slawlor
commented
1 year ago Path to what? Can you explain more? If you want a private version, only expose one of the proxy ports which will simply forward packets to WhatsApp core servers.
Open hiddify-com opened 1 year ago
slawlor
commented
1 year ago Path to what? Can you explain more? If you want a private version, only expose one of the proxy ports which will simply forward packets to WhatsApp core servers.
hiddify-com
commented
1 year ago assume i have set upped domain.com for my server, currently, government needs just to send a message to domain.com and receive its reply, then it can identify this server easily and can block it
solution:
if i can add https://domain.com/secretpath for the proxy link, since the government can not see the secretpath (because it is encrypted), he can not find that this server works as a proxy.
whatsapp ----(real tls to domain.com)--->(my server)---> if path=secretpath the proxy_to_whatsapp else show website.htmladditionally, you can add WebSocket support, therefore, we can bypass the restriction by local CDN server
whatsapp ----(real tls to domain.com)--->(cdn)---> if it is websocket and path=secretpathws proxy_to_whatsapp else show website.htmlI am not sure but i think currently wharsapp sending whatsapp SNI ???? it means that since whatsapp domain is blocked, it is still blocked in iran.
slawlor
commented
1 year ago So I think there's a bit of a misunderstanding here, this is not an HTTP proxy so the notion of "paths" isn't relevant. This is a pure TCP proxy forwarding bytes to WhatsApp servers.
Additionally the proxy generates a new certificate with each start, which you can easily customize the properties of in proxy/src/generate-certs.sh to tweak what's exposed.
Should you utilize ports 80 or 5222 however, only the default WhatsApp encryption is being passed which isn't TLS encrypted.
Port probing is still possible, however that would be possible regardless of the proxy infrastructure we run.
hiddify-com
commented
1 year ago It completely depends on the protocol. Current implementation will be detected in 30 seconds. But i have a server with telegram faketls + fallback that is not detected in 3 years.
I think you are not living in China or Iran so you don't know that even the government use tls fingerprinting to identify proxy protocols.
Please do not invent the wheel again, checkout vless+ws or v2ray+ws it is the best solution
omidkosari
commented
1 year ago I agree with @hiddify . There should be some ways to prevent automated detection by governments. They are monitoring user's traffic by several tools like anomaly detection, netflow analyzer, dpi, active port scanners and many other ways. As soon as finding such traffics, they will block ip address, subnet or even ASN. In order to create a real productive solution you need research on existing experiences.
Sujanayasa
commented
12 months ago 443 tls
Sujanayasa
commented
12 months ago 443 tls
This version can be easily probed by government and servers will be blocked quickly. Please add a path to the link to resolve this issue