Beeline, why are you climbing into my HTTPS?
I arrived for a weekend at the dacha, fried a skewer, heated the bathhouse, and sat on the Internet to sit a little. And my Internet suddenly began to look like this (I hope the Mercy seller will not be offended at me, but the screenshot has been preserved like this):
At first I sinned on 3G speed, browser, OS, etc. etc., but as it turned out all wrong.
And the problem is that HTTPS sites via Beeline 3G modem suddenly almost stopped opening. Everyone is already accustomed to Beeline's “tricks” with interference in HTTP and adding their own code to the pages, with “draining” user data to activate paid subscriptions by clicking on the site, etc. And now training with HTTPS?
About the problem with HTTPS, I did not immediately guess of course. At first I sinned on the quality of communication, I remembered my youth, when “the pictures didn’t load” due to low speed. Well, I checked the speed on the popular resources speedtest.net and internet.yandex.ru. And speedtest and Yandex gave out about the same speed, 3-10Mbps. Which is quite normal, considering that we don’t have 4G coverage in our holiday village, but with 3G everything is fine, the modem works in DC-HSPA + mode and shows “all sticks”.
I tried to open various other sites, some opened, some didn’t, some were “ragged”, or opened for a very long time. I even checked the speed with the help of iperf from the laptop in the country to the server in the city, the speed was similar to that given by Yandex and speedtest.
')
I have already begun to suspect that the problem is in HTTPS, but why does HTTPS not work, and the rest work? Brad same?
What else have I tried? First, I disabled adblock / ublock. Did not help. Instead of my favorite firefox, I launched IE. Did not help. Booted into Ubuntu, there are exactly the same problems in firefox, sites open with brakes. I took another laptop, connected the modem there - on the other laptop there are also problems.
I returned to my laptop in firefox, launched the developer panel and began methodically opening sites and watching the download process on the timeline.
First of all, it immediately became clear why the drom.ru website “broke up”:
It turns out that if you watch the site without https, then the pictures are still loaded (that is, in my case - NOT loaded) from the https server.
Secondly, I really made sure that the problem is in HTTPS. To do this, opened the site http: // w3bsit3-dns.com and https: // w3bsit3-dns.com.ru, and this is what happened:
A website with https is not at all loaded. It loads, but ... the page code loads 40 seconds, and the whole page with pictures and scripts is 8 minutes! Moreover, the same page without SSL loads a 0.5 second code and a full load in 12 seconds. The difference in loading time is 40, and in some places 80 times!
It became clear about the "brakes" of other sites. They are no no, and all have js inserts from https servers. After all, https is now fashionable, inexpensive, and in general masthev (and browsers are already starting to swear on non-https sites)
Well, what is the problem with HTTPS - sorted out. But who is to blame? I disconnect the modem from the computer, turn on the access point on the phone (the provider is also Beeline) and ... hurray! Everything works without problems. Hmm, the problem is in the modem itself?
Well, I take out the SIM card from the phone, insert it into the modem. Modem to computer. And cheers! Everything works without problems!
I insert the SIM card "modem" back into the modem, and everything returns - HTTPS slows down just like hell.
For the purity of the experiment, I insert a modem with a “modem sim card beeline” into a wifi router, connect to it from the phone - HTTP on the phone works, HTTPS is not. I turn off WIFI, through the "phone SIM card beeline" the Internet is on the phone.
What are the intermediate conclusions? The problem is NOT in: computer, OS, modem, browser. It is tied to the SIM card. With this SIM, HTTPS works inadequately.
It is worth noting here that not all HTTPS works inadequately, which immediately distracted me from the right path. Namely: https: // google.com, https: // gmail.com, https: // youtube.com sites (and all videos from it, in HD quality) and https: // yandex.ru worked perfectly. And the personal account of the biline worked on https (but it is not clear with it, it was some kind of brake in its best times) But https: // ya.ru is already gone (yandex.ru worked)! And they did not work either: https: // lenta.ru https: // w3bsit3-dns.com.ru https: // spec.drom.ru https: // ngs.ru/
Of course, I contacted Beeline tech support, describing the problem. I immediately answered (I quote): " This situation can in no way be connected with us, we just provide you with the Internet. Try to log in through another browser ." Of course, the operator did not stop what I said in the application that “I tried another browser, another OS and another computer in general”.
In the end, I took a dump of HTTPS connections to the site using wireshark, but did not understand what was happening there. Maybe shaper / polising, and maybe MitM, or something else altogether (but confused by the constant package reorder):
By the way, the TOR-browser does not start at all (can not download the network status). Who has any idea why Beeline climbs into HTTPS traffic?
PS and yes, from the garden I could not get on Habr / GT, even just to read. Not always forced HTTPS is helpful.
