Add fundamentals of SOCKS support to the VPN implementation

Author: pimterry

app/src/main/java/tech/httptoolkit/android/MainActivity.kt

@@ -458,7 +458,8 @@ class MainActivity : AppCompatActivity(), CoroutineScope by MainScope() {
                     listOf(lastProxy.ip),
                     lastProxy.port,
                     null,
-                    getCertificateFingerprint(lastProxy.certificate as X509Certificate)
+                    getCertificateFingerprint(lastProxy.certificate as X509Certificate),
+                    if (lastProxy.captureProtocol != null) listOf(lastProxy.captureProtocol.toString()) else listOf()
                 )
             )
             connectToVpn(config)

app/src/main/java/tech/httptoolkit/android/ProxyDetails.kt

@@ -40,7 +40,15 @@ data class ProxyInfo(
      * proxy, as part of validating the connection. This hash is included in QR codes to
      * protect against MitM of our MitM during setup.
      */
-    val certFingerprint: String
+    val certFingerprint: String,
+
+    /**
+     * Which protocols does the proxy say it supports? This is slightly broader than the 'real'
+     * set of protocols, since we may include things like RAW (direct packet redirection),
+     * and subtypes of SOCKS with custom metadata mechanisms etc.
+     */
+    @Json(serializeNull = false)
+    val proxyProtocols: List<String>?
 ) : Parcelable
 
 /**
@@ -73,9 +81,20 @@ data class ProxyConfig(
     /**
      * The HTTPS CA certificate of the proxy, obtained from the proxy itself during setup.
      */
-    val certificate: Certificate
+    val certificate: Certificate,
+
+    /**
+     * Preferred capture protocol for this proxy. If null, only the default RAW
+     * HTTP redirect behavior is supported.
+     */
+    val captureProtocol: ProxyCaptureProtocol?
 ) : Parcelable
 
+enum class ProxyCaptureProtocol {
+    RAW,
+    SOCKS5
+}
+
 val CertificateConverter = object: Converter {
     override fun canConvert(cls: Class<*>): Boolean {
         return cls.isAssignableFrom(Certificate::class.java)

app/src/main/java/tech/httptoolkit/android/ProxySetup.kt

@@ -44,16 +44,28 @@ fun parseConnectUri(uri: Uri): ProxyInfo {
 }
 
 suspend fun getProxyConfig(proxyInfo: ProxyInfo): ProxyConfig {
+    val protocol = if (proxyInfo.proxyProtocols?.contains("SOCKS5") == true)
+        ProxyCaptureProtocol.SOCKS5
+    else
+        ProxyCaptureProtocol.RAW
+
     return withContext(Dispatchers.IO) {
         return@withContext supervisorScope {
             Log.v(TAG, "Validating proxy info $proxyInfo")
             val proxyTests = proxyInfo.addresses.map { address ->
                 async {
-                    testProxyAddress(
+                    val cert = testProxyAddress(
                         address,
                         proxyInfo.port,
                         proxyInfo.certFingerprint
                     )
+
+                    ProxyConfig(
+                        address,
+                        proxyInfo.port,
+                        cert,
+                        protocol
+                    )
                 }
             }
 
@@ -68,11 +80,18 @@ suspend fun getProxyConfig(proxyInfo: ProxyInfo): ProxyConfig {
 
                 // If all network connections fail, and we have a local ADB tunnel, fallback to
                 // using that connection instead.
-                return@supervisorScope testProxyAddress(
+                val cert = testProxyAddress(
                     "127.0.0.1",
                     proxyInfo.localTunnelPort,
                     proxyInfo.certFingerprint
                 )
+
+                return@supervisorScope ProxyConfig(
+                    "127.0.0.1",
+                    proxyInfo.port,
+                    cert,
+                    protocol
+                )
             }
         }
     }
@@ -81,8 +100,8 @@ suspend fun getProxyConfig(proxyInfo: ProxyInfo): ProxyConfig {
 private suspend fun testProxyAddress(
     address: String,
     port: Int,
-    expectedFingerprint: String
-): ProxyConfig {
+    expectedFingerprint: String,
+): X509Certificate {
     return withContext(Dispatchers.IO) {
         val certFactory = CertificateFactory.getInstance("X.509")
 
