Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support HTTP proxy instead #146

Open
Heshmatkhah opened this issue Jan 28, 2023 · 2 comments
Open

Support HTTP proxy instead #146

Heshmatkhah opened this issue Jan 28, 2023 · 2 comments

Comments

@Heshmatkhah
Copy link

Heshmatkhah commented Jan 28, 2023
edited
Loading

Why is Whatsapp not supporting regular HTTP(S) proxies with Authentication??

Running HAProxy should be the last option because:

  1. HAProxy doesn't support Authentication > HTTP proxies do.
  2. Using HTTPS proxy increases the security of Meta itself, Attackers may use these proxies which are publicly available without any kind of authentication.
  3. HAProxy doesn't re-encrypt traffic therefore the censorship systems easily detect it > You cant set TLS encryption on your HTTP proxy and use HTTPS proxy so the traffic can't be detected
  4. There are many running HTTP(S) proxies out there and you don't need to run a new one for yourself, but in case you want, It's verrrrrrry easy.

My recommendation is to add HTTPS proxy with authentication support to WhatsApp instead of this.

If you want to implement HTTPS proxy support in the WhatsApp application (please do so), it's important to implement it in the correct way and don't forget to implement simple important things like SNI, auth headers, and ..., just stick to RFC.

The reason I write this issue is:

  1. The censorship systems block every proxy very fast
  2. There is no authentication on my proxy, it's using my resources and I have no control over it.
@Heshmatkhah Heshmatkhah changed the title Support HTTP proxy Support HTTP proxy instead Jan 28, 2023
@Heshmatkhah
Copy link
Author

Another option is to support SOCKS5+TLS+Authetication
This solution has the same benefits but uses a different protocol

There are some important facts about censorship systems (that people who live in the open world can't understand) and it's the importance of TLS re-encrypt and Authentication.

  • If you want to bypass the censorship system, you should have TLS re-encrypt: You should re-encrypt your encrypted data because if you don't, it will be detected and the system will drop your packets and block your server in very first packets.
  • Your Proxy/VPN should have authentication, If a Proxy/VPN exposes to public usage, it will be blocked very fast. by very fast I mean in a couple of minutes

@codeninja-ru
Copy link

good idea

It’s said that the Russian Gov can now figure out to whom you send messages by analyzing metadata. HTTPS proxy (with proper auth) would be a great solution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codeninja-ru @Heshmatkhah