rethink-app icon indicating copy to clipboard operation
rethink-app copied to clipboard

Published 20 hours ago verified publisher icon celzero

HTTP proxy(orbot) is not an http Proxy

Open 4-FLOSS-Free-Libre-Open-Source-Software opened this issue 3 years ago • 5 comments

Then, I activated Orbot integration inside your app. Rethink said all traffic is now routed over Tor.

The problem is all other apps! can connect to internet, not just Browser if HTTP proxy is enabled (orbot activated) Firewall is completely unusable.

When I disable orbot link, rethink block app's internet connection as advertised.

conclusion: if the HTTP proxy(orbot) is active, your app is ignoring firewall rules silently

#313 @strongok Couldn't answer on parent issue. Image says more than thousand words.

059b5c04-895f-4782-a1d8-d984c8d7dbca.jpg

4-FLOSS-Free-Libre-Open-Source-Software avatar Jun 19 '21 10:06 4-FLOSS-Free-Libre-Open-Source-Software

Yes, we merely set it #44, and Android implements the rest (which is a HTTP CONNECT tunnel instead of a HTTP proxy).

http/1.1 proxies are trivial to implement; it is http/2 that is problematic here: https://github.com/celzero/rethink-app/issues/45#issuecomment-695347020

Ref impl: https://archive.is/etF2f

ignoramous avatar Jun 19 '21 14:06 ignoramous

it is http/2 that is problematic here: https://github.com/celzero/rethink-app/issues/45#issuecomment-695347020

That may not work for any pinned certificates anyway. But it's not needed, The http tunnel port works fine for https and as https proxy. As far I know, Https over http proxy uses http connect.

http/1.1 proxies are trivial to implement;

Previously orbot shipped with polipo http proxy with socks5 as it's parent proxy.

This option causes likely all apps including system Chrome Browser that try to access http to fail:

b48440c2-8036-476b-88a5-356d11d55624.jpg

While TCP forward mode works as expected. IMG_20210624_170430.jpg

The combinations or use as http proxy works for everything than http itself. 6b2ae5c6-37db-4701-ba75-6d7b72e9923c.jpg Chrome does not understand to use it as not native http proxy. The way out is set actually

4-FLOSS-Free-Libre-Open-Source-Software avatar Jun 24 '21 15:06 4-FLOSS-Free-Libre-Open-Source-Software

https://github.com/elazarl/goproxy to rescue. Attempting an impl...

Edit: Impl here https://github.com/celzero/firestack/commit/7734c4508f15d6b10f2c0b55efccb542ea34a2f0

ignoramous avatar Aug 24 '21 13:08 ignoramous

https://github.com/elazarl/goproxy to rescue. Attempting an impl...

Good choice. I checked out https://github.com/elazarl/goproxy as HTTP/S=>SOCKS5 Upstream standalone, and it works quite well for this purpose.

I guess since 7734c45 this issue could be closed?

4-FLOSS-Free-Libre-Open-Source-Software avatar Dec 16 '21 14:12 4-FLOSS-Free-Libre-Open-Source-Software

I guess since 7734c45 this issue could be closed?

We haven't integrated it in the app... (:

ignoramous avatar Dec 16 '21 15:12 ignoramous

In v055, we implement just the HTTP/S CONNECT tunnel and not HTTP/S Proxy per se. Please test it out and let us know if it works as intended; feel free to reopen if it doesn't. Thanks (:

ignoramous avatar Aug 15 '23 20:08 ignoramous