On 06/09/16 10:48, Hans-Christoph Steiner wrote: > > The Briar folks are working on getting HTTP connections on Android to go > through Tor via SOCKS. They used a custom SocketFactory and Socket > subclasses, with their own SOCKS handling. > > https://code.briarproject.org/akwizgran/briar/merge_requests/308 > > Could we use this approach in NetCipher? I think Torsten that said this > approach requires android-14 at least, but we could just use HTTP > proxies to support older platforms.
Hi guys, Following up on an old thread to let you know that unfortunately the approach we found for getting OkHttp to use a SOCKS proxy isn't safe. In some cases OkHttp will try to resolve hostnames locally before creating sockets, which leaks DNS lookups to the local network. Cure53 found this in their recent audit of Briar. I'm currently trying to work out how big a change is required to fix this. Cheers, Michael
0x9FC527CC.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org