librebasics
Librebasics is a small project of mine to get free internet on FreeBasics internet connections provided by FaceBook available primarily in India, Thailand, and developing African nations. It's currently in a very early stage, but I will constantly update this page with information I gather about their DPI (Deep Packet Inspection) as time goes on, along with my methods for evasion.
Why
When I wrote this, I was stuck in Thailand , where one of the primary mobile providers has FreeBasics by default if you run out of credit, so I naturally decided to find a way around that.
Current observations
Their DPI is very strict, appearing to possibly check HTTPS certificates, and check both the request headers and responses of all HTTP connections, other protocols will be strictly disallowed, and other ports other than 443/80 blocked (mostly?? TODO: investigate this)
I am not sure if this is to do with time or location, but previously when I have been limited to Facebook-only access on TrueMove, it has not taken me through FreeBasics, and during this time, Facebook chat and calling was not available. When audio/video calls is possible it would be a good idea to attempt tunneling data over the webrtc connection which is established, or perhaps even fool the DPI and start my own connection (I do not know much about webrtc, or how Facebook uses it).
The main rules I have found are...
Request URL is relative, or a FreeBasics-permitted
Host
header is a FreeBasics-permitted URL
Response is not longer than specified (this varies ??)
0.freebasics.com
rules are
- Path is
/?ref=zerobalance
- Requests following these rules are allowed
All other site rules are
- Unknown, requests following only previous rules are disallowed
Current method
God, I feel like a Javascript developer explaining his amazing stack of lossy databases and frontend frameworks right now but, here is how I am currently bypassing FreeBasics.
1. "slowngay™" tunnel, making requests into "Facebook friendly" requests, and converting back on the other end 2. HTTP tunnel, I am using
Crowbar
, as many use methods which do not play nice with either my tunnel or the DPI 3. SSH connection over the tunnel, opening a local socks proxy with
-D
4.
redsocks
and iptables for routing traffic though the proxy
Phone usage
While this may sound unusually complicated, it is quite simple to make this work straight on a phone, without a any computer (you will need root, of course)
To make this work on my phone I used Termux, and ProxyDroid. Termux was really the main piece in making this setup so easy, it is a very useful tool. Crowbar as mentioned before can compile in an android shell with no configuration, in Termux just run
apt install golang
, then
go get
the repo.
To make this even easier and cooler to use after it has been set up, try installing
Termux:Widget
, so you can have a stop and start shortcut for the proxy tunnel components on your home screen, along with the proxy toggle widget available from ProxyDroid.
Where is your software m8?
Well, once I have an array of good bypass methods, I may package this and sell it. Of course I will not hold back information from any tech literate people who are interested, but I'm still not going to baby you by giving you my 30 line long Node.js script I used to replace the headers (PS. they don't filter "X-" headers), just write one yourself in a not so garbage language.