Search squid archive

Re: Squid Websocket Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



@Eliezer, @Amos

Following changes in config works and whatsapp starts working,

acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice serverIsws
ssl_bump bump !serverIsws all

[ above is a feature of whatsapp which allows you to connect to web.whatsapp.com from browser]


now what happens at request level is following,

Request URL:wss://w8.web.whatsapp.com/ws
Request Method:GET
Status Code:101 Switching Protocols

----------------------------------

Response Headers

Connection:Upgrade
Sec-WebSocket-Accept:Z6CC+QVdvB0cCHPbJAQMaHKL2uQ=
Upgrade:websocket

----------------------------------
Request Headers

Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Host:w8.web.whatsapp.com
Origin:https://web.whatsapp.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:mbCFLN/Q1KMt58t6DoQI9Q==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36

After this no other web sockets open it seems whatsapp switches to normal communication from websockets.

Above solution could help lot of people who is trying to configure websockets to run. I have few more websocket applications which i need to work on and i will let you know if it works soon.

Thank you very much for your help. Really appreciate the help.

On Mon, Dec 19, 2016 at 6:46 PM, Hardik Dangar <hardikdangar+squid@xxxxxxxxx> wrote:
Based on Amos's Answer,

acl serverIsws ssl::server_name .w0.whatsapp.com
acl serverIsws ssl::server_name .w1.whatsapp.com

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump !serverIsws all
ssl_bump splice all 

will above work ?

Or should i splice first and bump all others later?

This is very interesting. I will definitely try this when i will reach office.

On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote:
I can give a hint that once you see the request you can identify using an ICAP\ECAP services couple details about the request.
Basically I had a regex which allowed any what's app traffic to be spliced by the SNI domain name.
It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the required domains for whatsapp to be spliced.
If nobody will try it before me it's on my todo list for this release (3.5.23, 4.0.17).

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


-----Original Message-----
From: squid-users [mailto:squid-users-bounces@lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Monday, December 19, 2016 8:51 AM
To: Hardik Dangar <hardikdangar+squid@xxxxxxxxx>
Cc: Squid Users <squid-users@lists.squid-cache.org>
Subject: Re: Squid Websocket Issue

On 19/12/2016 12:14 p.m., Hardik Dangar wrote:
> can you give me one example please ?
> like in the above example.
> w4.web.whatsapp.com domain is fixed
> are you suggesting i can create acl and by pass it to squid ?
>

You are the first person to ask about WhatsApp traffic.

These might be a useful starting point
<http://wiki.squid-cache.org/Features/SslPeekAndSplice#Configuration_Examples>

What the examples are doing for banks is what you want to do for WhatsApp.

The trick though will be figuring out how to splice *before* seeing what type of HTTP request exists inside the tunnel. If you are lucky the app will be using SNI.

Amos

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux