whatsapp: rewrite in Go (1/2) #55
Assignees
Labels
effort/L
Large effort
enhancement
New feature or request
ooni/probe-engine
Issues related to github.com/ooni/probe-engine
priority/high
High priority
Milestone
Comments
bassosimone
added
priority/medium
hellais
added
the
ooni/probe-engine
bassosimone
added
priority/high
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
This way, measurements run by, e.g., Telegram will use the same base of time for each input being measured. Part of #55.
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
We want all network events and other events used by telegram to use the same common begin of time, so we can correlate events. While there, bump timeout to 60 seconds. Part of #55.
Merged
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
|
We're mostly done, what is missing TODO is:
After all of this has been done, we can finally call this work complete. |
bassosimone
added a commit
that referenced
this issue
Jun 29, 2020
* urlgetter/multi: allow setting common beginning of time This way, measurements run by, e.g., Telegram will use the same base of time for each input being measured. Part of #55. * telegram: use common begin time, bump timeout We want all network events and other events used by telegram to use the same common begin of time, so we can correlate events. While there, bump timeout to 60 seconds. Part of #55. * experiment/urlgetter: increase robustness of tests Part of #55 * experiment/whatsapp: rewrite in Go Part of #55 * experiment/whatsapp: compute high level keys Part of #55 * netx/errorx: map "operation was canceled error" to "interrupted" Part of #55 * whatsapp: document limitations and next steps Part of #55 * Repair tests * Write mote tests * Document some more TODOs
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
In some cases, we want to fail if we see an HTTP status code >= 400. This is certainly the case when we're doing plain text HTTP. Both the Telegram implementation and WhatsApp can benefit from that functionality, when connecting to the web interface. Thus, I've factored the code out of the Telegram implementation and I have moved it inside the urlgetter package. Part of #55
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
In some cases, we want to fail if we see an HTTP status code >= 400. This is certainly the case when we're doing plain text HTTP. Both the Telegram implementation and WhatsApp can benefit from that functionality, when connecting to the web interface. Thus, I've factored the code out of the Telegram implementation and I have moved it inside the urlgetter package. Part of #55
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
As mentioned in the commit, we see a 400 Bad Request error from WhatsApp when using the User-Agent we use for measurements along with the standard Golang's ClientHello fingerprint. This looks like MITM detection like https://mitm.watch to me. A fix for this issue could be to find out a combination of User-Agent and ClientHello that does not trigger 400 and keep the test as it should according to the spec. Yet, if there is MITM detection, it may change. This will likely cause future false positives, and we already have a bunch of such false positives for the IM tests. Also, it currently seems safe to assume that, if we can perform a TLS handshake with a certificate pool we trust, then we are talking with WhatsApp. Therefore, the status code and the returned web page matter much less than they did when we wrote the initial implementation of the WhatsApp experiment. What's more, because the HTTP request only redirects us, we should probably also simplify that check, to avoid asserting anything on the returned web page _if_ we're correctly redirected. How to properly do this will be researched in the next sprint as part of #740. Further investigating this issue should also be fun. This work is part of #55.
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
* whatsapp: implement remaining checks As mentioned in the commit, we see a 400 Bad Request error from WhatsApp when using the User-Agent we use for measurements along with the standard Golang's ClientHello fingerprint. This looks like MITM detection like https://mitm.watch to me. A fix for this issue could be to find out a combination of User-Agent and ClientHello that does not trigger 400 and keep the test as it should according to the spec. Yet, if there is MITM detection, it may change. This will likely cause future false positives, and we already have a bunch of such false positives for the IM tests. Also, it currently seems safe to assume that, if we can perform a TLS handshake with a certificate pool we trust, then we are talking with WhatsApp. Therefore, the status code and the returned web page matter much less than they did when we wrote the initial implementation of the WhatsApp experiment. What's more, because the HTTP request only redirects us, we should probably also simplify that check, to avoid asserting anything on the returned web page _if_ we're correctly redirected. How to properly do this will be researched in the next sprint as part of #740. Further investigating this issue should also be fun. This work is part of #55. * whatsapp.go: mention the pull request with extended rationale Part of #55
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
This is for investigating what seems MITM detection implemented by WhatsApp spotted during #55.
|
Done enough for this sprint, will continue with #743 in the next sprint |
bassosimone
added a commit
that referenced
this issue
Jun 30, 2020
1 task
This was referenced Aug 25, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: