http(s) proxy support (web, maps, etc)

Search This thread
By:
Advanced…
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
I was sitting at a customer (yes real work) the other day without access to VPN (ports blocked) and i was roaming so daren't switch on 3g due to the extortionate costs. They did have a wireless access and required a proxy for browsing, web mail, etc. Unfortunately if you're connected to wireless you can't also turn your wifi on your laptop into an adhoc hotspot for your phone (even though ad-hoc works perfectly now) so i quickly downloaded transproxy, compiled it (i did have access to the NDK on my lappie luckily) , and set up iptables and voila, a transparent proxy was up and running and everything sprung into life on my Desire. The nice thing (as mentioned in the subject) is that this is not limited to only the browser (i.e. it's not setting the http_proxy in the SQlite db) so even my MAPS, and everything that uses comms thru port 80 came to life.

Posting this if anyone's interested. I hear the CM6 now has proxy access, but this should work for any ROM that is rooted (i.e has su installed) and has iptables support.

Basic HTTP auth is supported, NTLM is NOT SUPPORTED CURRENTLY (and may never be as i don't have a server i can test with).

UPDATE 7th MAY 2011: PLEASE READ THIS POST FIRST

PLEASE post logcat outputs while starting transproxy or it makes it hard for me to diagnose errors. Just saying it doesn't work will not help me fix it.

Version 3.08 beta
- New GUI only. Thanks lots to user fonix232

Version 3.04-3.07
- Bugfixes

Version 3.03
- Major rewrite of redsocks to support transparent proxying (no need to support tproxy binary).

Version 3.02
- Limit the forks as some complex pages may result in large number of process forks which may lead to memory depletion, slowdown in phone, crash, etc.
- Add port 5228 redirection for market auth

Version 3.01
- Split traffic for b*stard proxies that don't support port 80 connections via CONNECT method

Version 3.00
- Full transparency (currently only 80/443 forwarded)

Version 2.04
- Fixed the loss of focus bug when going from on -> off in the GUI
- Fixed the hostname resoltion bug in the Host field.

Version 2.03
- SOCKS 4a/5 support
- Fix password quoting in proxy.sh script
- Removed iptables binary due to ROM incompatabilites. Your ROM must support and have iptables binary included.

Versions 2.01/2.02
- Private testing versions only to fix bugs.

Version 2.00
- Rewrite to support (basic) proxy auth
- Disabled https as it cannot work transparently

Version 1.03
- Fix to work nexus one not having multiport module
- Included 'iptables' binary

Version 1.02
- Internal only version

Version 1.01
- Fix for broken 'su' parsing by splitting the iptables script into 2 scripts to start/stop

Version 1.0
- Broken version not working with 'su' correctly

TODO:
- Abritrary forwarding (i.e. 80,443,++++) -but the upstream proxy needs to allow those ports which it seems many b*stard proxies don't. Use a VPN for that if you can.
- NTLM support
 

Attachments

  • TransProxy.apk
    100.3 KB · Views: 19,327
  • TransProxy2.04.apk
    128.1 KB · Views: 8,521
  • TransProxy3.07.apk
    58.2 KB · Views: 23,548
  • TransProxy3.08beta.apk
    58.9 KB · Views: 47,155
  • gui.png
    gui.png
    23 KB · Views: 21,444
  • TransProxy3.zip
    71.5 KB · Views: 15,675
  • redsocks4transproxy3.zip
    865.6 KB · Views: 19,171
Last edited:
  • Like
Reactions: organic2, bradzerns, goe_my and 19 others
M

magdap

Senior Member
May 22, 2010
138
20
can you please translate this for unrooted people, (i have no clue where to type this abd stuff)? does this only work for rooted devices? how much time you think you need for an apk :)


and does this work only in combination with a laptop or is this a standalone version ( i heard you can set up proxy when you surf next to your laptop, but without it its not possible)?
 
wallla

wallla

Senior Member
Jun 13, 2010
100
12
Great work! I'm so happy someone capable finally cares about the missing wifi proxy issue.
Do you think it will work on other (rooted) phones, too? I'm interested using it with my Milestone...

Looking forward to see it with a nice UI.
 
  • Like
Reactions: Jimmy_Z
I

iamgpc

Senior Member
Sep 19, 2008
141
261
Taiwan
I get an error when do iptables:mad::mad:


# iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to
-ports 8123
iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to-p
orts 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name
#
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
magdap said:
can you please translate this for unrooted people, (i have no clue where to type this abd stuff)? does this only work for rooted devices? how much time you think you need for an apk :)


and does this work only in combination with a laptop or is this a standalone version ( i heard you can set up proxy when you surf next to your laptop, but without it its not possible)?
Click to expand...
Click to collapse

Unfortunately it won't work for unrooted phones since you need access to do kernel stuff like forwarding destination packets to ports 80,443 to another arbitrary port.

You don't need a laptop after you've pushed the 'tproxy' binary. You can run the commands directly from a root console on the phone.
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
wallla said:
Great work! I'm so happy someone capable finally cares about the missing wifi proxy issue.
Do you think it will work on other (rooted) phones, too? I'm interested using it with my Milestone...

Looking forward to see it with a nice UI.
Click to expand...
Click to collapse

Yes i don't see why it shouldn't work with other rooted phones as long as you have the iptables binary and modules (or in kernel).
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
iamgpc said:
I get an error when do iptables:mad::mad:


# iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to
-ports 8123
iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT --to-p
orts 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
iptables: No chain/target/match by that name
#
Click to expand...
Click to collapse

Looks like your ROM/kernel doesn't have the multiport matching netfilter builtin or as a module. SO in your case you'd need to change the command to be run for each port you're redirecting like this

Code: 
iptables -t nat -A OUTPUT -p tcp --dport 80   -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 443  -j REDIRECT --to-port 8123
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
blud7 said:
I'm a waitin on the apk! Will solve several people problems.
Click to expand...
Click to collapse

I'm a good C programmer (IMHO) but never dabbled in android programming, so it may take a while. If some developer comes up with a gui before me, please feel free. I hope i've passed on the know-how to do the raw stuff though.
 
J

jacketyjoe

Member
Jul 24, 2010
39
0
Yay, somebody did something about the lack of proxy support :)

I'm just going to wait for it to be released in a rom (or an app), i'm too lazy and don't need it urgently.
 
I

iamgpc

Senior Member
Sep 19, 2008
141
261
Taiwan
daveba said:
Looks like your ROM/kernel doesn't have the multiport matching netfilter builtin or as a module. SO in your case you'd need to change the command to be run for each port you're redirecting like this

Code: 
iptables -t nat -A OUTPUT -p tcp --dport 80   -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 443  -j REDIRECT --to-port 8123
Click to expand...
Click to collapse

Thanks for your help, however i still get an error:mad:

The following is my adb shell log, is it any problem?:confused:

chmod 777 /system/bin/tproxy
# /system/bin/tproxy -s 8123 10.1.1.2 80
/system/bin/tproxy -s 8123 10.1.1.2 80
# iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
# iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
#
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
sweetheater said:
I have written a step by step guide for setting up proxy in Desire mobile...Do check it out.... its in my signature
Click to expand...
Click to collapse

Yes that would work as well alebit with privoxy as the proxying server. tproxy is much smaller and doesn't do all the anonymizing that Orbot does. Anyhow yes i guess that should work too.

Why didn't i find that when i was looking ;-(
 
D

daveba

Senior Member
Mar 4, 2010
398
61
Dubai
iamgpc said:
Thanks for your help, however i still get an error:mad:

The following is my adb shell log, is it any problem?:confused:

chmod 777 /system/bin/tproxy
# /system/bin/tproxy -s 8123 10.1.1.2 80
/system/bin/tproxy -s 8123 10.1.1.2 80
# iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
# iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8123
iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8123
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
#
Click to expand...
Click to collapse

Hi it looks like your rom is missing iptables multiport support in the kernel. What ROM are you using ?
Maybe it supports it as a module. Does
Code: 
modprobe xt_multiport
give you errors also ?
 
