Yeah, as a heads up to the community, the first tests that we need done
is to verify that intermediate cert download, HTTPS OCSP, DNS
prefetch, and FTP are all being properly proxied. There are known
issues with the Chrome proxy implementation that cause these items to
bypass proxy settings. It stands to reason that there is a risk for
similar leaks on the Android browser.
Some manual and/or stress testing over a wifi link + wireshark should
be sufficient here (though finding a page that sources ftp:// urls may
be tricky. You probably will need to create that yourself).
Yeah, as a heads up to the community, the first tests that we need done is to verify that intermediate cert download, HTTPS OCSP, DNS prefetch, and FTP are all being properly proxied. There are known issues with the Chrome proxy implementation that cause these items to bypass proxy settings. It stands to reason that there is a risk for similar leaks on the Android browser.
Some manual and/or stress testing over a wifi link + wireshark should be sufficient here (though finding a page that sources ftp:// urls may be tricky. You probably will need to create that yourself).