[squid-users] Web Whatsapp, Dropbox... problem

Eliezer Croitoru eliezer at ngtech.co.il
Thu Sep 8 20:19:13 UTC 2016


Can it be verified using some kind of dumps?

The issues is that if I will try to access https://web.whatsapp.com/ it will probably won't work despite to the fact that I have or do not have a certificate.

>From my eyes it's not a certificate issue but rather a websocket one.

The simplest way to see it would be using this firefox dump:

curl "https://w1.web.whatsapp.com/ws" -H "Host: w1.web.whatsapp.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H "Accept-Language: en-US,he;q=0.7,en;q=0.3" --compressed -H "Sec-WebSocket-Version: 13" -H "Origin: https://web.whatsapp.com" -H "Sec-WebSocket-Extensions: permessage-deflate" -H "Sec-WebSocket-Key: 323TCNi3BxG0LJ+nTi2V1g==" -H "Connection: keep-alive, Upgrade" -H "Pragma: no-cache" -H "Cache-Control: no-cache" -H "Upgrade: websocket"

 

I believe that we can somehow make sure how it will be secure "enough" to mangle the response headers and change any Connection into a "close" one and then splice the client and the server.

It's not safe for many systems but when the sysadmins are using whatsapp to send internal messages it would be ridicules to restrict the network users for these apps.

But in the other hand maybe the sysadmins are smart and the other users are not enough so I am not sure what would be the best option.

For this case a configuration would be appropriate.

 

Eliezer

 

----

 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



 

From: Chico Venancio [mailto:chicocvenancio at gmail.com] 
Sent: Thursday, September 8, 2016 11:05 PM
To: Eliezer Croitoru
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

 

We had that trouble with whatsapp web. We simply put it in the splice rule. It seems whatsapp checks the client certificate. 

Chico Venancio 

 

Em 08/09/2016 16:09, "Eliezer Croitoru" <eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il> > escreveu:

Hey,

Can I reproduce this by just entering the url in chrome\chromium\firefox\Internet Exploere\Edge\other?
I am testing Squid 4 but it's moving slow compared to what I could in the past.
I have a squid 4 up and running and I will try to see if I can reproduce it.
Can you provide more details about the squid.conf?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261 <tel:%2B972-5-28704261> 
Email: eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il> 


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org <mailto:squid-users-bounces at lists.squid-cache.org> ] On Behalf Of erdosain9
Sent: Thursday, September 8, 2016 3:38 PM
To: squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

Finally i update to squid 3.5 and try the acl with dstdomain


Craddock, Tommy wrote
> Hello,
> Create an ACL that will be a list of domains, either in the ACL or in
> a txt file that the ACL refers to, and place any URLs you want
> bypassed by the proxy into the ACL.  Something like this:
> ACL Section of your squid.conf:
> acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> Then in the http_access section:
> http_access allow bypass_dst_dom

But dosent work....  the web keep loading <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_de_2016-09-08_09-40-14.png>




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160908/8d05c243/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160908/8d05c243/attachment-0001.png>


More information about the squid-users mailing list