Redirect Domain and IP

[gitusercodes]

It would be very helpful, if RethinkDNS would get a Firewall option to redirect a domain and IP address.

Every Android makes SUPL requests to Google.
SUPL is a form of A-GNSS and uses data on nearby cell towers to speed up obtaining a satellite location lock.
Unfortunately, in the SUPL request is among other things the IMSI number and
other privacy related data that Google receives. For privacy evil.
Detailed information (Use Translator)
https://www.kuketz-blog.de/calyxos-de-googled-geht-anders-custom-roms-teil2/
Similar is the captive portal request for checking the internet connectivity.

Without root is it impossible to stop sending these requests to Google.
However, there are several privacy-friendly solutions instead of Google available and with
a RethinkDNS redirection rule, it would be possible for any user without root to use this.
Example. Redirect the SUPL request from supl.google.com to supl.grapheneos.org

Description

https://grapheneos.social/@GrapheneOS/109960680764836371
6th/7th generation Pixels SUPL is implemented by Broadcom gpsd in userspace
and it can use any available network and gets routed through an active VPN

Any chance for a RethinkDNS redirect?
https://adaway.org/ can redirect domains

[ignoramous]

Interesting, thanks. Can a userspace VPN redirect telephony requests such as SUPL? I doubt it... Rethink currently doesn't have a root mode.

[dominiwe]

@ignoramous On GrapheneOS I can see the GPS app making SUPL requests in the firewall logs (in rethink). I can block or allow those requests there. It might be specific to that os due to sandboxing and other differences. However, GrapheneOS already allows setting the endpoint for such requests.

Having that said, this feature would be a very welcome addition either way as it would allow users to achieve something along the lines of what this browser extension provides.

For example, one could:

• Redirect Twitter to Nitter
• Redirect Reddit to Libreddit
• Redirect Youtube to Invidious

and so on...

There are alternatives to do this on android such as UntrackMe (F-Droid) but handling it in a transparent way would be way better and afaik no other vpn/blockers have such a feature currently.

[ignoramous]

Thanks for confirming SUPL is routed just fine.

For example, one could:

Redirect Twitter to Nitter
Redirect Reddit to Libreddit
Redirect Youtube to Invidious

Unfortunately, without MiTMing TLS, this isn't possible, but definitely do-able. MiTM TLS isn't priority right now, as we're looking to deliver #52 and other UI related changes (including making the app work on Android TVs)

[dominiwe]

Thank you for the quick reply!
I would be interested in contributing and start working on this. A starting point would be PCAPdroid-mitm, for which they basically bundle mitmproxy.
I actually recently wrote a small reverse proxy in go that can do TLS inspection and route connections based on the SNI, so this is kind of up my alley and an interesting thing to work on.

Are there any contributing guidelines? Or would the best starting point just be to fork this repository and try to build the app?
Looking forward to #52 also. Amazing progress!

[ignoramous]

I'd not want to introduce python in the codebase. Probably stick with golang-only solutions. AdGuard, for instance, has open sourced their TLS MiTM stack written in golang: https://github.com/AdguardTeam/gomitmproxy (can't use it with https://github.com/celzero/firestack because of incompatible license, but gives us a nice reference to learn from).

We can hop on a call if you're interested. Email me: mz at celzero dot com. No pressure (: