Saturday, May 27, 2023

BYOPPP - Build Your Own Privacy Protection Proxy

I have read a blog post, where you can build your own privacy proxy server built on Raspberry PI. The post got me thinking about how I can use this to protect my privacy on my Android phone, and also get rid of those annoying ads. 

Since I own a Samsung Galaxy S3 LTE with Android 4.3 (with a HW based Knox counter), rooting the phone now means you break Knox, and loose warranty. Past the point of no return ...

This means I have to solve this without root. Luckily newer Androids support VPN without rooting, but setting a mandatory system-wide proxy is still not possible without root. 
But thanks to some iptables magic and Privoxy, this is not a problem anymore :) 

The ingredients to build your own privacy protection proxy:
  • One (or more) cheap VPS server(s)
  • a decent VPN program
  • Privoxy
  • iptables

VPS server

To get the cheap VPS server, I recommend using Amazon EC2, but choose whatever you like. The micro instance is very cheap (or even free), and has totally enough resources for this task. I'm using the Ubuntu free tier now and it works like a charm. And last but not least Amazon has two-factor authentication! You can set up an Ubuntu server under 10 minutes. Use the AWS region nearest to you, e.g. I choose EU - Ireland.



VPN

For the VPN program, I recommend the free version of the OpenVPN AS (EDIT: be sure to use OpenVPN AS 2.0.6 or later, both on the server and the client). Easy to set-up quick start guide is here, GUI based configuration, and one-click client installer for Android, iOS, Windows, Linux, OSX. The Ubuntu installer packages are here.




The most important settings:

  • I prefer to use the TCP 443 and UDP 53 ports for my OpenVPN setup, and let the user guess why. 
  • For good performance, UDP is preferred over TCP. 
  • VPN mode is Layer 3 (routing/NAT).
  • Don't forget to allow the configured VPN ports in the AWS firewall (security groups). 


Other VPN settings:
  • Should VPN clients have access to private subnets (non-public networks on the server side)? - Yes
  • Should client Internet traffic be routed through the VPN? - Yes

Privoxy

The next component we have to install and configure is Privoxy. As usual, "apt-get install privoxy" just works. The next step is to configure privoxy via /etc/privoxy/config file, there are two options to change:
  • listen-address your.ip.add.ress:8118
  • accept-intercepted-requests 1
Beware not to allow everyone accessing your Privoxy server in the AWS EC2 security groups, be sure it is reachable only to VPN users!

After everything is set, start privoxy with "service privoxy start", and add it to the autostart "update-rc.d privoxy defaults".

Iptables

And the final step is to configure your iptables chain to forward every web traffic from the VPN clients to the Privoxy server:

iptables -t nat -A PREROUTING -s 5.5.0.0/16 -p tcp -m multiport --dports 80,8080,81 -j DNAT --to-destination your.ip.add.ress:8118

Optionally you can block access to all other ports as well, and what does not go through your Privoxy won't be reachable.
Based on your Linux distribution and preference, you might make this rule persistent.

Final test

Now you can connect to the VPN server from your Android device.
After logging in from a client, you get the following nice packages to install on your device:


After connecting, the final results can be seen in the following screenshots. And yes, there is a reason I chose Angry Birds as an example.

Angry Birds without Privoxy
Angry Birds with Privoxy
Stupid flashlight app with ad
Stupid flashlight app with Privoxy
Spoiler alert
If you are afraid of NSA tracking you, this post is not for you. If you want to achieve IP layer anonymity, this post is not for you. As long as you are the only one using that service, it should be trivial to see what could possibly go wrong with that.

Known issues
Whenever the Internet connection (Wifi, 3G) drops, the VPN connection drops as well, and your privacy is gone ...
Sites breaking your privacy through SSL can still do that as long as the domain is not in the Privoxy blacklist.

Additional recommendation
If you are using OSX or Windows, I can recommend Aviator to be used as your default browser. It is just great, give it a try!

PS: There are also some adblock apps removed from the official store which can block some ads, but you have to configure a proxy for every WiFi connection you use, and it is not working over 3G.



