Forward SOCKS to HTTP proxy

[mkhahani]

Hello,

I'm looking for a SOCKS server that runs on locally and forwards SOCKS connections to HTTP proxy just like what Dante does.

• Can OddSocks forward connections to a HTTP proxy server?
• If no, is that possible to add such a feature? How much complicated?
• Is that possible to compile and run OddSocks for Android via Android NDK?

Thanks.

[Timmmm]

It doesn't support that currently. I don't know much about HTTP proxies but
it shouldn't be too difficult to add support. I believe after skimming
the HTTP 1.1 spec that there are two ways HTTP proxies can work:

1. Transparently forwarding requests by interpreting the "Host:" parameter.
   This method only supports unencrypted HTTP connections (no SSL, or other
   types of connections like MSN, games, etc.)
2. Explicitly creating connections using the CONNECT command. This is
   basically the same as what SOCKS does and is apparently not as well
   supported (presumably due to security risks). This method should support
   any protocol, just like SOCKS does.

As far as I can see, implementing the first thing is just a matter of
finding the place in the code where OddSocks connects to a remote server,
and replacing the IP address / port with that of your HTTP proxy.

For the second method you would have to have it connect to your HTTP proxy
and issue a CONNECT command with the appropriate remote IP (which was sent
by the SOCKS client). Should also be fairly easy.

Compiling for Android should be easy as it has basically no dependencies,
though I haven't tried it.

Can I ask why you want to do this? I.e. why not connect to the HTTP proxy
directly?

Cheers,

Tim

On 15 July 2014 17:59, Mohsen Khahani [email protected] wrote:

Hello,

I'm looking for a SOCKS server that runs on locally and forwards SOCKS
connections to HTTP proxy just like what Dante does.

• Can OddSocks forward connections to a HTTP proxy server?
• If no, is that possible to add such a feature? How much complicated?
• Is that possible to compile and run OddSocks for Android via Android
  NDK?

Thanks.

—
Reply to this email directly or view it on GitHub
#1.

[mkhahani]

Hi Tim,
Thanks for the tips.

The application is supposed to act as an Internet censorship circumvention. It routes all TCP/UDP connections through a local SOCKS server. It's done by combination of Android's VpnService and Tun2Socks at the moment. VpnService creates a virtual network interface, configures addresses and routing rules, and returns a file descriptor. Then Tun2Socks reads from FD and forwards connections to a local SOCKS server. I need to forward SOCKS to proxy server(Squid). Better is to route connections provided by VPN directly to proxy server but Tun2Socks doesn't support HTTP proxy.

Let me know if you can help me this happen? I can pay for it and I'm okay with the licence if you prefer to be part of your project.

[Timmmm]

Ah I see. To be honest I think it would be easier and cleaner to just add
HTTP proxy support to tun2socks. Although I have just looked at the
tun2socks code and it is unfortunately very typical C which is never that
easy to work with. It does appear to be well commented though.

Frankly though, I would start from scratch and do it entirely in Java. It
shouldn't be too difficult, all you need to do is:

1. Implement a VpnService - this easily gives you raw IP packets.
2. Use a library to decode IP packets to TCP connections/streams. For
   example http://www.krakenapps.org/wiki/KrakenPcap or http://jnetpcap.com/
   (May require ripping code out of them.)
3. Connect to the HTTP proxy and issue a CONNECT command for each new TCP
   connection.
4. Forward the data both ways.

It's a fair bit of work but you'll end up with the best result. I'd be
surprised if you can't find some android code for reassembling IP packets
into TCP connections somewhere... given that presumably every person that
uses VpnService has to do it. Maybe check the orbot source code:
https://gitweb.torproject.org/orbot.git

Or ask on stackoverflow.

Cheers,

Tim

On 17 July 2014 12:01, Mohsen Khahani [email protected] wrote:

Hi Tim,
Thanks for the tips.

The application is supposed to act as an Internet censorship
circumvention. It routes all TCP/UDP connections through a local SOCKS
server. It's done by combination of Android's VpnService and Tun2Socks at
the moment. VpnService creates a virtual network interface, configures
addresses and routing rules, and returns a file descriptor. Then Tun2Socks
reads from FD and forwards connections to a local SOCKS server. I need to
forward SOCKS to proxy server(Squid). Better is to route connections
provided by VPN directly to proxy server but Tun2Socks doesn't support HTTP
proxy.

Let me know if you can help me this happen? I can pay for it and I'm okay
with the licence if you prefer to be part of your project.

—
Reply to this email directly or view it on GitHub
#1 (comment).

[mkhahani]

You're right, better to write a special code preferably in Java for such purpose. But it needs lots of work and a good knowledge in wide range of various network related concepts(e.g. network layers, protocols, ...).

I'm not so good in network programming and no much time to learn. At the moment, I've just assembled a couple of pre-build and well tested programs to create a chain. For the last part of the puzzle I just found JSocks which acts as a SOCKS server and supports chaining to another SOCKS server. So I'm trying to add support for chaining to HTTP proxy.

The Orbot project you mentioned doesn't use VpnService. It just uses NAT via iptables to route connections.

Thanks for the advice and your time.