Last edited:
M

mmaacc

Senior Member
Jul 28, 2008
304
45
sweetheater said:
I have written a step by step guide for setting up proxy in Desire mobile...Do check it out.... its in my signature
Click to expand...
Click to collapse
Pretty cool. Thanks! But that's limited to TOR, which means if you have a company proxy in between it's still a no-go :). Correct me if I'm wrong.
 
Last edited:
wallla

wallla

Senior Member
Jun 13, 2010
100
12
So, i just tried it with my stone.

Turns out that there's no iptables on the Milestone.
However, I made it work simply by taking iptables from the wifi-tether-project and copying it to /system/bin/ .

After executing the command for iptables I get an error-message
"FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372".
But that's no problem as the rule is set, successfully.


Can't make a practical test yet, until in some weeks. But I'm optimistic. :)
Thanks so much, again.



@all other people who get the getprotobyname()-error:
try and execute iptables -t nat -L -n -v to show your config.
Maybe the rule is set anyway, like on my phone...
 
Last edited:
P

professordes

Member
Aug 8, 2009
46
5
It's the same deal on HTC Desire with a Modaco custom ROM r8, I hadn't thought to check the rule was there after seeing the error. It is.

Can't test on the work network until next week.
 
P

professordes

Member
Aug 8, 2009
46
5
How do I switch the rules off (short of rebooting)?

The obvious:

iptables -t nat -D OUTPUT -p tcp -m multiport --dport 80 -j REDIRECT --to-ports 8123
iptables -t nat -D OUTPUT -p tcp -m multiport --dport 443 -j REDIRECT --to-ports 8123

doesn't seem to work (unless iptables -t nat -L -n -v is misreporting the state)

/EDIT

Ignore that, the equally obvious

iptables -t nat --flush

does clear 'em out...
 
Last edited:
E

emiconi

Senior Member
Jun 28, 2007
63
2
Market Download Probem

Hi,
this procedure is very interesting, in my case internet browsing and market browsing is working but not for market download and gmail.
some suggestions?
Thanks
 
Last edited:
You must log in or register to reply here.

Similar threads

Sebby
  • Locked
[Discontinued]Runnymede AIO V6.1.1 Special Edition with INT2SD support [Beta]
Replies
18K
Views
4M
TonyStark R.I.P.
TonyStark R.I.P.
robocik
[ROM][Sense 2.1+3.0mix][02 June]RCMix S v2.0 Evolutionary Sense
Replies
13K
Views
3M
ze7zez
ze7zez
LeeDroid
[ROM] LeeDrOiD V2.5.0 FINAL | 28th May l Official | Sense/No Sense l FAST l STABLE
Replies
22K
Views
5M
B
benens
Mr.Mefisto
HTC Desire (Bravo) Index - Everything Desire is here! [24th/January/2015]
Replies
395
Views
4M
R
Rynpcfc
xavierjohn22
  • Poll
[ROM][MIUI-XJ] Mar 31 - 2.3.30 GB 2.3.7 EN-MULT+OTA+CM+Updater|D2EXT X-PART|A2SD+|D2W
Replies
19K
Views
3M
rmg2
rmg2

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 22
    D
    daveba
    I was sitting at a customer (yes real work) the other day without access to VPN (ports blocked) and i was roaming so daren't switch on 3g due to the extortionate costs. They did have a wireless access and required a proxy for browsing, web mail, etc. Unfortunately if you're connected to wireless you can't also turn your wifi on your laptop into an adhoc hotspot for your phone (even though ad-hoc works perfectly now) so i quickly downloaded transproxy, compiled it (i did have access to the NDK on my lappie luckily) , and set up iptables and voila, a transparent proxy was up and running and everything sprung into life on my Desire. The nice thing (as mentioned in the subject) is that this is not limited to only the browser (i.e. it's not setting the http_proxy in the SQlite db) so even my MAPS, and everything that uses comms thru port 80 came to life.

    Posting this if anyone's interested. I hear the CM6 now has proxy access, but this should work for any ROM that is rooted (i.e has su installed) and has iptables support.

    Basic HTTP auth is supported, NTLM is NOT SUPPORTED CURRENTLY (and may never be as i don't have a server i can test with).

