Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No media is being sent or received on WhatsApp for Android via the proxy #281

Closed
Nicepaul opened this issue Jul 20, 2024 · 4 comments
Closed

No media is being sent or received on WhatsApp for Android via the proxy #281

Nicepaul opened this issue Jul 20, 2024 · 4 comments

Comments

@Nicepaul
Copy link

Nicepaul commented Jul 20, 2024
edited
Loading

No description provided.

@wenge110110
Copy link

I'm having this problem too.

@eozturk1
Copy link
Contributor

@Nicepaul Can you try in the app updating the media port to 587 or 7777 and try that way? Some networks may block traffic in certain ports which might be the issue you are encountering. From your phone network, can you send a CURL request for instance to either of these ports?

Alternatively you can run messaging through port 80 and media through 443 -- which should have a better chance of avoiding any of the port-specific restrictions. You can update the HAproxy config and match your new messaging/media settings on the app.

@offer1983
Copy link

offer1983 commented Jul 30, 2024
edited
Loading

Previously identified this issue, some Android phones, especially Huawei, cannot connect to the media server, the connection fails. Recently, media servers on iOS in some regions have also begun to fail to connect.

WhatsApp proxy hasn't been updated for a long time and is outdated.
When using curl to connect to port 587, WhatsApp's certificate is displayed, which seems relevant to your issue.
According to your description, the session is using a self-signed certificate, while the media part is using WhatsApp's certificate. This situation might result in WhatsApp's certificate being intercepted by the Great Firewall (GFW) of China.

1. curel 433:
`curl -k -v https://...:443

  • Trying ...:443...
  • Connected to ... (...) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server did not agree to a protocol
  • Server certificate:
  • subject: CN=LNhWYJA0KS6lwr.net
  • start date: Jul 30 09:47:17 2024 GMT
  • expire date: Jul 28 09:47:17 2034 GMT
  • issuer: CN=a5fGg9v04GQb
  • SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

GET / HTTP/1.1
Host: ...
User-Agent: curl/7.74.0
Accept: /

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.3 (IN), TLS alert, close notify (256):
  • Empty reply from server
  • Closing connection 0
  • TLSv1.3 (OUT), TLS alert, close notify (256):
    curl: (52) Empty reply from server`

2. curl 587
`curl -k -v https://...:587

  • Trying ...:587...
  • Connected to ... (...) port 587
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / X25519 / id-ecPublicKey
  • ALPN: server accepted h2
  • Server certificate:
  • subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.whatsapp.net
  • start date: May 9 00:00:00 2024 GMT
  • expire date: Aug 7 23:59:59 2024 GMT
  • issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
  • SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
  • Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
  • using HTTP/2
  • [HTTP/2] [1] OPENED stream for https://...:587/
  • [HTTP/2] [1] [:method: GET]
  • [HTTP/2] [1] [:scheme: https]
  • [HTTP/2] [1] [:authority: ...:587]
  • [HTTP/2] [1] [:path: /]
  • [HTTP/2] [1] [user-agent: curl/8.5.0]
  • [HTTP/2] [1] [accept: /]

GET / HTTP/2
Host: ...:587
User-Agent: curl/8.5.0
Accept: /

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    < HTTP/2 400
    < content-length: 101
    < content-type: text/html; charset=utf-8
    < access-control-allow-origin: *
    < proxy-status: proxy_internal_response; e_isproxyerr="AcJA-r1rnCm7SkMnPePYz2KKmIR3BhEoMsTbgINh6vFZiPGRVq78V7DLxZGKaA"; e_proxy="AcKg9KKSQs4jm6bG16R4slUaxeqpFivFbgGzYQw8W33BBaGVan9zXLTLWUNl_QJWf3k2NjYKt07GXas"; e_fb_binaryversion="AcKTdf6mSeFbfTksib5aQwMpRQV7K0CSo26qNmYwXlFqsYIJBWZKwGhIntreYb8R6Ua5wBdgRFocbOtrf0lkHXuE4bd4xhWbilA"; e_fb_httpversion="AcJg8IzZE0UEUmBOfjiRJoOGhJ7W-w5C-v4fgBr-iLjYStnbXESMArE2_8vm"; e_fb_hostheader="AcLBlA_I4Y8ZpoEl72aKaY6zTgsztJVeSmP04dwYYbxQcjwcWiFDiPJ6xhV3Ff9M2lh6tVPfRxwLS2U"; e_fb_requesttime="AcLX7KTZKl_PmMY7t5M3UG94Gxv11Ry_VGM3grrDhk8dgFS3RDvAJv4exzvuFNVNzVHkVtxtDw"; e_fb_responsebytes="AcL54pjS4M4nhaAeqARLCHkkBRp32vQeCc5ILxVPQ5Dv9JMxWWK-TjlfYqiA"; e_fb_requestsequencenumber="AcI5SocCP1gcX8QsAW5KfK22tF5JV1eqv-Lh2RzsiD8lty_W7Tiyc2Anfw"; e_fb_proxycode="AcKgF_ixA4QFKshh_VkrKAuKNAP_GShA2ATuHcPzdRRZ1MSPKnKfdKKXlSYU"; e_fb_builduser="AcIjmcGYd2Mdl8ac88iIoBI0uDpu7oe1ugZ650OOTKBbOKwgzbcvez1aKHcuALnf6QY"; e_fb_vipport="AcLXkDGYZFVPdRzQpXFYsRdcJLc9gy_AytEk1GtmEGg8RhJol2mKwiMYIUdB"; e_clientaddr="AcKo22cRTBL12qwmHTFEJ_n0fkrPFmWPTLrXd1lZqEStk6nbFcI0qqGuL5lEDNZdD8XLTK6nvsNbMEU5UQ"; e_fb_vipaddr="AcKfaUqqt1k2xd-gpgloOOFD4clIVKnHusXTDPbRblER-iPk-2EuYtWlJFOc-7OXjCh3K0Tx"; e_fb_configversion="AcKVVxEcA89yxsb18dTfbiKfMviz7fmlIQDZCpf2kMid4zbqmQb-GeWbSvBZrg"
    < date: Tue, 30 Jul 2024 10:12:51 GMT
    <
<title>WhatsApp Error</title>

WhatsApp Error

`

@offer1983 offer1983 mentioned this issue Aug 5, 2024
Open
@mvscode mvscode mentioned this issue Aug 6, 2024
Closed
@Nicepaul Nicepaul closed this as not planned Won't fix, can't repro, duplicate, stale Aug 8, 2024
@bilogic
Copy link

bilogic commented Sep 13, 2024

Previously identified this issue, some Android phones, especially Huawei, cannot connect to the media server, the connection fails. Recently, media servers on iOS in some regions have also begun to fail to connect.

WhatsApp proxy hasn't been updated for a long time and is outdated. When using curl to connect to port 587, WhatsApp's certificate is displayed, which seems relevant to your issue. According to your description, the session is using a self-signed certificate, while the media part is using WhatsApp's certificate. This situation might result in WhatsApp's certificate being intercepted by the Great Firewall (GFW) of China.

Thanks for sharing, do you know a work around?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bilogic @eozturk1 @Nicepaul @offer1983 @wenge110110