proxy icon indicating copy to clipboard operation
proxy copied to clipboard

Published 20 hours ago verified publisher icon WhatsApp

Support HTTP proxy instead

Open Heshmatkhah opened this issue 2 years ago • 2 comments

Why is Whatsapp not supporting regular HTTP(S) proxies with Authentication??

Running HAProxy should be the last option because:

  1. HAProxy doesn't support Authentication > HTTP proxies do.
  2. Using HTTPS proxy increases the security of Meta itself, Attackers may use these proxies which are publicly available without any kind of authentication.
  3. HAProxy doesn't re-encrypt traffic therefore the censorship systems easily detect it > You cant set TLS encryption on your HTTP proxy and use HTTPS proxy so the traffic can't be detected
  4. There are many running HTTP(S) proxies out there and you don't need to run a new one for yourself, but in case you want, It's verrrrrrry easy.

My recommendation is to add HTTPS proxy with authentication support to WhatsApp instead of this.

If you want to implement HTTPS proxy support in the WhatsApp application (please do so), it's important to implement it in the correct way and don't forget to implement simple important things like SNI, auth headers, and ..., just stick to RFC.

The reason I write this issue is:

  1. The censorship systems block every proxy very fast
  2. There is no authentication on my proxy, it's using my resources and I have no control over it.

Heshmatkhah avatar Jan 28 '23 08:01 Heshmatkhah

Another option is to support SOCKS5+TLS+Authetication This solution has the same benefits but uses a different protocol

There are some important facts about censorship systems (that people who live in the open world can't understand) and it's the importance of TLS re-encrypt and Authentication.

  • If you want to bypass the censorship system, you should have TLS re-encrypt: You should re-encrypt your encrypted data because if you don't, it will be detected and the system will drop your packets and block your server in very first packets.
  • Your Proxy/VPN should have authentication, If a Proxy/VPN exposes to public usage, it will be blocked very fast. by very fast I mean in a couple of minutes

Heshmatkhah avatar Jan 28 '23 08:01 Heshmatkhah

good idea

It’s said that the Russian Gov can now figure out to whom you send messages by analyzing metadata. HTTPS proxy (with proper auth) would be a great solution

codeninja-ru avatar Aug 11 '23 22:08 codeninja-ru