proxy

[ROCKET1-1]

Hi!
is it possible to use a proxy for the application or container to work?
if there is how to do it?

[ayasa520]

use adb.

adb shell settings put global http_proxy "192.168.240.1:7890"  

[ROCKET1-1]

Thanks you!!!

[selurvedu]

FYI, to add a system CA certificate to allow TLS/SSL traffic inspection:

1. Find out the hash of the certificate subject name using the older algorithm as used by OpenSSL before version 1.0.0:

$ openssl x509 -subject_hash_old -in my-ca-cert.pem | head -1
13acab12

2. Create the /system/etc/security/cacerts/ directory on the overlay FS:

$ sudo mkdir -p /var/lib/waydroid/overlay/system/etc/security/cacerts/

3. Copy the certificate, renaming it to the hash from step 1, with .0 appended, and set the proper permissions for it:

$ sudo cp my-ca-cert.pem /var/lib/waydroid/overlay/system/etc/security/cacerts/13acab12.0
$ sudo chmod 644 /var/lib/waydroid/overlay/system/etc/security/cacerts/13acab12.0

You may need to restart Waydroid afterwads if the change did not apply immediately.

This works quite well with some applications I tried, including web browsers, and with HTTPS proxies such as mitmproxy, Burp, Fiddler, Charles, etc.

At first, I installed it as a user certificate, as described here, but it wasn't enough – it only worked in a browser, but not in other apps.

[selurvedu]

To unset the proxy, use this:

$ adb shell settings delete global http_proxy
$ adb shell settings delete global global_http_proxy_host
$ adb shell settings delete global global_http_proxy_port

This requires rebooting the device or, in case of Waydroid, restarting the session.

To unset the proxy without restarting Waydroid, use:

$ adb shell settings put global http_proxy :0

[houdinihacker]

Thanks @selurvedu, your comments were very helpful

In addition, don't forget to call: sudo chmod 644 /var/lib/waydroid/overlay/system/etc/security/cacerts/<cert_hash.0> to give it -rw-r--r-- and restart waydroid session.

[selurvedu]

@houdinihacker thanks for the tip, I added that to my comment.

[baptx]

@selurvedu Thanks, I was doing it wrong previously by using sudo waydroid shell and got the error "Read-only file system" when trying to copy the file directly in /system/etc/security/cacerts/.
For information, I did not have the folders system/etc/security/cacerts/ in /var/lib/waydroid/overlay/ so the easiest way to create all necessary folders is with this command:
sudo mkdir -p /var/lib/waydroid/overlay/system/etc/security/cacerts

Note: you also need to restart Waydroid after adding a new certificate.

[selurvedu]

@baptx the command I wrote in my comment should cover it too:

$ sudo mkdir /var/lib/waydroid/overlay/system/etc/security/ /var/lib/waydroid/overlay/system/etc/security/cacerts/

This will fail if /var/lib/waydroid/overlay/system/etc/ does not exist yet.

mkdir -p, on the other hand, will always create the directory structure, even if /var/lib/waydroid/overlay/system/etc/ or any parent directory (/var/lib/waydroid/overlay/system/, or /var/lib/waydroid/overlay/, or /var/lib/waydroid/) do not exist. That's why I used that command instead of mkdir -p, it should fail if the parent directories don't exist for whatever reason. It is to avoid creating the directory structure in a wrong place.

[baptx]

@selurvedu it did not cover it in my case because I meant all these directories did not exist in /var/lib/waydroid/overlay/: system/ which includes etc / security / cacerts.
The command sudo mkdir -p /var/lib/waydroid/overlay/system/etc/security/cacerts will not create the directory structure in a wrong place (it also avoids duplicating paths in the command).

[selurvedu]

@baptx Interesting. There were other files and directories under system/etc/ on my installation, but I suppose they may not exist until some program is executed, or if a user wants to install the certificate before running Waydroid for the first time. I updated the comment accordingly.