Configure System Proxy (IP Switching)¶
In this section, you will learn how to set up an IP proxy for your current device. FIRERPA supports configuring HTTP and SOCKS5 proxies for your device. Once configured, all network traffic from your phone will be routed through the specified proxy. Currently, this feature does not support IPv6.
Connecting to a Proxy¶
This interface has several parameters. Suppose you obtained the following proxy from your provider: http://1.x.x.x:8080. You can route your device’s traffic through this proxy with just a few lines of code as shown below. Continue reading the “Complete Parameters” section below to learn about all available options.
profile = GproxyProfile()
profile.type = GproxyType.HTTP_CONNECT
profile.drop_udp = True
profile.host = "1.x.x.x"
profile.port = 8080
d.start_gproxy(profile)
Please note: After setting the proxy, applications already running will not immediately use the new proxy configuration, since they have already established their TCP connections prior to the proxy setup. Therefore, you must manually close and restart the target apps so that their new connections are established through the proxy.
Proxy Types¶
| Proxy Type | Description |
|---|---|
| GproxyType.HTTP_CONNECT | HTTP |
| GproxyType.HTTPS_CONNECT | HTTPS (HTTP+TLS) |
| GproxyType.SOCKS5 | Socks5 |
| GproxyType.SHADOWSOCKS | Shadowsocks |
| GproxyType.HTTP_RELAY | Deprecated |
Shadowsocks Encryption Options¶
The table below lists supported Shadowsocks encryption methods. Only the listed encryption types are supported; obfuscation parameters are not supported.
| Encryption Type | Name |
|---|---|
| AES | aes-128-cfb |
| AES | aes-192-cfb |
| AES | aes-256-cfb |
| AES | aes-128-ctr |
| AES | aes-192-ctr |
| AES | aes-256-ctr |
| CAMELLIA | camellia-128-cfb |
| CAMELLIA | camellia-192-cfb |
| CAMELLIA | camellia-256-cfb |
| DES | des-cfb |
| AES-AEAD | aes-128-gcm |
| AES-AEAD | aes-192-gcm |
| AES-AEAD | aes-256-gcm |
| AEAD | chacha20-ietf-poly1305 |
For Shadowsocks, configure the encryption method and password as follows:
profile.login = "chacha20-ietf-poly1305"
profile.password = "your_password"
Stopping the Proxy¶
You can stop the proxy set by FIRERPA on the system using the following simple command, which requires no additional parameters:
d.stop_gproxy()
Complete Parameters¶
Below is a full list of configurable parameters for the proxy interface. Use the descriptions to determine whether each parameter is needed for your use case.
Set the proxy type. For example, use GproxyType.SOCKS5 for a SOCKS5 proxy:
profile.type = GproxyType.HTTP_CONNECT
If you want to redirect DNS queries to 114 DNS, set this parameter. All DNS requests from the system will be forwarded to the specified server. In cases where OpenVPN is also in use, do not set this to OpenVPN’s internal DNS address, as it may result in complete loss of connectivity. If not configured, the system default DNS is used.
Attention
If the dns_proxy parameter is enabled for DNS query proxying, ensure your DNS server supports TCP queries. Most common DNS servers support TCP.
profile.nameserver = "114.114.114.114"
Configure the proxy server’s IP address and port:
profile.host = "proxy_server_address"
profile.port = proxy_server_port
If your proxy server requires authentication, provide credentials via these fields. This depends on your proxy provider. For Shadowsocks, the login field specifies the encryption method.
profile.login = "username"
profile.password = "password"
Enable this option to block all UDP traffic on the system. Why block UDP? Most public proxy services do not support UDP forwarding. However, some SOCKS5 servers (such as our self-hosted solutions) and Shadowsocks typically do support UDP. Disabling UDP traffic is often a safe choice. This option is disabled (False) by default.
profile.drop_udp = False
Set whether local network traffic should bypass the proxy. If set to True, traffic to subnets like 192.168.x or 10.x will not go through the proxy. Default is False. Note: This setting does not affect UDP traffic if udp_proxy is enabled.
profile.bypass_local_subnet = True
Enable this to proxy UDP traffic. Requires your proxy to meet certain conditions: only GproxyType.SOCKS5 or GproxyType.SHADOWSOCKS proxies are supported, and the proxy server must have UDP forwarding enabled. You can deploy a SOCKS5 server with UDP support or set up your own Shadowsocks server using our documentation. Default is False. This option is ignored when using HTTP proxies or when drop_udp is True.
profile.udp_proxy = False
Enable this to route all DNS traffic through the proxy, helping prevent DNS pollution. When enabled, you must also specify the nameserver parameter. Do not use this in packet capture scenarios, as capture tools may mishandle DNS packets, potentially causing apparent disconnections.
profile.dns_proxy = False
You can apply the proxy to only specific apps, leaving other apps unaffected. Use one of the three methods below to select the target app (choose only one):
# Choose one of the following three methods to specify the app.
app = d.application("com.android.browser")
app = d.get_application_by_name("Browser")
app = d.application("com.android.browser", user=999) # Multi-instance app
profile.application.set(app)
Auto-Apply Proxy on Startup¶
You can configure FIRERPA to automatically connect to a predefined proxy server upon startup, ensuring your phone’s traffic always goes through the proxy. Copy the configuration below, modify the values with your proxy details, save it into the properties.local file, then restart FIRERPA. Some unspecified fields correspond directly to those described in the “Complete Parameters” section.
gproxy.enable=true
gproxy.type=http-connect
gproxy.host=1.x.x.x
gproxy.port=8080
gproxy.password=
gproxy.login=
Deploying a Proxy Server¶
FIRERPA provides a ready-to-use Docker image for a SOCKS5 proxy server with UDP support in the tools directory. Refer to the “Deploying Proxy Server” section of this documentation to learn how to set up your own proxy server.