brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.92k stars 2.34k forks source link

Http proxy for Brave VPN #39094

Open deeppandya opened 5 months ago

deeppandya commented 5 months ago

Description

we have an issue regarding the KillSwitch feature, in particular what MullVad/Google noticed here. Whatever goes out of the browser does not abide to the KillSwitch rules. This is due to the fact that the browser/vpn bundle needs to be able to reconnect when it loses the connection, and it creates a dependency cycle without resolution if the killswitch stops its own connection. However, if we can move all the connections from the browser itself through the proxy, while all the VPN connections remains not on that proxy, the killswitch could work properly IFF the proxy server is only accessible inside the VPN.

This issue is to explore a way to enable HTTP proxy for brave vpn with wireguard. Ref : we can use setHttpproxy in vpnservice builder here : https://github.com/WireGuard/wireguard-android/blob/4ba87947ae3346280da76e13ef6981[…]nnel/src/main/java/com/wireguard/android/backend/GoBackend.java. currently we are using the sharedobject to start the tunnel using GoBackend class. we can try to extend the class with our implementation and replace the constructor here : https://github.com/brave/brave-core/blob/4667e2e2c72c2dd97f5cf2de63cd631610982012/[…]chromium/chrome/browser/vpn/wireguard/WireguardServiceImpl.java

thypon commented 5 months ago

we can use setHttpproxy in vpnservice builder here : https://github.com/WireGuard/wireguard-android/blob/4ba87947ae3346280da76e13ef6981[…]nnel/src/main/java/com/wireguard/android/backend/GoBackend.java.

I'm not completely sure we should setup the proxy inside the VPN itself. In order for this to work, we need to first setup the Proxy, in the Browser, for every connection, and then start a direct (!proxied) connection to the VPN.

thypon commented 5 months ago

Sink-hole Proxy Connection Steps

There are 2 cases post disconnection, when a user disconnects voluntary, and on random disconnection.

  1. Before connection we define a browser proxy on an IP the VPN provider controls:

    • The IIP should not be local
    • The proxy should be accessible only inside the provider's VPN network. The proxy should either REJECT (better UX), or DENY connection when they came from outside the VPN itself
  2. On User voluntary disconnection we remove the proxy definition so that the user can continue the navigation

  3. On User Random disconnection we leave the proxy definition on so that all the connection from the browser itself are sink-holed.

Extra Properties

The following properties will prevent some extra insecure edge-cases:

Given these requirements the two alternatives that come to my mind are SOCKS and HTTPS proxies

Screenshot 2024-06-18 at 10 42 26

Sequence Diagram

SequenceDiagram