Feature Discussion - Local Reverse Proxy & Redirection

[PeratX]

GFW now can reset TLS connections by detecting the Server Name Indication part in TLS Client Hello packet.
The way to bypass the restriction is to remove the SNI part in Client Hello packet.
However, Android does not support HTTP proxy directly.
So, set up a local reverse proxy seems a good choice (we can use a fake address and redirect requests in VPNService).
Both of the methods requires a self-signed certificate.

Solutions

1. nginx - Cross Compile for armeabi-v7a/aarch64 - Need to generate Configuration dynamically
2. undertow - Only support Android N+, or modifications required (maybe XNIO)

Notes

1. Apps need to be modified to trust user certs >= Android N
2. Two methods has been tested and work excellently on my Samsung Galaxy S6 Egde+

Express your idea below :)

[dzx-dzx]

URenko/Accesser#47 (comment) 这个软件会有类似的问题吗？

[PeratX]

原理一样，问题一样