Can it be verified using some kind of dumps? The issues is that if I will try to access https://web.whatsapp.com/ it will probably won't work despite to the fact that I have or do not have a certificate. From my eyes it's not a certificate issue but rather a websocket one. The simplest way to see it would be using this firefox dump: curl "https://w1.web.whatsapp.com/ws" -H "Host: w1.web.whatsapp.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H "Accept-Language: en-US,he;q=0.7,en;q=0.3" --compressed -H "Sec-WebSocket-Version: 13" -H "Origin: https://web.whatsapp.com" -H "Sec-WebSocket-Extensions: permessage-deflate" -H "Sec-WebSocket-Key: 323TCNi3BxG0LJ+nTi2V1g==" -H "Connection: keep-alive, Upgrade" -H "Pragma: no-cache" -H "Cache-Control: no-cache" -H "Upgrade: websocket" I believe that we can somehow make sure how it will be secure "enough" to mangle the response headers and change any Connection into a "close" one and then splice the client and the server. It's not safe for many systems but when the sysadmins are using whatsapp to send internal messages it would be ridicules to restrict the network users for these apps. But in the other hand maybe the sysadmins are smart and the other users are not enough so I am not sure what would be the best option. For this case a configuration would be appropriate. Eliezer ---- Eliezer Croitoru
From: Chico Venancio [mailto:chicocvenancio@xxxxxxxxx] We had that trouble with whatsapp web. We simply put it in the splice rule. It seems whatsapp checks the client certificate. Chico Venancio Em 08/09/2016 16:09, "Eliezer Croitoru" <eliezer@xxxxxxxxxxxx> escreveu:
|
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
