Mobile Proxy Service¶

The term “mobile proxy service” might not be immediately clear, so let’s summarize it in one sentence: FIRERPA has a built-in HTTP proxy server. You can use this HTTP network proxy to access external websites through the mobile device’s network connection.

For example, sometimes you may want to perform network testing or troubleshoot issues from the same network IP as your device. FIRERPA’s proxy feature allows you to use the device running FIRERPA as an HTTP proxy server—routing your traffic through the device’s own network interface. Alternatively, if you’re performing packet capture but don’t want traffic to exit from your local computer, you can configure this proxy service as an upstream proxy for tools like mitmproxy. This way, you can capture traffic while ensuring all communication still originates from the original device. You could even leverage the idle network connections of multiple devices as IP proxy services.

Using the Proxy¶

You can configure Firefox by going to Settings → Network Settings → Settings → Manual proxy configuration, then set the HTTP proxy to 192.168.0.2 on port 65000, and check “Use this proxy server for all protocols”, including HTTPS. After doing so, Firefox will share the same public outbound IP address as the device.

You can also quickly test the proxy using the following curl command:

curl -x http://192.168.0.2:65000 https://httpbin.org/ip

Similarly, you can use Python’s requests library:

requests.get("https://httpbin.org/ip", proxies={"http":"http://192.168.0.2:65000", "https": "http://192.168.0.2:65000"})

By default, this proxy requires no authentication. However, if you start FIRERPA with the --certificate option (i.e., using an encrypted certificate), the login username is lamda, and the password is the same as the remote desktop login token (note: not the custom remote desktop password, but the password contained within the encryption certificate file). You can also customize this password via the properties.local configuration file by setting tunnel2.password.

When using an encrypted certificate, use the proxy as follows:

curl -x http://lamda:your_certificate_password@192.168.0.2:65000 https://httpbin.org/ip

Likewise, in Python requests:

requests.get("https://httpbin.org/ip", proxies={"http":"http://lamda:your_certificate_password@192.168.0.2:65000", "https": "http://lamda:your_certificate_password@192.168.0.2:65000"})

Configuring the Proxy¶

You can customize the mobile proxy functionality by adding configurations to the properties.local file. For instance, you can enable password authentication or route traffic through the rmnet interface (4G/5G mobile network) instead of the default network interface.

tunnel2.login=lamda
tunnel2.password=your_new_password

The tunnel2.iface setting determines the outbound network interface used by the mobile proxy. It supports two values: wlan and rmnet.

When set to wlan, the system automatically detects available Wi-Fi interfaces and routes requests through one of them.
When set to rmnet, the device attempts to use mobile data (4G/5G, even if Wi-Fi is enabled) and routes requests through the cellular network interface.

If the specified interface (rmnet or wlan) has no active network connection, the proxy will fail to work. If this option is not configured, the system uses the default active network interface.

Example configuration:

tunnel2.iface=rmnet

Device Discovery

Distributed Deployment