search

xvzc / SpoofDPI

A simple and fast anti-censorship tool written in Go
Apache License 2.0
3.33k stars 242 forks source link

Yandex panoramas don't work on ios #165

Closed 00enterausername00 closed 1 week ago

00enterausername00 commented 3 weeks ago

Thanks to the author for a great app! I noticed a strange peculiarity. When redirecting traffic from iPhone via SpoofDPI, blocked sites work fine, but panoramas in the Yandex.maps app stop working. I tried limiting the list of proxied domains via privoxy, but it didn't help. Here is the list of domains that are redirected to SpoofDPI: .googlevideo.com .youtube.com .ytimg.com .ggpht.com .nhacmp3youtube.com

Client information

OS: server: macos, linux client: ios

Version: 0.10.8

Command to run spoof-dpi: spoof-dpi -addr 0.0.0.0

Ledorub commented 3 weeks ago

Have you tried providing domains that should be proxified as multiple -pattern [domain|regex] options directly to Spoof-DPI? Consider posting logs.

00enterausername00 commented 3 weeks ago

Tried it with this command: spoof-dpi -addr 0.0.0.0 -debug -pattern .googlevideo.com -pattern .youtube.com -pattern .ytimg.com -pattern .ggpht.com -pattern .nhacmp3youtube.com

Same result. Here are the logs:

CONNECT report.appmetrica.yandex.net:443 HTTP/1.1 Host: report.appmetrica.yandex.net Proxy-Connection: keep-alive Connection: keep-alive

DEBU[2024-08-19T23:01:36+03:00] [DNS] report.appmetrica.yandex.net resolving with system dns DEBU[2024-08-19T23:01:36+03:00] [PROXY] Start HTTPS
DEBU[2024-08-19T23:01:36+03:00] [HTTPS] New connection to the server report.appmetrica.yandex.net 10.0.1.5:50538 DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Sent 200 Connection Estabalished to 10.0.1.113:63133 DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Writing plain client hello to report.appmetrica.yandex.net DEBU[2024-08-19T23:01:36+03:00] [PROXY] Request from 127.0.0.1:50539

CONNECT p158-caldav.icloud.com:443 HTTP/1.1 Host: p158-caldav.icloud.com User-Agent: Mac+OS+X/10.15.7 (19H2026) CalendarAgent/930.5.1 Connection: keep-alive Proxy-Connection: keep-alive

DEBU[2024-08-19T23:01:36+03:00] [DNS] p158-caldav.icloud.com resolving with system dns DEBU[2024-08-19T23:01:36+03:00] [PROXY] Start HTTPS
DEBU[2024-08-19T23:01:36+03:00] [HTTPS] New connection to the server p158-caldav.icloud.com 10.0.1.5:50540 DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Sent 200 Connection Estabalished to 127.0.0.1:50539 DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2024-08-19T23:01:36+03:00] [HTTPS] Writing plain client hello to p158-caldav.icloud.com DEBU[2024-08-19T23:01:39+03:00] [PROXY] Request from 10.0.1.113:63134

CONNECT 6s3yaq-skadsdkless.appsflyersdk.com:443 HTTP/1.1 Host: 6s3yaq-skadsdkless.appsflyersdk.com Proxy-Connection: keep-alive Connection: keep-alive

DEBU[2024-08-19T23:01:39+03:00] [DNS] 6s3yaq-skadsdkless.appsflyersdk.com resolving with system dns DEBU[2024-08-19T23:01:39+03:00] [PROXY] Start HTTPS
DEBU[2024-08-19T23:01:39+03:00] [HTTPS] New connection to the server 6s3yaq-skadsdkless.appsflyersdk.com 10.0.1.5:50541 DEBU[2024-08-19T23:01:39+03:00] [HTTPS] Sent 200 Connection Estabalished to 10.0.1.113:63134 DEBU[2024-08-19T23:01:39+03:00] [HTTPS] Client sent hello 517bytes
DEBU[2024-08-19T23:01:39+03:00] [HTTPS] Writing plain client hello to 6s3yaq-skadsdkless.appsflyersdk.com DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Error reading from 10.0.1.113:63133 timed out DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Closing client Connection.. 10.0.1.113:63133 DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Error reading from 10.0.1.113:63134 timed out DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Closing client Connection.. 10.0.1.113:63134 DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Closing server Connection.. report.appmetrica.yandex.net 10.0.1.5:50538 DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Error reading from 213.180.193.226:443 timed out DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Error reading from 18.165.142.169:443 timed out DEBU[2024-08-19T23:01:41+03:00] [HTTPS] Closing server Connection.. 6s3yaq-skadsdkless.appsflyersdk.com 10.0.1.5:50541

Ledorub commented 3 weeks ago

I don't own any iOS-based devices, so I tried to reproduce it on Android, without any luck, unfortunately. Looks like the YM app for Android sends requests to proxy.mob.maps.yandex.net to fetch street view data. The app bypasses the proxy when it sends requests to this specific domain. Not sure, how it works on iOS.

00enterausername00 commented 1 week ago

В общем проблема была в самом наличии переадресации через http прокси. В иос нет возможности указать отдельно http и https и нет возможности использовать только один из них. Пришлось поднять openvpn, указав в его конфиге переадресацию только на https прокси - в таком виде все работает.

Ledorub commented 1 week ago

This may be related to an issue with HTTP packet processing that was fixed by #229 and #230. The fix was merged to main, but has not been released yet.