Project *Core Apps » Bazaar » ChatSecure:Android » KeySync » Orbot » Orfox Private Browser » Orweb » Secure ReaderCacheWordIOCipherNetCipherPanicTrusted Intents » CheckeyLibreoSpideyStoryMakerâ„¢SecureSmartCam » CameraV (InformaCam Project) » ObscuraCam
Tracker *Bug Feature Task
Subject *
Description 1. Run a process on the phone that binds a SOCKS5 proxy to 127.0.0.1:9050 on your android client. (I just cross-compiled https://github.com/physacco/socks5 since it was quick, but any Android app with internet permissions can do this, hence the security issue). 2. Start Orfox and go to check.torproject.org 3. Orbot will be auto-started, fail to bind on 9050, and bind to an alternative port. It will then return back a successful start indicator to Orfox. 4. Since Orfox doesn't know that Orbot had to change ports, it'll send the request to my malicious SOCKS proxy and I'll pass it through in the clear. 5. You see "Sorry. You are not using Tor."
Status *New
Priority *Low Normal High Urgent Immediate
Assignee << me >>amoghbl1hansn8fr8Anonymous
Target version Orfox Alpha Orfox Alpha 2 Orfox Beta 1 Orfox GSoC 2016 Orfox RC Backlog
Start date
Due date
Estimated time Hours
% Done0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 %
Component
Files (Maximum size: 195 MB)