v054c: Configuring SOCKS5 proxy authentication breaks proxy functionality

[FLAGEL]

Starting with v054c, configuring Rethink to use a SOCKS5 proxy with authentication will result in infinite connection resets. Configuring Rethink to use a SOCKS5 proxy without authentication works as intended. v054a worked as intended with and without SOCKS5 authentication. Results are from a Pixel-device running up-to-date Android 13 and Every Proxy.

SOCKS5 proxy without authentication bypassing Rethink: Works.

~ $ curl -v -x socks5://10.111.222.1:1080 test100.goosehollow.design
*   Trying 10.111.222.1:1080...
* Connected to 10.111.222.1 (10.111.222.1) port 1080 (#0)
* SOCKS5 connect to IPv4 44.227.65.245:80 (locally resolved)
* SOCKS5 request granted.
* Connected to 10.111.222.1 (10.111.222.1) port 1080 (#0)
> GET / HTTP/1.1
> Host: test100.goosehollow.design
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Server: openresty
< Date: Tue, 30 May 2023 11:59:43 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 168
< Connection: keep-alive
< Location: http://www.goosehollow.design
< X-Frame-Options: sameorigin
<
<html>
<head><title>307 Temporary Redirect</title></head>
<body>
<center><h1>307 Temporary Redirect</h1></center>
<hr><center>openresty</center>
</body>
</html>
* Connection #0 to host 10.111.222.1 left intact

SOCKS5 proxy without authentication via Rethink: Works.

~ $ curl -v test101.goosehollow.design
*   Trying 44.227.65.245:80...
* Connected to test101.goosehollow.design (44.227.65.245) port 80 (#0)
> GET / HTTP/1.1
> Host: test101.goosehollow.design
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Server: openresty
< Date: Tue, 30 May 2023 12:00:00 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 168
< Connection: keep-alive
< Location: http://www.goosehollow.design
< X-Frame-Options: sameorigin
<
<html>
<head><title>307 Temporary Redirect</title></head>
<body>
<center><h1>307 Temporary Redirect</h1></center>
<hr><center>openresty</center>
</body>
</html>
* Connection #0 to host test101.goosehollow.design left intact

SOCKS5 proxy with authentication bypassing Rethink: Works.

~ $ curl -v -x socks5://12345:12345@10.111.222.1:1080 test102.goosehollow.design
*   Trying 10.111.222.1:1080...
* Connected to 10.111.222.1 (10.111.222.1) port 1080 (#0)
* SOCKS5 connect to IPv4 44.227.76.166:80 (locally resolved)
* SOCKS5 request granted.
* Connected to 10.111.222.1 (10.111.222.1) port 1080 (#0)
> GET / HTTP/1.1
> Host: test102.goosehollow.design
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Server: openresty
< Date: Tue, 30 May 2023 12:00:52 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 168
< Connection: keep-alive
< Location: http://www.goosehollow.design
< X-Frame-Options: sameorigin
<
<html>
<head><title>307 Temporary Redirect</title></head>
<body>
<center><h1>307 Temporary Redirect</h1></center>
<hr><center>openresty</center>
</body>
</html>
* Connection #0 to host 10.111.222.1 left intact

SOCKS5 proxy with authentication via Rethink: Fails.

~ $ curl -v test103.goosehollow.design
*   Trying 44.227.76.166:80...
* Connected to test103.goosehollow.design (44.227.76.166) port 80 (#0)
> GET / HTTP/1.1
> Host: test103.goosehollow.design
> User-Agent: curl/8.0.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
~ $

[ignoramous]

Thanks for the bug report.

If you're comfortable doing so, will you please share output from adb logcat | grep GoLog from immediately as you attempt these connections?

[FLAGEL]

I can probably do that, but it will take some time as I won't have my regular setup available the coming weeks.

[ignoramous]

Can you confirm if this issue persists in the latest versions like v055j?

[FLAGEL]

Unfortunately, with v055n (used v054c previously, so can't say much about v055j) SOCKS5 proxy functionality no longer works at all. I have verified that the proxy app (Every Proxy) works via the Termux app ( "curl -v -x socks5://10.111.222.1:1080 test100.goosehollow.design"). I have also enabled "Never Proxy DNS" in Rethink to verify that the issue is not related to DNS resolution (with the setting disabled, DNS resolution does not work, as expected as no traffic flows through the SOCKS5 proxy).

Strangely, "HTTP(S) CONNECT Proxy" now works (it did not with v054c), with and without basic auth.

[resolutecake]

I can confirm that SOCKS5 with authentication fails for v0.5.5n tested against two different SOCKS5 softwares. Some DNS and IPv4 communication works but fails to load Web pages. the SOCKS5 server reports time outs and connection resets when responding to Rethink

Leaving v0.5.5n connected for about two hours with authenticated SOCKS5 restarts Android possibly from a memory leak

[ignoramous]

Thanks. We'll have to test why auth doesn't work.

If you're technical enough, can you put Rethink in Very verbose in Configure -> Settings -> Log level and look through adb logcat | grep "GoLog" to see if there's any errors or warnings you spot? If you can't, and if you're comfortable, you can share it here, and I'll take a look.

Leaving v0.5.5n connected for about two hours with authenticated SOCKS5 restarts Android possibly from a memory leak

A memory leak in an app is unlikely to reboot the OS.

[FLAGEL]

As some extra input, it seems SOCKS5+auth works for some users. Maybe it comes down to the proxy app (Every Proxy vs. sing-box): https://github.com/ItsIgnacioPortal/ItsIgnacioPortal.github.io/discussions/2#discussioncomment-10164455

@resolutecake, what proxy app were you using that did not work?