More information


  1. Tools For Hacker
  2. Hacking Tools For Beginners
  3. Pentest Tools Open Source
  4. Hak5 Tools
  5. Hacker Tools Apk Download
  6. Hacker Tools Hardware
  7. Pentest Tools
  8. Pentest Tools Subdomain
  9. Usb Pentest Tools
  10. Hacker Tools Mac
  11. Hacking Tools For Windows 7
  12. Hacking Tools Pc
  13. Hacking Tools For Games
  14. Hacker Tools Free
  15. Hacker Techniques Tools And Incident Handling
  16. Pentest Box Tools Download
  17. Pentest Tools Bluekeep
  18. Hacker Tools Hardware
  19. Hacker Tools Github
  20. Hacking Tools For Windows
  21. Hacking Tools For Windows 7
  22. Tools For Hacker
  23. Hacking Tools
  24. Hacking Tools For Windows 7
  25. Hack And Tools
  26. Hacker Tools Mac
  27. What Is Hacking Tools
  28. Hacking Tools Github
  29. Hacks And Tools
  30. Best Hacking Tools 2019
  31. Best Hacking Tools 2019
  32. Hacking Tools Online
  33. Hack Tools 2019
  34. Hack Tools For Windows
  35. Hacks And Tools
  36. Hack Tools 2019
  37. Pentest Tools For Mac
  38. Hack Tools For Ubuntu
  39. Usb Pentest Tools
  40. Top Pentest Tools
  41. Hacker Hardware Tools
  42. Hack Tools
  43. Android Hack Tools Github
  44. Hacker Tools Free
  45. Pentest Tools Online
  46. Hacker Tools
  47. Hacking Tools For Beginners
  48. What Is Hacking Tools
  49. Nsa Hack Tools
  50. Hack Website Online Tool
  51. Nsa Hack Tools
  52. Hack Tools Download
  53. Pentest Tools For Android
  54. Pentest Tools Bluekeep
  55. Hack Tools
  56. Hack Tools For Pc
  57. Hack Tools For Pc
  58. Pentest Tools For Android
  59. Ethical Hacker Tools
  60. Hacking Tools Online
  61. Pentest Tools
  62. Hacker Techniques Tools And Incident Handling
  63. Hack Tools For Windows
  64. Install Pentest Tools Ubuntu
  65. Hacker Security Tools
  66. Hacker Tools Free
  67. Pentest Tools Download
  68. Hacking Tools For Mac
  69. Free Pentest Tools For Windows
  70. Free Pentest Tools For Windows
  71. New Hack Tools
  72. World No 1 Hacker Software
  73. Bluetooth Hacking Tools Kali
  74. Hacker Tools For Ios
  75. Hack Tools For Games
  76. Hacker Tools For Windows
  77. Hacker Tools Linux
  78. Hacker Tools 2019
  79. Hack And Tools
  80. Pentest Tools Port Scanner
  81. Hacker Hardware Tools
  82. Pentest Reporting Tools
  83. Pentest Tools Windows
  84. Hacker Tools Free Download
  85. Hack Tools For Games
  86. Hacker Tools 2019
  87. Pentest Tools Download
  88. Hacker Tools For Pc
  89. Pentest Tools List
  90. Hackers Toolbox
  91. Hak5 Tools
  92. How To Make Hacking Tools
  93. Hacking Tools Github
  94. Hacker Techniques Tools And Incident Handling
  95. Hack Tools Mac
  96. Hacking Tools Github
  97. Pentest Tools Find Subdomains
  98. Hack Tools Mac
  99. Hacking Tools Github
  100. Hacker Tool Kit
  101. Hack Tools
  102. Pentest Tools Windows
  103. Usb Pentest Tools
  104. Pentest Tools Download
  105. Hacker Tools 2020
  106. Bluetooth Hacking Tools Kali
  107. Tools Used For Hacking
  108. Beginner Hacker Tools
  109. Hack Tools For Games
  110. Hack Tools
  111. World No 1 Hacker Software
  112. Pentest Tools Website Vulnerability
  113. Pentest Tools For Mac
  114. Pentest Tools Tcp Port Scanner
  115. Hacker Tools Online
  116. Pentest Tools For Ubuntu
  117. Hacker Search Tools
  118. Easy Hack Tools
  119. Best Hacking Tools 2020
  120. Pentest Tools Apk
  121. Tools For Hacker
  122. Hack Tools Mac
  123. Pentest Tools Url Fuzzer
  124. Easy Hack Tools
  125. Hacking Tools Usb
  126. Hack Tools For Windows
  127. Pentest Tools List
  128. Hacking Tools Kit
  129. Hacker Search Tools
  130. Pentest Tools For Mac
  131. Pentest Tools Alternative
  132. Hacking Tools For Windows 7
  133. Hacking Tools 2020
  134. Wifi Hacker Tools For Windows
  135. Computer Hacker
  136. Beginner Hacker Tools
  137. Hacks And Tools
  138. Pentest Tools Review
  139. Android Hack Tools Github
  140. Pentest Tools List
  141. Hacker Tools
  142. Pentest Tools Github
  143. Tools For Hacker
  144. Hacker Techniques Tools And Incident Handling
  145. Hacking Tools
  146. How To Make Hacking Tools
  147. Hack Tools
  148. Best Hacking Tools 2019
  149. Hacker Tools For Ios
  150. Hacking Tools 2019
  151. Hacking Tools Hardware
  152. Hacker Tools Mac
  153. Hacker Tools
  154. Hacker Tools Online
  155. Blackhat Hacker Tools
  156. Hack Tools
  157. Pentest Tools Review
  158. Wifi Hacker Tools For Windows
  159. Hacking Tools Windows
  160. Hacking Tools Usb
  161. Hacks And Tools
  162. Hacking Tools Download
  163. Nsa Hack Tools
  164. Hacker Tools Software
  165. Hacker Tools Apk Download
  166. Pentest Tools Website Vulnerability
  167. Pentest Tools Url Fuzzer
  168. Pentest Tools Apk
  169. Hacking Tools Download
  170. Hacking Tools Windows 10
  171. Pentest Tools Website Vulnerability
  172. Hacker
  173. New Hacker Tools
  174. Pentest Tools Download
  175. Blackhat Hacker Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)