:
> On 06/09/16 10:48, Hans-Christoph Steiner wrote:
> > 
> > The Briar folks are working on getting HTTP connections on Android to go
> > through Tor via SOCKS.  They used a custom SocketFactory and Socket
> > subclasses, with their own SOCKS handling.
> > 
> > https://code.briarproject.org/akwizgran/briar/merge_requests/308
> > 
> > Could we use this approach in NetCipher?  I think Torsten that said this
> > approach requires android-14 at least, but we could just use HTTP
> > proxies to support older platforms.
> 
> Hi guys,
> 
> Following up on an old thread to let you know that unfortunately the
> approach we found for getting OkHttp to use a SOCKS proxy isn't safe. In
> some cases OkHttp will try to resolve hostnames locally before creating
> sockets, which leaks DNS lookups to the local network. Cure53 found this
> in their recent audit of Briar. I'm currently trying to work out how big
> a change is required to fix this.

Do we need to implement or fork our own HTTP library to ensure safety?
Or is it just OkHttp itself that is the problem? I think Apache
HTTPClient is better, possibly Volley, as well?


More information about the guardian-dev mailing list