I have the proxy profile added with a working proxy(checked through curl). I have also setup the proxification rules using the individual applications as well as tried setting the default rule to connect via the proxy profile. But to no avail. When I look up my ip address i see my real IP not the proxy.
It was working fine earlier before i changed the Name Resolution settings to "resolve hostnames through proxy". But now even when i change the Name resolution settings to "Detect DNS settings automatically" my traffic is still going direct through my isp and not the proxy.
The connections list shows all the applications connecting through the proxy but still what is my ip and whoer.net show my real ip address.
Can somebody please guide me through this, i desperately need this to route through a proxy. I am particularly trying to use noxplayer to connect to a proxy.
Related
Is there any way to configure Windows to redirect all internet traffic through a SOCKS5 tunnel (unauthenticated) without any third party tools (i.e. Proxifier, Freecap, etc.) and without dealing with any UI (purely using command line) in such a way that DNS resolution would be also pushed through the tunnel (similar to what Proxifier does)?
DNS resolution cannot be done by changing the Lan Settings in the Internet Options
I have tried netsh winhttp set proxy and it didn't work (the IP address did not change to the one associated with the SOCKS tunnel)
I also tried using the route command, but it turned out that it does not support port configuration.
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
Since Mozilla and Google announced, that they intend to activate DNS over HTTPS in the default settings in the future and the IETF approved officially the draft (https://datatracker.ietf.org/wg/doh/about/), I tried to understand the impact on our corporate network. It is now possible for every application to bypass the internal DNS Server (assigned via DHCP) and directly connect to a public DNS service. There is no easy way for an administrator to prevent application and users doing this, since all traffic is routed through HTTPS.
In most corporations that I know, there is a split DNS setup in place, allowing internal (intranet) and external (internet) name and IP resolution for the same domain name (e.g. mail.mycorp.example) with different resolve values. It also allows to add additional, intranet only, services like wiki.intra.mycorp.example, that would not be resolvable/accessible from the internet. Same goes for infrastructure names like server01.eq.mycorp.example.
The problem I see is, that if the application itself is preferring DNS over HTTPS and is not correctly falling back to the system assigned DNS servers, internal only domains would not be accessible.
I made an experiment with Firefox 61.0.1 (64-Bit) on Windows 10. I have set:
network.trr.bootstrapAddress = 1.1.1.1
network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query
network.trr.mode = 2
network.trr.mode = 2 should prefer DNS over HTTPS, but fallback to system DNS if no value received, mode = 1, which I also tried, should make a race and use the first valid result that Firefox gets back.
Unfortunately, after activating DNS over HTTPS in Firefox, all internal only websites did no longer work. All requests end in a timeout and fail therefor.
What do I miss?
Is there a better way to handle internal only DNS entries in future setups?
The exact configuration you described works in my corporate network. It first tries DoH for internal sites, then falls back to local DNS and internal sites resolve and load correctly.
I am creating an android client app connected to a Java server using sockets. At the moment I am working both on my pc. How can I upload my Java server to an online server so I can set my app to friends and test it?
I used OpenShift but could figure our how and if I can use it for what I want.
Also I looked at Amazon ec2, but they need credit card information, something that I would prefer not sharing for this.
Is there any way I can do this for free?
Thanks
Make sure you have a computer able to connect to the internet, and that can run 24/7. Then run your server on that computer, assume you run it on port 8080. Make sure that your host computer's IP address is it to static, otherwise DHCP will give it a different IP every time it connects to the router.
To allow your friends to connect, unless if they're on the same LAN as your host, you will need to port forward port 80 -> ComputerIP:8080 on your router. Once that's done, you will need to retrieve your router's global IPv4 address from it's configuration page and then send that to your friends.
If they're on the same LAN as your host, then you can just give them the IP address of your host computer.
If you port forwarded your server and you would like to get a host name, like stackoverflow.com, you're going to need to buy that from whoever owns the host name you would like to use. I don't know many details about how to update the DNS servers though.
If your server is local and you would like a host name, then just go onto your router configurations page and tell it to automatically assign each computer the default gateway as the primary DNS and then add a mapping in the router's DNS settings to map the host name to your computer's local IPv4 address. Note that not all routers support this feature.
Edit: You'll also need a good bandwidth to support multiple simultaneous connections.
For example, I have a development site on a different server but I'm trying to copy content over from the live site so it'd be handy to have the live site in IE and the dev site in FF.
I tried FoxyProxy but I can't seem to get it to work.
I use this to override system's DNS with localserver
in about:config
change this value:
network.dns.forceResolve
network.dns.ipv4OnlyDomains
network.dns.localDomains
with IP address of local DNS server (for exsample 192.168.1.88)
Sorry for my english
It's now possible, with the DNS over HTTPS function:
Open Options, General, scroll to very bottom and open Network Settings,
On the very bottom, you can find DNS over HTTPS:
You had to use about:config before to change this setting, here's for documentation:
Type about:config in firefox address bar.
search for:
network.trr.uri
You can use one of the DNS servers below:
Cloudflare: https://cloudflare-dns.com/dns-query
Google: https://dns.google/dns-query
Secure DNS EU: https://doh.securedns.eu/dns-query
Quad 9: https://dns.quad9.net/dns-query
And set network.trr.mode to 1
Hijacked from here:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
It appears from your question that you already have a second set of DNS servers available that reference the development site instead of the live site.
I would suggest that you simply run a standard SOCKS proxy either on that DNS server system or on a low-end spare system and have that system configured to use the development DNS server. You can then tell Firefox to use that proxy instead of downloading pages directly.
Doing it this way, the actual DNS lookups will be done on the proxy machine and not on the machine that's running the web browser.
DNS resolving is usually done at the system level and not at the application level, so you can't normally have one program use one dns and another program use a different dns. I'm not aware of any firefox extensions that allow you to use a different dns.
What about having different names for your dev and prod servers? That should avoid any confusions and you'd not have to edit the hosts file every time.
I am using the SwitchHost extension exactly for this problem:
https://addons.mozilla.org/en-US/firefox/addon/14258
It is easy to configure, and even more easy to switch hosts.
I wonder if you could write a custom rule for Fiddler to do what you want? IE uses no proxy, Firefox points to Fiddler, Fiddler uses custom rule to direct requests to the dev server...
http://www.fiddlertool.com/fiddler/
Since http proxy protocol is similar to raw http protocol, you can redirect desired traffic to your development server by telling firefox it's a proxy server.
two limitations:
A. this won't let you use https connections.
B. some frameworks (e,g: wordpress) don't like this method and redirect the request the wrong way
just copy the following code into a .pac file (enter your site domain and IP address, of course), and switch development/production just by changing proxy configuration.
function FindProxyForURL(url, host) {
var prox4site = {
"mysite.com":"PROXY 10.0.1.100:80",
"www.mysite.com":"PROXY 10.0.1.100:80"
}
return prox4site[host] || "DIRECT";
}
Go to options->Advanced->Network->Settings->Automatic proxy configuration url and enter 8.8.8.8 All you Mozilla traffic uses Google dns now.