Using the android browser with tor or any socks proxy & privoxy - InputOutput.io

Apr 10 2009

Using the android browser with tor or any socks proxy & privoxy

Category: How-Tos | Tags :, , , , , |

Update: If all  you’re looking to do is use TOR with android, please use this tutorial.  The below information is out of date for such uses.

Prerequisites:

  1. A jailbroken android install.
  2. Debian Armel on android.
  3. SSHD running in the chrooted debian environment.

Want to browse the web anonymously with your android device, without t-mobile recording your every move? Look no further.

Few are aware that the default android browser actually allows you to use an http proxy to connect to the web. It is a rather obscure setting to trigger, and there are no provisions for you to connect through a socks proxy, such as an ssh tunnel or the tor network. Luckily, privoxy handles all this for us. Privoxy is an http proxy that is able to forward http requests through the encrypted socks tunnel, and out to its intended recipient. In this tutorial, I will show you how to set your android browser to use privoxy, and how to configure privoxy to forward to a socks proxy.

Lets jump right in.

Using connectbot (available from the android market), ssh into your chrooted debian on localhost. Run:

apt-get install tor

This will fetch both tor and privoxy for you. Now, you’ll need to configure privoxy to forward its http requests through tor, or whatever other tunnel you’ve created through ssh (see my previous post, http://www.inputoutput.io/how-to-subvert-deep-packet-inspection-the-right-way/). Append the following line to your /etc/privoxy/config file:

forward-socks5 / localhost:9050 .

Change 9050 to whatever port your tor or ssh tunnel is listening on. Default is 9050 for tor. Now, start tor and privoxy with:

/etc/init.d/tor start
privoxy /etc/privoxy/config

I had to make /dev/null world-writable for tor to stop complaining. You’ll have to run that last part every time you restart your android device. Now on to the annoying part. In terminal emulator (also available from the android market):

su
sqlite3 /data/data/com.android.providers.settings/databases/settings.db
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> INSERT INTO system VALUES (99, 'http_proxy', 'localhost:8118');
sqlite> .quit

Change 8118 to whatever port privoxy is listening on, but that port is the default. Now the browser is configured to use privoxy as its http proxy. Privoxy, in turn, is configured to forward connections through tor or the ssh tunnel. This means your done, congratulations!

If you want to stop the browser from using the proxy at any point, in terminal emulator:

su
sqlite3 /data/data/com.android.providers.settings/databases/settings.db
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> DELETE FROM system WHERE name='http_proxy';
sqlite> .quit

It’s quite frustrating to go through this process every time you want to switch between proxified and raw browsing, so I suggest installing a second browser such as ‘steel’ for your raw connection, and only using the default browser for proxified connections.

6 Responses to this post.

  1. Posted by AN@S on 10.04.09 at 4:27 pm

    Does this only work with the browser? Can I tunnel other applications through this method? e.g: the market?
    I’m asking about the market because google blocks access to market from my country.

    Thanks

  2. Posted by admin on 10.04.09 at 4:27 pm

    AN@S: This will work with any application where you are able to configure a proxy. You may also be able to redirect all traffic through the SOCKS proxy using iptables rules in the Debian chroot, though I don’t recommend it if your SOCKS proxy is running through tor, for reasons of privacy.

    See: http://www.wired.com/politics/security/commentary/securitymatters/2007/09/security_matters_0920

  3. Posted by Tunnelz on 10.04.09 at 4:27 pm

    How specifically would you go about redirecting all traffic through the SOCKS proxy? So I could set up a SSH tunnel to my home router and then redirect everything through there? That would be really great for browsing on public access points without worrying about apps syncing my personal data in plain text in the background.

  4. Posted by Tunnelz on 10.04.09 at 4:27 pm

    And, I suppose, would setting up a VPN in Settings do essentially the same thing without requiring me to install Debian?

  5. Posted by admin on 10.04.09 at 4:27 pm

    Tunnelz: At the time of this posting, Android >= 1.6 hadn’t been released yet, so you couldn’t as easily set up a VPN. If you want to route all your traffic through SOCKS, see http://transocks.sourceforge.net/ or search on google – I know it’s possible, but I’m not sure what the exact iptables rules are.

    As for the problem with all your data being synced in plaintext, I had a similar problem recently. My solution was to install DroidWall, which you can find on the app market. You can specify apps to blacklist or whitelist based on your connection type. It’s for rooted phones only, though.

  6. Posted by Rolando on 10.04.09 at 4:27 pm

    Does this make it possible to use Privoxy’s filtering abilities on an Android device?

    I’d love to start crunching extraneous JS and webbugs…

Respond to this post