Setting a Proxy

In this section you will learn how to set up an IP proxy for the current phone. FIRERPA supports setting HTTP/s, SOCKS5, SHADOWSOCKS, and other proxies for the current phone, allowing device traffic to be routed through the specified proxy. It supports proxying IPv6 traffic, and when multiple network interfaces are available, you can specify the outbound interface.

Connecting to a Proxy

This interface has many parameters. Assuming you obtained a proxy from a provider like http://1.x.x.x:8080, just a few lines of code below will route device traffic through this proxy. You can continue to view the Complete Parameters section below to learn about the parameters you can use.

profile = GproxyProfile()
profile.type = GproxyType.HTTP_CONNECT

profile.drop_udp = True
profile.host = "1.x.x.x"
profile.port = 8080

d.start_gproxy(profile)

Proxy Type (type)

Proxy TypeDescription
GproxyType.HTTP_CONNECTHTTP
GproxyType.HTTPS_CONNECTHTTPS (HTTP+TLS)
GproxyType.SOCKS5SOCKS5
GproxyType.SHADOWSOCKSShadowsocks
GproxyType.HTTP_RELAYDeprecated

Shadowsocks Encryption Parameters

The following list contains the supported Shadowsocks encryption types. Only the types in the list are supported; obfuscation parameters are not supported.

Encryption TypeName
AESaes-128-cfb
AESaes-192-cfb
AESaes-256-cfb
AESaes-128-ctr
AESaes-192-ctr
AESaes-256-ctr
CAMELLIAcamellia-128-cfb
CAMELLIAcamellia-192-cfb
CAMELLIAcamellia-256-cfb
DESdes-cfb
AES-AEADaes-128-gcm
AES-AEADaes-192-gcm
AES-AEADaes-256-gcm
AEADchacha20-ietf-poly1305

For Shadowsocks, use the following method to set the encryption method and password.

profile.login = "chacha20-ietf-poly1305"
profile.password = "password"

Disabling the Proxy

You can disable the proxy set by FIRERPA on the system using the following method. This interface is very simple and does not require any additional parameters.

d.stop_gproxy()

Complete Parameters

Below is the complete parameter configuration for the proxy interface. You can decide whether to use each parameter based on its description.

You can configure the proxy service type using the following parameter. For a SOCKS5 proxy, it would be GproxyType.SOCKS5.

profile.type = GproxyType.HTTP_CONNECT

If you need to redirect DNS queries to 114, this parameter will forward all DNS queries from the system to this address. If you use it together with OpenVPN, do not set it to OpenVPN's internal DNS, otherwise it may cause a complete network disconnection. When this configuration is not used, the system default DNS is used.

Attention

If you set the dns_proxy parameter to proxy DNS queries, the DNS server you use must support TCP queries. Typically, commonly used DNS servers support TCP queries.

profile.nameserver = "114.114.114.114"

Configuration of the proxy server IP and port number.

profile.host = "proxy_server_address"
profile.port = proxy_server_port

If your proxy server requires login authentication, you can provide it through the following parameters. This depends on your proxy provider. For Shadowsocks type, login is the encryption method.

profile.login = "proxy_server_login_username"
profile.password = "proxy_server_login_password"

Used to block UDP traffic in the system. Why block UDP traffic? Because most public proxy services today do not support proxying UDP traffic within the system. Of course, some SOCKS5 servers support proxying UDP, such as the self-built solution we provide; Shadowsocks usually also supports UDP. Therefore, disabling system UDP traffic is a good choice. This option is off by default.

profile.drop_udp = False

Used to configure whether to bypass the local network. If set to True, traffic to router network segments such as 192.168.x.x, 10.x.x.x will not go through the proxy. The default is False. Note that if udp_proxy is enabled, this option has no effect on UDP traffic.

profile.bypass_local_subnet = True

Used to configure whether to proxy UDP traffic. This requires that your proxy meets certain prerequisites: your proxy must be of type GproxyType.SOCKS5 or GproxyType.SHADOWSOCKS, and your proxy server must have UDP proxy support enabled. You can refer to our documentation to set up a SOCKS5 UDP proxy server or build your own Shadowsocks server. The default is False. If you are using an HTTP proxy or the drop_udp option is True, this option will be ignored.

profile.udp_proxy = False

Used to set whether to forward all DNS traffic through the proxy. When enabled, all DNS traffic on the device will go through the proxy, which can prevent DNS contamination. When using this option, you need to specify the nameserver parameter at the same time. Do not use this in packet capture scenarios, otherwise the capture software may not correctly handle DNS packets, causing a fake network outage.

profile.dns_proxy = False

Set the network interface for outbound proxy traffic on the device. For example, if your device has a SIM card network (rmment_datax), WIFI network (wlan0), and a USB tethering network (eth0), since different networks have different priorities, the system may default to the SIM card network. If you want the proxy traffic to go out through the USB tethering, you can use this parameter to specify the outbound interface.

profile.interface = "eth0"

You can use the following configuration to set a proxy for only a specific application in the system; traffic from other applications will not go through the proxy.

# The following three methods to select the target application; choose one.
app = d.application("com.android.browser")
app = d.get_application_by_name("Browser")
app = d.application("com.android.browser", user=999) # Multi-user application

profile.application.set(app)

Automatic Proxy Application

You can have FIRERPA automatically connect to a preset proxy server on startup, ensuring that your phone's traffic always goes through the proxy. Add the following configuration (modify it to your proxy information; configuration method see Service Configuration). Some fields not described here use the same names as described in Complete Parameters.

gproxy.enable=true              ; Whether to enable the service true | false
gproxy.type=http-connect        ; The proxy type can be either http-connect, https-connect, socks5, shadowsocks
gproxy.host=172.1.1.1           ; Proxy server address
gproxy.port=8080                ; Proxy server port
gproxy.password=                ; Proxy server login password (leave empty for no authentication)
gproxy.login=                   ; Proxy server login username (leave empty for no authentication, crypto method if type is shadowsocks)
gproxy.nameserver=              ; Custom DNS server
gproxy.drop_udp=false           ; Whether to discard UDP packets.
gproxy.udp_proxy=false          ; Whether to proxy UDP packets (requires proxy support, such as socks5, shadowsocks).
gproxy.bypass_local_subnet=true ; Do not proxy local area network traffic.
gproxy.dns_proxy=false          ; Make DNS queries go through the proxy (requires a DNS server that supports UDP and TCP).
gproxy.uid=                     ; Only proxy for specified UIDs. (default global)

Building a Proxy Service

FIRERPA provides an out-of-the-box SOCKS5 proxy service Docker that supports UDP in the tools directory. You can learn how to deploy your own proxy server in the related section Deploy Socks5 Proxy of this documentation.