[sword-devel] Access of SWORD repos through proxy?

Jaak Ristioja jaak at ristioja.ee
Sat Aug 31 11:29:58 EDT 2024 

Hi,

I'm assuming your SOCKS5 traffic flows through a sufficiently encrypted 
network tunnel.

For Linux, there are programs which allow to run other programs and 
direct their network traffic to some SOCKS5 proxy, e.g. proxychains-ng:

   https://github.com/rofl0r/proxychains-ng/

On Debian, Ubuntu and their derivates one can likely install it by using

   sudo apt-get install proxychains4

Proxychains-ng needs to be configured via /etc/proxychains.conf, 
~/.proxychains/proxychains.conf or proxychains.conf in the current 
working directory unless the -f command line option is used to specify a 
different location. After configuration, one should be able to run 
programs via commands like

   proxychains4 your_program --with=any arguments

However, the problem with such tools is that they might not always work 
as intended. For example when network traffic flows via paths which 
tools like proxychains-ng do not know to intercept. Fpr example, this is 
sometimes the case for DNS traffic (hostname to IP address lookups) 
which is sometimes handled via external programs (e.g. DNS cache service 
on local machine). So be sure to always thorougly test (e.g. using 
network traffic analysis) whether this actually works properly before 
actual use, and that nothing leaks. And test again after ANY software 
updates or configuration changes. So be VERY VERY CAREFUL when using 
things like proxychains-ng.

A safer option might be to use something like Tails, a Debian Linux 
based operating system which forces all programs to network over a local 
SOCKS proxy providing Tor. It might be possible to configure Tails to 
use some other SOCKS5 proxy as well.

Regarding Tor, please note that in its simplest configuration Tor 
attempts to connect to public Tor relays, making it possible for 
eavesdroppers to detect Tor usage. A way around this (as suggested by 
the Tor project) is to use (private) Tor bridges which use domain 
fronting, traffic obfuscation and similar tricks. You might also find 
some of these technologies useful for the tunneling the SOCKS5 traffic.


Best regards,
Jaak


PS: All security technologies and their implementations, including 
proxychains-ng, Tails and Tor, have their weak points. So take care when 
evaluating their fitness for your particular purpose.


On 31.08.24 14:20, Tobias Klein wrote:
> Hi Troy and all,
> 
> One of the Ezra users has asked the following:
> 
> 
> The websites for updating modules and downloading Bibles are either 
> inaccessible or subject to censorship for people living in countries 
> that restrict internet access.
> 
> Could the program be updated to support setting up a SOCKS5 or HTTP 
> proxy, allowing users to access the internet through a proxy?
> 
> 
> 
> How do you assess this request from a SWORD library perspective?
> 
> 
> Best regards,
> Tobias
> 
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

More information about the sword-devel mailing list