Opened 4 months ago

Last modified 4 months ago

#26764 new defect

HTTP proxy bug in Orbot 16.0.2-RC-1

Reported by: soren@… Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I am the developer of Privacy Browser, a privacy focused Android browser. Privacy Browser has the option to proxy through Orbot. A user recently brought to my attention that there is a bug in the HTTP proxy of Orbot 16.0.2-RC-1 (downloaded from F-Droid) which causes all HTTP requests to fail. HTTPS requests work fine. Using Orbot in VPN mode works fine as long as Privacy Browser is not trying to proxy HTTP requests through port 8118, otherwise they still fail.

Downgrading Orbot to 16.0.0-RC-2-multi-SDK23 causes HTTP proxying to work correctly.

Testing was performed using Privacy Browser 2.11 on a Pixel 2 XL running Android 8.1.0 (API 27). Privacy Browser can be downloaded from F-Droid, but the current version, 2.11, is not yet available there. It can be downloaded directly from:

Versions prior to 2.11 used the old WebView proxying code and do not work with the changes Google recently made to WebView. As such, they are not useful for testing this bug if the device has recently updated WebView.

Child Tickets

Change History (1)

comment:1 Changed 4 months ago by rl1987

Component: - Select a componentApplications/Orbot
Owner: set to n8fr8
Note: See TracTickets for help on using tickets.