search

aniketpanjwani / chomper

Internet blocker for the Linux desktop.
https://addictedto.tech/chomper/
GNU General Public License v3.0
356 stars 43 forks source link

Googler, how2, and socli command line tools don't work while Chomper is running. #25

Open aniketpanjwani opened 6 years ago

aniketpanjwani commented 6 years ago
Steps to reproduce the problem:
  1. Install googler, how2, and chomper.
  2. Execute chomper allon 10.
  3. Try to run googler python help.
  4. Try to run how2 -l python remove from list.
  5. Try to run socli python remove from list.

Step 3 gives [ERROR] Got HTTP 502: Bad Gateway at the terminal. In mitmproxy, you get

129.105.62.136:36544: clientconnect
129.105.62.136:36544: Cannot establish TLS with 74.125.127.105:443 (sni: None): TlsException('Cannot validate certificate hostname without SNI',)
129.105.62.136:36544: clientdisconnect

Step 4 returns at the terminal:

-Cannot connect to Google.
Error: Error on response:Error: tunneling socket could not be established, cause=connect EINVAL 0.0.31.144:80 - Local (0.0.0.0:0) : undefined

Step 5 returns Please check your internet connectivity... in the terminal. In mitmproxy, you get mitmproxy:

129.105.62.136:52310: clientconnect
129.105.62.136:52310: Client Handshake failed. The client may not trust the proxy's certificate for www.google.com.
129.105.62.136:52310: clientdisconnect
Any other comments? What have you tried so far?

Some thoughts:

  1. Maybe these command-line tools aren't finding certificates.
  2. The SNI error is weird - that seems like an upstream problem with googler.
  3. Maybe my root certificate isn't properly installed.
System information

Operating system: (e.g. Linux Mint 18)

aniketpanjwani commented 6 years ago

I had uninstalled Chrome and Firefox and only used a text browser. I then reinstalled Chrome and imported the mitmproxy certificate. When I did this, googler and socli continued to give the same problems they had been giving, but how2 began to function properly. This suggests that how2 uses Chrome's certificate database.

I think it's best to think of these as upstream errors, but I'm going to leave the issue open until it gets solved, because I expect others using Chomper will face similar problems.

aniketpanjwani commented 6 years ago

I also think Googler's failure to provide SNI is probably a design failure of Googler. This may be arising because it doesn't use requests, and instead uses the http library.