Using this command through SSH the router don't seem to work
CODE
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10
YouTube Deep Packet Inspection, All HTTP connections being MITMed
|
|
 May 1 2013, 11:29 PM
|
 
Elite
8,410 posts Joined: Jul 2008  
|
rizvanrp How to solve this on OpenWRT based router
Using this command through SSH the router don't seem to work |
Quote|
|
|
|
|
May 1 2013, 11:30 PM
|
 
Junior Member
223 posts Joined: Feb 2008 From: Sunway/Kuching 
|
QUOTE(HeHeHunter @ May 1 2013, 11:12 PM) try http, not https.  QUOTE(ReWeR @ May 1 2013, 11:13 PM) "https" can see, "http" cannot see. yea i know.. why didnt block https also? |
|
|
May 1 2013, 11:30 PM
|
Senior Member
1,281 posts Joined: Sep 2008 
|
QUOTE(patienceGNR @ May 1 2013, 11:29 PM) I have re uploaded the videos here. Instant streamhttp://www.youtube.com/watch?v=HBUwbcNqvZE http://www.youtube.com/watch?v=Bpwm3FfhaLk Let me know if the videos are unable to stream. |
|
|
May 1 2013, 11:30 PM
|
Senior Member
2,058 posts Joined: Mar 2011 From: Today: 9:03 AM 
|
QUOTE(JustForFun @ May 1 2013, 11:30 PM) Instant stream Go download, reupload  let them keep filtering. |
|
|
May 1 2013, 11:30 PM
|
Junior Member
397 posts Joined: Aug 2009 From: Yong Peng
|
QUOTE(patienceGNR @ May 1 2013, 11:29 PM) I have re uploaded the videos here. i can stream it with full speed download.http://www.youtube.com/watch?v=HBUwbcNqvZE http://www.youtube.com/watch?v=Bpwm3FfhaLk Let me know if the videos are unable to stream. |
|
|
May 1 2013, 11:30 PM
|
Junior Member
283 posts Joined: Aug 2008 From: Malacca
|
QUOTE(patienceGNR @ May 1 2013, 11:29 PM) I have re uploaded the videos here. Yeshttp://www.youtube.com/watch?v=HBUwbcNqvZE http://www.youtube.com/watch?v=Bpwm3FfhaLk Let me know if the videos are unable to stream. |
|
|
|
|
|
May 1 2013, 11:31 PM
|
Junior Member
136 posts Joined: Apr 2010 From: Melaka <-- -> Kuala Lumpur
|
QUOTE(zaqplm @ May 1 2013, 04:13 PM) I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos. BN also cannot be accessed You can also test the links below: http://www.facebook.com/DAPMalaysia <-- Fails to open https://www.facebook.com/DAPMalaysia <-- Opened OK but for the video truthfully am also not able to viewing the video, am on celcom broadband :http://www.facebook.com/pages/Barisan-Nasional/219708793830 https://www.facebook.com/pages/Barisan-Nasional/219708793830 |
|
|
May 1 2013, 11:31 PM
|
Store Representative
7,931 posts Joined: Jan 2003 From: PJ, Malaysia
|
Can't stream the youtube video . But after using a US VPN seems to stream fine.
|
|
|
May 1 2013, 11:31 PM
|
Junior Member
335 posts Joined: Apr 2012
|
QUOTE(patienceGNR @ May 1 2013, 11:29 PM) I have re uploaded the videos here. Can stream. Thanks.http://www.youtube.com/watch?v=HBUwbcNqvZE http://www.youtube.com/watch?v=Bpwm3FfhaLk Let me know if the videos are unable to stream. |
|
|
May 1 2013, 11:32 PM
|
Elite
6,931 posts Joined: Apr 2011 From: Bolehland for sure ^_^
|
QUOTE(patienceGNR @ May 1 2013, 11:29 PM) I have re uploaded the videos here. can stream, thanks http://www.youtube.com/watch?v=HBUwbcNqvZE http://www.youtube.com/watch?v=Bpwm3FfhaLk Let me know if the videos are unable to stream.  |
|
|
May 1 2013, 11:33 PM
|
Elite
195 posts Joined: Sep 2006 
|
QUOTE(blacktubi @ May 1 2013, 11:29 PM) rizvanrp How to solve this on OpenWRT based router I'm not so sure, I was also having issues implementing it on my Mikrotik. Apparently you can't do TCP MSS clamping on the prerouting chain.. but it works fine on my Linux box running kernel 3.2.0-37. Other option would be to do it at layer 7 with a fragmenting/padding HTTP proxy.. but at this point it would be safer to just switch to a VPN or SSH tunnel rather than trying to obfuscate the requests.Using this command through SSH the router don't seem to work CODE iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10 |
|
|
May 1 2013, 11:33 PM
|
|
Store Representative
7,931 posts Joined: Jan 2003 From: PJ, Malaysia
|
of course. New links works fine with unifi.
 |
|
|
May 1 2013, 11:35 PM
|
Senior Member
4,251 posts Joined: Jan 2003 From: Malacca, Malaysia, Earth
|
So, seems both DAP and BN facebook page cannot open.
Who could benefit from this? |
|
|
|
|
|
May 1 2013, 11:36 PM
|
Junior Member
189 posts Joined: Jan 2006
|
QUOTE(zaqplm @ May 1 2013, 04:13 PM) I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos. Tried with my mobile.You can also test the links below: http://www.facebook.com/DAPMalaysia <-- Fails to open https://www.facebook.com/DAPMalaysia <-- Opened OK Both sites are unable to open. I'll try again later. Using DiGi btw. |
|
|
May 1 2013, 11:36 PM
|
Elite
2,046 posts Joined: Jan 2003 From: On a chair, facing the screen
|
Tested using UniFi Biz and Celcom LTE, both videos that TS linked only load after a while. DAP's FB page doesn't load with normal HTTP but works fine for HTTPS.
All of them work without any hitch on Yes 4G. Hmm.  |
|
|
May 1 2013, 11:38 PM
|
Newbie
3 posts Joined: Oct 2010
|
QUOTE(xxmetalhead86xx @ May 1 2013, 11:30 PM) yea i know.. why didnt block https also? Because you can't block just one page with HTTPS, you either block the whole site, or block nothing. |
|
|
May 1 2013, 11:38 PM
|
Junior Member
274 posts Joined: Nov 2012
|
I'm trying to open video by patienceGNR, but only first 2 sec can load.
This what I got.  This post has been edited by GoldenHorn: May 1 2013, 11:42 PM |
|
|
May 1 2013, 11:41 PM
|
Senior Member
1,259 posts Joined: May 2012 From: Kaoshiung, Taiwan and Kuala Lumpur
|
QUOTE(ryuken26 @ May 1 2013, 11:19 PM) i also got problem to open BN facebook page. why BN wan block on fb page  |
|
|
May 1 2013, 11:42 PM
|
Senior Member
657 posts Joined: Jun 2009 From: KL, Ampang, Desa Pandan
|
|
|
|
May 1 2013, 11:42 PM
|
Junior Member
365 posts Joined: Dec 2006
|
QUOTE(xxmetalhead86xx @ May 1 2013, 11:30 PM) yea i know.. why didnt block https also? Go study MITM and SSL cert first.This post has been edited by Prince of Andalus: May 1 2013, 11:43 PM |
| Change to: |  0.0156sec
 0.78
 5 queries
 GZIP Disabled
Time is now: 9th December 2025 - 05:08 AM |
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Powered by Invision Power Board © 2025 IPS, Inc.