@@ -112,11 +131,7 @@ private suspend fun testProxyAddress(
             val foundCertFingerprint = getCertificateFingerprint(foundCert)
 
             if (foundCertFingerprint == expectedFingerprint) {
-                ProxyConfig(
-                    address,
-                    port,
-                    foundCert
-                )
+                return@withContext foundCert
             } else {
                 throw CertificateException(
                     "Proxy returned mismatched certificate: '${

app/src/main/java/tech/httptoolkit/android/ProxyVpnRunnable.kt

@@ -2,27 +2,27 @@ package tech.httptoolkit.android
 
 import android.os.ParcelFileDescriptor
 import android.util.Log
-import android.util.SparseArray
 import tech.httptoolkit.android.vpn.ClientPacketWriter
 import tech.httptoolkit.android.vpn.SessionHandler
 import tech.httptoolkit.android.vpn.SessionManager
 import tech.httptoolkit.android.vpn.socket.SocketNIODataService
 import io.sentry.Sentry
+import tech.httptoolkit.android.vpn.capture.CaptureController
+import tech.httptoolkit.android.vpn.capture.DirectHandler
+import tech.httptoolkit.android.vpn.capture.SOCKS5Handler
 import tech.httptoolkit.android.vpn.transport.PacketHeaderException
 import java.io.FileInputStream
 import java.io.FileOutputStream
 import java.io.InterruptedIOException
 import java.net.ConnectException
-import java.net.InetSocketAddress
 import java.nio.ByteBuffer
 
 // Set on our VPN as the MTU, which should guarantee all packets fit this
 const val MAX_PACKET_LEN = 1500
 
 class ProxyVpnRunnable(
     vpnInterface: ParcelFileDescriptor,
-    proxyHost: String,
-    proxyPort: Int,
+    proxyConfig: ProxyConfig,
     redirectPorts: IntArray
 ) : Runnable {
 
@@ -40,20 +40,13 @@ class ProxyVpnRunnable(
     private val nioService = SocketNIODataService(vpnPacketWriter)
     private val dataServiceThread = Thread(nioService, "Socket NIO thread")
 
-    private val manager = SessionManager()
+    private val captureController = CaptureController(proxyConfig, redirectPorts.toList())
+    private val manager = SessionManager(captureController)
     private val handler = SessionHandler(manager, nioService, vpnPacketWriter)
 
     // Allocate the buffer for a single packet.
     private val packet = ByteBuffer.allocate(MAX_PACKET_LEN)
 
-    // Our redirect rules, defining which traffic should be forwarded to what proxy address
-    private val portRedirections = SparseArray<InetSocketAddress>().apply {
-        val proxyAddress = InetSocketAddress(proxyHost, proxyPort)
-        redirectPorts.forEach {
-            append(it, proxyAddress)
-        }
-    }
-
     override fun run() {
         if (running) {
             Log.w(TAG, "Vpn runnable started, but it's already running")
@@ -62,7 +55,6 @@ class ProxyVpnRunnable(
 
         Log.i(TAG, "Vpn thread starting")
 
-        manager.setTcpPortRedirections(portRedirections)
         dataServiceThread.start()
         vpnPacketWriterThread.start()
 

app/src/main/java/tech/httptoolkit/android/ProxyVpnService.kt

@@ -247,8 +247,7 @@ class ProxyVpnService : VpnService(), IProtectSocket {
 
         vpnRunnable = ProxyVpnRunnable(
             vpnInterface,
-            proxyConfig.ip,
-            proxyConfig.port,
+            proxyConfig,
             interceptedPorts.toIntArray()
         )
         Thread(vpnRunnable, "Vpn thread").start()

app/src/main/java/tech/httptoolkit/android/vpn/Session.java

@@ -18,6 +18,9 @@
 
 import android.util.Log;
 
+import androidx.annotation.Nullable;
+
+import tech.httptoolkit.android.vpn.capture.ProxyProtocolHandler;
 import tech.httptoolkit.android.vpn.transport.ip.IPv4Header;
 import tech.httptoolkit.android.vpn.socket.ICloseSession;
 import tech.httptoolkit.android.vpn.transport.tcp.TCPHeader;
@@ -108,13 +111,18 @@ public class Session {
 
 	private final ICloseSession sessionCloser;
 
+	// Proxy protocol handler - set only while the proxy connection
+	// is being established, then null afterwards.
+	private ProxyProtocolHandler proxyHandler;
+	
 	Session(
 		SessionProtocol protocol,
 		int sourceIp,
 		int sourcePort,
 		int destinationIp,
 		int destinationPort,
-		ICloseSession sessionCloser
+		ICloseSession sessionCloser,
+		ProxyProtocolHandler proxyHandler
 	) {
 		receivingStream = new ByteArrayOutputStream();
 		sendingStream = new ByteArrayOutputStream();
@@ -126,18 +134,27 @@ public class Session {
 		this.destPort = destinationPort;
 
 		this.sessionCloser = sessionCloser;
+		this.proxyHandler = proxyHandler;
+	}
+
+	@Nullable
+	public ProxyProtocolHandler getProxySetupHandler() {
+		if (this.proxyHandler == null) {
+			return null;
+		} else if (!this.proxyHandler.isPending()) {
+			this.proxyHandler = null;
+			return null;
+		} else {
+			return this.proxyHandler;
+		}
 	}
 
