<div dir="ltr"><div>@Eliezer, @Amos</div><div><div><br></div><div>Following changes in config works and whatsapp starts working,</div><div><br></div><div>acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$</div><div><br></div><div>acl step1 at_step SslBump1</div><div>ssl_bump peek step1</div><div>ssl_bump splice serverIsws</div><div>ssl_bump bump !serverIsws all</div></div><div><br></div><div>[ above is a feature of whatsapp which allows you to connect to <a href="http://web.whatsapp.com">web.whatsapp.com</a> from browser]</div><div><br></div><div><br></div><div>now what happens at request level is following,</div><div><br></div><div><div>Request URL:wss://<a href="http://w8.web.whatsapp.com/ws">w8.web.whatsapp.com/ws</a></div><div>Request Method:GET</div><div>Status Code:101 Switching Protocols</div><div><br></div><div>----------------------------------</div><div><br></div><div>Response Headers</div><div><br></div><div>Connection:Upgrade</div><div>Sec-WebSocket-Accept:Z6CC+QVdvB0cCHPbJAQMaHKL2uQ=</div><div>Upgrade:websocket</div><div><br></div><div>----------------------------------</div><div>Request Headers<br></div><div><br></div><div>Accept-Encoding:gzip, deflate, sdch, br</div><div>Accept-Language:en-US,en;q=0.8</div><div>Cache-Control:no-cache</div><div>Connection:Upgrade</div><div>Host:<a href="http://w8.web.whatsapp.com">w8.web.whatsapp.com</a></div><div>Origin:<a href="https://web.whatsapp.com">https://web.whatsapp.com</a></div><div>Pragma:no-cache</div><div>Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits</div><div>Sec-WebSocket-Key:mbCFLN/Q1KMt58t6DoQI9Q==</div><div>Sec-WebSocket-Version:13</div><div>Upgrade:websocket</div><div>User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36</div></div><br><div class="gmail_extra">After this no other web sockets open it seems whatsapp switches to normal communication from websockets.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Above solution could help lot of people who is trying to configure websockets to run. I have few more websocket applications which i need to work on and i will let you know if it works soon.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thank you very much for your help. Really appreciate the help.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 19, 2016 at 6:46 PM, Hardik Dangar <span dir="ltr"><<a href="mailto:hardikdangar+squid@gmail.com" target="_blank">hardikdangar+squid@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Based on Amos's Answer,<div><br></div><div><div>acl serverIsws ssl::server_name .<a href="http://w0.whatsapp.com" target="_blank">w0.whatsapp.com</a></div><div>acl serverIsws ssl::server_name .<a href="http://w1.whatsapp.com" target="_blank">w1.whatsapp.com</a></div><div><br></div><div>acl step1 at_step SslBump1</div><div>ssl_bump peek step1</div><div>ssl_bump bump !serverIsws all</div><div>ssl_bump splice allĀ </div></div><div><br></div><div>will above work ?</div><div><br></div><div>Or should i splice first and bump all others later?</div><div><br></div><div>This is very interesting. I will definitely try this when i will reach office.</div></div><div class="gmail-HOEnZb"><div class="gmail-h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru <span dir="ltr"><<a href="mailto:eliezer@ngtech.co.il" target="_blank">eliezer@ngtech.co.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I can give a hint that once you see the request you can identify using an ICAP\ECAP services couple details about the request.<br>
Basically I had a regex which allowed any what's app traffic to be spliced by the SNI domain name.<br>
It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the required domains for whatsapp to be spliced.<br>
If nobody will try it before me it's on my todo list for this release (3.5.23, 4.0.17).<br>
<br>
Eliezer<br>
<br>
----<br>
Eliezer Croitoru<br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il" target="_blank">eliezer@ngtech.co.il</a><br>
<div class="gmail-m_3675365630289540542HOEnZb"><div class="gmail-m_3675365630289540542h5"><br>
<br>
-----Original Message-----<br>
From: squid-users [mailto:<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@li<wbr>sts.squid-cache.org</a>] On Behalf Of Amos Jeffries<br>
Sent: Monday, December 19, 2016 8:51 AM<br>
To: Hardik Dangar <<a href="mailto:hardikdangar%2Bsquid@gmail.com" target="_blank">hardikdangar+squid@gmail.com</a>><br>
Cc: Squid Users <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache<wbr>.org</a>><br>
Subject: Re: [squid-users] Squid Websocket Issue<br>
<br>
On 19/12/2016 12:14 p.m., Hardik Dangar wrote:<br>
> can you give me one example please ?<br>
> like in the above example.<br>
> <a href="http://w4.web.whatsapp.com" rel="noreferrer" target="_blank">w4.web.whatsapp.com</a> domain is fixed<br>
> are you suggesting i can create acl and by pass it to squid ?<br>
><br>
<br>
You are the first person to ask about WhatsApp traffic.<br>
<br>
These might be a useful starting point<br>
<<a href="http://wiki.squid-cache.org/Features/SslPeekAndSplice#Configuration_Examples" rel="noreferrer" target="_blank">http://wiki.squid-cache.org/F<wbr>eatures/SslPeekAndSplice#Confi<wbr>guration_Examples</a>><br>
<br>
What the examples are doing for banks is what you want to do for WhatsApp.<br>
<br>
The trick though will be figuring out how to splice *before* seeing what type of HTTP request exists inside the tunnel. If you are lucky the app will be using SNI.<br>
<br>
Amos<br>
<br>
</div></div><div class="gmail-m_3675365630289540542HOEnZb"><div class="gmail-m_3675365630289540542h5">______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/l<wbr>istinfo/squid-users</a><br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>