Tor hidden service: DAVx⁵ failes to connect / Support SOCKS proxy

  • Hi there!
    At first — thank you for DAVx⁵! 🤓

    I am trying to use my hidden service Nextcloud instance with my phone. It hurts. 🌵

    For now HTTP proxy seems broken on Orbot, it returns an empty page only. So I tried one-year-old Orbot 16.0.0 RC 2. It’s HTTP proxy works fine. I tested it with Fennec F-Droid (which is a Firefox fork) with following settings made with about:config page:

    network.proxy.http = localhost
    network.proxy.http_port = 8118
    network.proxy.type = 1

    It allows me to operates my hidden service in normal way througt the browser. I setup proxy according to this tutorial, but DAVx⁵ still can not deal with the instance. 🤔

    Here is a DAVx⁵ log file: davx5-info.txt (I substituted username and hidden service name with the bogus ones 👻 , also “orangepi.lan” is a working entry of the same machine).

    And so it is still may be great to have a Socks5 proxy support. 🙃

  • developer


    2019-02-19 14:55:09 592 [HttpClient] --> PROPFIND http://oobee3hoosh2ocee.onion/remote.php/dav
    2019-02-19 14:55:09 592 [HttpClient] --> END PROPFIND (290-byte body)
    2019-02-19 14:55:09 592 [HttpClient] <-- 501 Method not implemented http://oobee3hoosh2ocee.onion/remote.php/dav (35ms)
    2019-02-19 14:55:09 592 [HttpClient] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
    <title>Proxy error: 501 Method not implemented.</title>
    <h1>501 Method not implemented</h1>
    <p>The following error occurred:<br><br>
    <strong>501 Method not implemented</strong></p>
    <hr>Generated Tue, 19 Feb 2019 14:55:09 +05 by Polipo on <em></em>.

    This doesn’t seem to be a Tor connection problem, but a CalDAV/CardDAV server problem. The connection to oobee3hoosh2ocee.onion was sucessfully established, but Polipo on told DAVx⁵ that the PROPFIND method is not implemented. So it’s either not implemented in the proxy or on the target server.

    Can you have a look at your HTTP proxy logs?

    Or can you use a working Orbot version until this problem is fixed in Orbot?

    And so it is still may be great to have a Socks5 proxy support.

    Which is not supported by native Android (there are no system settings for that), but okhttp seems to support it. So if you could send a merge request, I’ll merge it. The more difficult part would probably the UI and to store/use the settings, but it shouldn’t be that hard 🙂

  • @rfc2822, well, I tried to debug Orbot with logcat and have seen nothing related to problem. Then, according to bug report I tried to connect with latest Orbot through HTTPS with self-signed cert, and the try have been succeed. 😂

    About okhttp, seems good, but I am sorry, I am not skilled for now to make such PR . 🤔

  • developer

    I see… What happens if you try curl -vX PROPFIND -u username:password http://oobee3hoosh2ocee.onion/remote.php/dav on the command line (you can use --preproxy to use a SOCKS proxy with curl)? Just to be sure that it’s really a proxy problem.

  • @rfc2822, I ran curl on my phone, it has no “–preroxy” arg, so I used “–proxy”:
    $ curl -vX PROPFIND -u bergentroll:superpassword http://orangepi.lan/remote.php/dav
    $ curl --proxy socks5h://localhost:9050 -vX PROPFIND -u bergentroll:superpassword http://superhiddenservice.onion/remote.php/dav

    Both commands have same logs and the very same XML answers: curl-socks.xml (I just formatted it a bit). Diff is

    <       100 4753 100 4753 0 0 10301 0 --:--:-- --:--:-- --:--:--
    <       10729 * Connection #0 to host orangepi.lan left intact 0
    >       100 4753 100 4753 0 0 2846 0 0:00:01 0:00:01 --:--:-- 2858 *
    >       Connection #0 to host superhiddenservice.onion left intact 0

  • developer

    @bergentroll Ok, so it really seems to be a HTTP proxy problem. Well then it should work with a working version of Orbot… is there anything still open for DAVx⁵ except the enhancement idea of supporting SOCKS proxies?

  • @rfc2822, yes, actually, if you please, while I was trying to make my hidden service working, I found, that it may be convenient in such cases to save entry even when it is not valid for now, just marking it as out of sync or something like this. Thus it will be possible to edit such entries later without filling credentials again, you know. Just an idea.