 	/**
 	 * append more data
 	 * @param data Data
 	 */
-	public synchronized void addReceivedData(byte[] data){
-		try {
-			receivingStream.write(data);
-		} catch (IOException e) {
-			Log.e(TAG, e.toString());
-		}
+	public synchronized void addReceivedData(ByteBuffer data){
+	   receivingStream.write(data.array(), data.position(), data.remaining());
 	}
 
 	/**
@@ -176,10 +193,6 @@ public synchronized int setSendingData(ByteBuffer data) {
 		return remaining;
 	}
 
-	int getSendingDataSize(){
-		return sendingStream.size();
-	}
-
 	/**
 	 * dequeue data for sending to server
 	 * @return byte[]

app/src/main/java/tech/httptoolkit/android/vpn/SessionManager.java

@@ -24,6 +24,8 @@
 import org.jetbrains.annotations.NotNull;
 
 import tech.httptoolkit.android.TagKt;
+import tech.httptoolkit.android.vpn.capture.CaptureController;
+import tech.httptoolkit.android.vpn.capture.ProxyProtocolHandler;
 import tech.httptoolkit.android.vpn.socket.DataConst;
 import tech.httptoolkit.android.vpn.socket.ICloseSession;
 import tech.httptoolkit.android.vpn.socket.SocketProtector;
@@ -36,6 +38,8 @@
 import java.nio.channels.DatagramChannel;
 import java.nio.channels.SocketChannel;
 import java.nio.channels.spi.AbstractSelectableChannel;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -50,6 +54,12 @@ public class SessionManager implements ICloseSession {
 	private final Map<String, Session> table = new ConcurrentHashMap<>();
 	private SocketProtector protector = SocketProtector.getInstance();
 
+	private final CaptureController captureController;
+
+	public SessionManager(CaptureController captureController) {
+		this.captureController = captureController;
+	}
+
 	/**
 	 * keep java garbage collector from collecting a session
 	 * @param session Session
@@ -133,7 +143,7 @@ public Session createNewUDPSession(int ip, int port, int srcIp, int srcPort) thr
 		Session existingSession = table.get(keys);
 		if (existingSession != null) return existingSession;
 
-		Session session = new Session(SessionProtocol.UDP, srcIp, srcPort, ip, port, this);
+		Session session = new Session(SessionProtocol.UDP, srcIp, srcPort, ip, port, this, null);
 
 		DatagramChannel channel;
 
@@ -171,7 +181,17 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		// We return the initialized session, which will be reacked to indicate rejection.
 		if (existingSession != null) return existingSession;
 
-		Session session = new Session(SessionProtocol.TCP, srcIp, srcPort, ip, port, this);
+		String ips = PacketUtil.intToIPAddress(ip);
+		boolean shouldCapture = captureController.shouldCapture(ips, port);
+		SocketAddress socketAddress = shouldCapture
+				? captureController.getProxyAddress()
+				: new InetSocketAddress(ips, port);
+
+		ProxyProtocolHandler proxyHandler = shouldCapture
+				? captureController.getProxyHandler(ips, port)
+				: null;
+
+		Session session = new Session(SessionProtocol.TCP, srcIp, srcPort, ip, port, this, proxyHandler);
 
 		SocketChannel channel;
 		channel = SocketChannel.open();
@@ -181,7 +201,6 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		channel.socket().setReceiveBufferSize(DataConst.MAX_RECEIVE_BUFFER_SIZE);
 		channel.configureBlocking(false);
 
-		String ips = PacketUtil.intToIPAddress(ip);
 		Log.d(TAG,"created new SocketChannel for " + key);
 
 		protector.protect(channel.socket());
@@ -190,12 +209,6 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		session.setChannel(channel);
 
 		// Initiate connection straight away, to reduce latency
-		// We use the real address, unless tcpPortRedirection redirects us to a different
-		// target address for traffic on this port.
-		SocketAddress socketAddress = tcpPortRedirection.get(port) != null
-			? tcpPortRedirection.get(port)
-			: new InetSocketAddress(ips, port);
-
 		Log.d(TAG,"Initiate connecting to remote tcp server: " + socketAddress.toString());
 		boolean connected = channel.connect(socketAddress);
 		session.setConnected(connected);
@@ -205,9 +218,4 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		return session;
 	}
 
-	private SparseArray<InetSocketAddress> tcpPortRedirection = new SparseArray<>();
-
-	public void setTcpPortRedirections(SparseArray<InetSocketAddress> tcpPortRedirection) {
-		this.tcpPortRedirection = tcpPortRedirection;
-	}
 }