search

iTXTech / Daedalus

No root required Android DNS modifier and Hosts/DNSMasq resolver.
https://itxtech.org
GNU General Public License v3.0
1.4k stars 203 forks source link

Feature Discussion - Local Reverse Proxy & Redirection #85

Open PeratX opened 6 years ago

PeratX commented 6 years ago

GFW now can reset TLS connections by detecting the Server Name Indication part in TLS Client Hello packet. The way to bypass the restriction is to remove the SNI part in Client Hello packet. However, Android does not support HTTP proxy directly. So, set up a local reverse proxy seems a good choice (we can use a fake address and redirect requests in VPNService). Both of the methods requires a self-signed certificate.

Solutions

  1. nginx - Cross Compile for armeabi-v7a/aarch64 - Need to generate Configuration dynamically
  2. undertow - Only support Android N+, or modifications required (maybe XNIO)

Notes

  1. Apps need to be modified to trust user certs >= Android N
  2. Two methods has been tested and work excellently on my Samsung Galaxy S6 Egde+

Express your idea below :)

dzx-dzx commented 5 years ago

https://github.com/URenko/Accesser/issues/47#issuecomment-499463361 这个软件会有类似的问题吗?

PeratX commented 5 years ago

原理一样,问题一样