    UPDATE 7th MAY 2011: PLEASE READ THIS POST FIRST

    PLEASE post logcat outputs while starting transproxy or it makes it hard for me to diagnose errors. Just saying it doesn't work will not help me fix it.

    Version 3.08 beta
    - New GUI only. Thanks lots to user fonix232

    Version 3.04-3.07
    - Bugfixes

    Version 3.03
    - Major rewrite of redsocks to support transparent proxying (no need to support tproxy binary).

    Version 3.02
    - Limit the forks as some complex pages may result in large number of process forks which may lead to memory depletion, slowdown in phone, crash, etc.
    - Add port 5228 redirection for market auth

    Version 3.01
    - Split traffic for b*stard proxies that don't support port 80 connections via CONNECT method

    Version 3.00
    - Full transparency (currently only 80/443 forwarded)

    Version 2.04
    - Fixed the loss of focus bug when going from on -> off in the GUI
    - Fixed the hostname resoltion bug in the Host field.

    Version 2.03
    - SOCKS 4a/5 support
    - Fix password quoting in proxy.sh script
    - Removed iptables binary due to ROM incompatabilites. Your ROM must support and have iptables binary included.

    Versions 2.01/2.02
    - Private testing versions only to fix bugs.

    Version 2.00
    - Rewrite to support (basic) proxy auth
    - Disabled https as it cannot work transparently

    Version 1.03
    - Fix to work nexus one not having multiport module
    - Included 'iptables' binary

    Version 1.02
    - Internal only version

    Version 1.01
    - Fix for broken 'su' parsing by splitting the iptables script into 2 scripts to start/stop

    Version 1.0
    - Broken version not working with 'su' correctly

    TODO:
    - Abritrary forwarding (i.e. 80,443,++++) -but the upstream proxy needs to allow those ports which it seems many b*stard proxies don't. Use a VPN for that if you can.
    - NTLM support
    View
    9
    D
    daveba
    Due to family issues i am not able to work on this any longer and (as people have noticed) i have been vacant from the development scene for a while. I will upload the sources to the 1st post in the next half hour. Anyone is given full permission to dissect, fix, reuse anything and include it in their ROM as required. The backend (redsocks) code needs to be updated as the developer has also let me know that a new version is out. As always stated, NTLM is not supported, but with enough free time it should not be a gargantuan task to do so whomever picks up the gauntlet. I have returned to see 31 messages in my PM inbox so please don't expect personal responses.

    This started as a pet project one day when i was onsite at a customer and turned into a beast where i got a lot of encouragement but also people felt i should respond to them even though i'd answered all the questions several times before. I know it's difficult for people to go thru pages and pages of posts but really all the answers are in the first post (believe it or not). I will try and monitor this thread, but please if you take this code and further it, start a new thread with the fork. There is (i believe) some good code in here for android beginners (which i was) so a good reference point on how to code an app and call external apps, kill them, etc. I'm only releasing v3 of the code as it should be the way forward. Again, the GUI android bit of the code is ONLY the controls to start up the real workhorse which is iptables and redsocks. The latter do all the necessary magic.

    On the first post is now

    1. TransProxy3.zip (the android code tha needs to be imported into eclipse)
    2. redsocks4transproxy3.zip (the redsocks code and libevent - this need the SDK to compile the arm binaries which needs to be copied into the assets directory)

    The latter #2 can be compiled on linux x86 for testing as it is linux code.
    View
    4
    M
    Moronig
    AutoProxy released!

    Thanks to daveba for the releasing the source for this useful app. I have made it more useful still, by releasing a new app based on it, and created a new Thread for that. Find it here:

    http://xdaforums.com/showthread.php?p=13877562

    Here are a couple screenshots:

    device.png
    device2.png
    View
    1
    wallla
    wallla
    Great work! I'm so happy someone capable finally cares about the missing wifi proxy issue.
    Do you think it will work on other (rooted) phones, too? I'm interested using it with my Milestone...

    Looking forward to see it with a nice UI.
    View
    1
    M
    Moronig
    For anybody searching in this thread, the successor for this app, Autoproxy, now has proxy.pac support, and a free version on the market. Check it out at https://market.android.com/details?id=com.mgranja.autoproxy_lite
    View

New posts