[squid-users] Squid Websocket Issue

Tue Dec 20 09:42:48 UTC 2016

@Eliezer, @Amos

Following changes in config works and whatsapp starts working,

acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice serverIsws
ssl_bump bump !serverIsws all

[ above is a feature of whatsapp which allows you to connect to
web.whatsapp.com from browser]

now what happens at request level is following,

Request URL:wss://w8.web.whatsapp.com/ws
Request Method:GET
Status Code:101 Switching Protocols

----------------------------------

Response Headers

Connection:Upgrade
Sec-WebSocket-Accept:Z6CC+QVdvB0cCHPbJAQMaHKL2uQ=
Upgrade:websocket

----------------------------------
Request Headers

Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Host:w8.web.whatsapp.com
Origin:https://web.whatsapp.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:mbCFLN/Q1KMt58t6DoQI9Q==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/55.0.2883.75 Safari/537.36

After this no other web sockets open it seems whatsapp switches to normal
communication from websockets.

Above solution could help lot of people who is trying to configure
websockets to run. I have few more websocket applications which i need to
work on and i will let you know if it works soon.

Thank you very much for your help. Really appreciate the help.

On Mon, Dec 19, 2016 at 6:46 PM, Hardik Dangar <hardikdangar+squid at gmail.com
> wrote:

> Based on Amos's Answer,
>
> acl serverIsws ssl::server_name .w0.whatsapp.com
> acl serverIsws ssl::server_name .w1.whatsapp.com
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump !serverIsws all
> ssl_bump splice all
>
> will above work ?
>
> Or should i splice first and bump all others later?
>
> This is very interesting. I will definitely try this when i will reach
> office.
>
> On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru <eliezer at ngtech.co.il>
> wrote:
>
>> I can give a hint that once you see the request you can identify using an
>> ICAP\ECAP services couple details about the request.
>> Basically I had a regex which allowed any what's app traffic to be
>> spliced by the SNI domain name.
>> It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the
>> required domains for whatsapp to be spliced.
>> If nobody will try it before me it's on my todo list for this release
>> (3.5.23, 4.0.17).
>>
>> Eliezer
>>
>> ----
>> Eliezer Croitoru
>> Linux System Administrator
>> Mobile: +972-5-28704261
>> Email: eliezer at ngtech.co.il
>>
>>
>> -----Original Message-----
>> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
>> Behalf Of Amos Jeffries
>> Sent: Monday, December 19, 2016 8:51 AM
>> To: Hardik Dangar <hardikdangar+squid at gmail.com>
>> Cc: Squid Users <squid-users at lists.squid-cache.org>
>> Subject: Re: [squid-users] Squid Websocket Issue
>>
>> On 19/12/2016 12:14 p.m., Hardik Dangar wrote:
>> > can you give me one example please ?
>> > like in the above example.
>> > w4.web.whatsapp.com domain is fixed
>> > are you suggesting i can create acl and by pass it to squid ?
>> >
>>
>> You are the first person to ask about WhatsApp traffic.
>>
>> These might be a useful starting point
>> <http://wiki.squid-cache.org/Features/SslPeekAndSplice#Confi
>> guration_Examples>
>>
>> What the examples are doing for banks is what you want to do for WhatsApp.
>>
>> The trick though will be figuring out how to splice *before* seeing what
>> type of HTTP request exists inside the tunnel. If you are lucky the app
>> will be using SNI.
>>
>> Amos
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161220/4b4d795d/attachment.html>