Set System Proxy (IP Switching)¶
In this chapter, you will learn how to set up an IP proxy for the current mobile phone. FIRERPA supports setting up HTTP and SOCKS5 proxies for your phone, which will route all of its communication traffic through the configured proxy. This feature does not currently support IPv6.
Connecting to a Proxy¶
This interface has many parameters. Assuming the proxy you obtained from your service provider is http://1.x.x.x:8080, you only need a few lines of code to route the device's traffic through this proxy. You can continue to the Full Parameters section below to learn about all available parameters.
profile = GproxyProfile()
profile.type = GproxyType.HTTP_CONNECT
profile.drop_udp = True
profile.host = "1.x.x.x"
profile.port = 8080
d.start_gproxy(profile)
It is important to note that after setting up the proxy, currently running applications will not immediately use it. This is because these applications have already established their TCP connections before the proxy was set. Therefore, you need to manually close and reopen the target application for it to establish a connection through the proxy.
Proxy Types¶
| Proxy Type | Description |
|---|---|
| GproxyType.HTTP_CONNECT | HTTP |
| GproxyType.HTTPS_CONNECT | HTTPS (HTTP+TLS) |
| GproxyType.SOCKS5 | Socks5 |
| GproxyType.SHADOWSOCKS | Shadowsocks |
| GproxyType.HTTP_RELAY | Deprecated |
Shadowsocks Encryption Parameters¶
The following list shows the supported Shadowsocks encryption types. Only the encryption methods listed are supported; obfuscation parameters are not.
| Encryption Type | Name |
|---|---|
| AES | aes-128-cfb |
| AES | aes-192-cfb |
| AES | aes-256-cfb |
| AES | aes-128-ctr |
| AES | aes-192-ctr |
| AES | aes-256-ctr |
| CAMELLIA | camellia-128-cfb |
| CAMELLIA | camellia-192-cfb |
| CAMELLIA | camellia-256-cfb |
| DES | des-cfb |
| AES-AEAD | aes-128-gcm |
| AES-AEAD | aes-192-gcm |
| AES-AEAD | aes-256-gcm |
| AEAD | chacha20-ietf-poly1305 |
For Shadowsocks, use the following method to set the encryption method and password.
profile.login = "chacha20-ietf-poly1305"
profile.password = "your_password"
Disconnecting the Proxy¶
You can use the following to disconnect the proxy set by FIRERPA on the system. This interface is very simple and does not require any additional parameters.
d.stop_gproxy()
Full Parameters¶
Below is the complete parameter configuration information for the proxy interface. You can decide whether to use each parameter based on its description.
You can configure the type of proxy service with the following parameter. For a SOCKS5 proxy, it would be GproxyType.SOCKS5.
profile.type = GproxyType.HTTP_CONNECT
If you need to redirect DNS queries, this parameter will cause all DNS queries from the system to be forwarded to this address. If coexisting with OpenVPN, do not set this to OpenVPN's internal network DNS, as it may cause a complete network disconnection. When this configuration is not used, the system's default DNS is used.
Attention
profile.nameserver = "114.114.114.114"
Configuration for the proxy server's IP address and its port number.
profile.host = proxy_server_address
profile.port = proxy_server_port
If your proxy server requires login authentication, you can provide it using the following parameters. This depends on your proxy provider. For the Shadowsocks type, login is the encryption method.
profile.login = "proxy_server_login_username"
profile.password = "proxy_server_login_password"
Used to block UDP traffic in the system. Why block UDP traffic? Because most public proxy services today do not support proxying UDP traffic from the system. Of course, some SOCKS5 servers do support UDP proxying, such as our self-hosted solution, and Shadowsocks also typically supports UDP. Therefore, disabling system UDP traffic is a good option. This option is disabled by default.
profile.drop_udp = False
Used to configure whether to bypass the local network. If set to True, traffic to router subnets like 192.168.x.x and 10.x.x.x will not go through the proxy. It defaults to False. Note that if udp_proxy is enabled, this option has no effect on UDP traffic.
profile.bypass_local_subnet = True
Used to configure whether to proxy UDP traffic. Your proxy must meet some prerequisites: it must be a GproxyType.SOCKS5 or GproxyType.SHADOWSOCKS proxy, and your proxy server must have UDP proxy support enabled. You can install a SOCKS5 UDP-supported proxy server or build your own SS server using the documentation we provide. It defaults to False. This option will be ignored if you are using an HTTP proxy or if the drop_udp option is True.
profile.udp_proxy = False
Used to set whether you need to forward all DNS traffic through the proxy. When this option is enabled, all DNS traffic on the device will be sent through the proxy, which can prevent DNS pollution. When using this option, you must also specify the nameserver parameter. It should not be used in packet capturing scenarios, as packet capturing software may not handle DNS packets correctly, leading to a pseudo network disconnection.
profile.dns_proxy = False
You can use the following configuration to set a proxy for only a specific application in the system. Traffic from other applications will not go through the proxy.
# Please choose one of the following three ways to select the target application.
app = d.application("com.android.browser")
app = d.get_application_by_name("Browser")
app = d.application("com.android.browser", user=999) # Cloned application
profile.application.set(app)
Auto-applying the Proxy¶
You can make FIRERPA automatically connect to a preset proxy server on startup, ensuring that your phone's traffic always goes through the proxy. Copy the following configuration, modify it with your proxy information, write it to the properties.local file, and then restart FIRERPA. Some fields not described here have the same names as those described in the Full Parameters section.
gproxy.enable=true
gproxy.type=http-connect
gproxy.host=1.x.x.x
gproxy.port=8080
gproxy.password=
gproxy.login=
Setting up a Proxy Server¶
FIRERPA provides an out-of-the-box SOCKS5 proxy service Docker container in the tools directory that also supports UDP. You can learn how to deploy your own proxy server in the relevant sections of this documentation on deploying a proxy service.