UPD: If someone wants to dig deeper in the dump, then here is the link yadi.sk/d/Gg8IJ1PC3JpQAS Cut the exchange with IP w3bsit3-dns.com, I think it will be enough?
At first I sinned on 3G speed, browser, OS, etc. etc., but as it turned out all wrong.
And the problem is that HTTPS sites via Beeline 3G modem suddenly almost stopped opening. Everyone is already accustomed to Beeline's “tricks” with interference in HTTP and adding their own code to the pages, with “draining” user data to activate paid subscriptions by clicking on the site, etc. And now training with HTTPS?
About the problem with HTTPS, I did not immediately guess of course. At first I sinned on the quality of communication, I remembered my youth, when “the pictures didn’t load” due to low speed. Well, I checked the speed on the popular resources speedtest.net and internet.yandex.ru. And speedtest and Yandex gave out about the same speed, 3-10Mbps. Which is quite normal, considering that we don’t have 4G coverage in our holiday village, but with 3G everything is fine, the modem works in DC-HSPA + mode and shows “all sticks”.
I tried to open various other sites, some opened, some didn’t, some were “ragged”, or opened for a very long time. I even checked the speed with the help of iperf from the laptop in the country to the server in the city, the speed was similar to that given by Yandex and speedtest.
')
I have already begun to suspect that the problem is in HTTPS, but why does HTTPS not work, and the rest work? Brad same?
What else have I tried? First, I disabled adblock / ublock. Did not help. Instead of my favorite firefox, I launched IE. Did not help. Booted into Ubuntu, there are exactly the same problems in firefox, sites open with brakes. I took another laptop, connected the modem there - on the other laptop there are also problems.
I returned to my laptop in firefox, launched the developer panel and began methodically opening sites and watching the download process on the timeline.
First of all, it immediately became clear why the drom.ru website “broke up”:
It turns out that if you watch the site without https, then the pictures are still loaded (that is, in my case - NOT loaded) from the https server.
Secondly, I really made sure that the problem is in HTTPS. To do this, opened the site http: // w3bsit3-dns.com and https: // w3bsit3-dns.com.ru, and this is what happened:
A website with https is not at all loaded. It loads, but ... the page code loads 40 seconds, and the whole page with pictures and scripts is 8 minutes! Moreover, the same page without SSL loads a 0.5 second code and a full load in 12 seconds. The difference in loading time is 40, and in some places 80 times!
It became clear about the "brakes" of other sites. They are no no, and all have js inserts from https servers. After all, https is now fashionable, inexpensive, and in general masthev (and browsers are already starting to swear on non-https sites)
Well, what is the problem with HTTPS - sorted out. But who is to blame? I disconnect the modem from the computer, turn on the access point on the phone (the provider is also Beeline) and ... hurray! Everything works without problems. Hmm, the problem is in the modem itself?
Well, I take out the SIM card from the phone, insert it into the modem. Modem to computer. And cheers! Everything works without problems!
I insert the SIM card "modem" back into the modem, and everything returns - HTTPS slows down just like hell.
For the purity of the experiment, I insert a modem with a “modem sim card beeline” into a wifi router, connect to it from the phone - HTTP on the phone works, HTTPS is not. I turn off WIFI, through the "phone SIM card beeline" the Internet is on the phone.
What are the intermediate conclusions? The problem is NOT in: computer, OS, modem, browser. It is tied to the SIM card. With this SIM, HTTPS works inadequately.
It is worth noting here that not all HTTPS works inadequately, which immediately distracted me from the right path. Namely: https: // google.com, https: // gmail.com, https: // youtube.com sites (and all videos from it, in HD quality) and https: // yandex.ru worked perfectly. And the personal account of the biline worked on https (but it is not clear with it, it was some kind of brake in its best times) But https: // ya.ru is already gone (yandex.ru worked)! And they did not work either: https: // lenta.ru https: // w3bsit3-dns.com.ru https: // spec.drom.ru https: // ngs.ru/
Of course, I contacted Beeline tech support, describing the problem. I immediately answered (I quote): " This situation can in no way be connected with us, we just provide you with the Internet. Try to log in through another browser ." Of course, the operator did not stop what I said in the application that “I tried another browser, another OS and another computer in general”.
In the end, I took a dump of HTTPS connections to the site using wireshark, but did not understand what was happening there. Maybe shaper / polising, and maybe MitM, or something else altogether (but confused by the constant package reorder):
By the way, the TOR-browser does not start at all (can not download the network status). Who has any idea why Beeline climbs into HTTPS traffic?
PS and yes, from the garden I could not get on Habr / GT, even just to read. Not always forced HTTPS is helpful.
UPD: If someone wants to dig deeper in the dump, then here is the link yadi.sk/d/Gg8IJ1PC3JpQAS Cut the exchange with IP w3bsit3-dns.com, I think it will be enough?
Source: https://habr.com/ru/post/373517/
All Articles