Beeline, why are you crawling into my HTTPS?
I arrived at the cottage for the weekend, fried a barbecue, drowned the bathhouse, and sat down on the Internet to sit for a bit. And my Internet unexpectedly began to look like this (I hope the Mercy seller will not take offense at me, but the screenshot was saved here only):
At first I sinned at 3G speed, browser, OS, etc. etc., but as it turned out, everything was not right.
And the problem is that HTTPS sites via Beeline 3G modem suddenly almost stopped opening. Everyone has become accustomed to Beeline’s “tricks” with interfering with HTTP and adding their code to the pages, with “draining” user data to activate paid subscriptions by clicking on the site, etc. Now training with HTTPS?
Of the problem with HTTPS, I did not immediately guess of course. At first I sinned on the quality of communication, I recalled my youth when “pictures were not downloaded” due to low speed. Well, I checked the speed on popular resources speedtest.net and internet.yandex.ru. Both speedtest and Yandex gave about the same speed, 3-10Mbps. Which is quite normal, considering that we don’t have 4G coverage in the country house, but with 3G everything is fine, the modem works in DC-HSPA + mode and shows “all the sticks”.
I tried to open various other sites, some opened, some did not, some were “torn”, or opened for a very long time. I even checked the speed using iperf from the laptop in the country to the server in the city, the speed was similar to what Yandex and speedt were giving out.
I already began to suspect that the problem is in HTTPS, but why does HTTPS not work, and the rest works? Nonsense?
What else have I tried? For starters, disabled adblock / ublock. Did not help. Instead of my favorite firefox, I launched IE. Did not help. Booted into Ubuntu, there are exactly the same problems in firefox, sites open with brakes. I took another laptop, connected the modem there - on another laptop there are also problems.
He returned to his laptop in firefox, launched the developer panel and began methodically opening sites and watching the loading process on the timeline.
Firstly, it immediately became clear why the drom.ru site “broke”:
It turns out that if you look at the site without https, then the pictures are still loaded (that is, in my case, they are NOT loaded) from the https server.
Secondly, I really made sure that the problem is in HTTPS. To do this, I opened the site http: // w3bsit3-dns.com and https: // w3bsit3-dns.com, and here's what happened: A site with https is not something that does not load at all. It loads, but ... the page code loads 40 seconds, and the entire page with pictures and scripts in full - 8 minutes! Moreover, the same page without SSL is loaded with 0.5 sec code and a full load in 12 seconds. The difference in download time is 40, and in places 80 times! Then it became clear about the "brakes" of other sites. They are no-no and all have js inserts from https servers. After all, https is now fashionable, inexpensive, and in general masthead (and browsers are already starting to swear on non-https sites)
Okay, then the problem with HTTPS is sorted out. But who is to blame? I disconnect the modem from the computer, turn on the access point on the phone (the provider is also Beeline) and ... hurray! Everything works without problems. Hmm, the problem is in the modem itself?
Well, I take the SIM card from the phone, put it into the modem. Modem to the computer. And cheers! Everything works without problems!
I insert the SIM card “modem” back into the modem, and everything returns - HTTPS slows down just hellishly.
For the purity of the experiment, I insert the modem with the "modem SIM card Beeline" into the wifi router, connect to it from the phone - HTTP works on the phone, HTTPS - no. I turn off WIFI, there is Internet on the phone through the "SIM card Beeline".
What are the intermediate conclusions? The problem is NOT: computer, OS, modem, browser. It is tied to a SIM card. HTTPS does not work adequately with this SIM card.
It is worth noting that not all HTTPS works inappropriately, which immediately distracted me from the right path. Namely: the sites https: // google.com, https: // gmail.com, https: // youtube.com (and all videos from it, in HD quality) and https: // yandex.ru worked perfectly. And the Beeline personal account worked on https (but it is not clear with it, it was some kind of nerdy in its best times) But https: // ya.ru is gone (yandex.ru worked)! And they didn’t work either: https: // lenta.ru https: // w3bsit3-dns.com.ru https: // spec.drom.ru https: // ngs.ru/ Of
course, I contacted Beeline technical support, describing the problem. To which I was immediately answered (I quote): " This situation can in no way be connected with us, we just provide you with the Internet. Try accessing another browser“Of course, the operator did not stop what I said in the application that“ I tried a different browser, a different OS and a different computer in general. ”
As a result, I removed the dump of the HTTPS connection to the site using wireshark, but I did not understand what was there Maybe sheyper / polishing, or maybe MitM, or something else (but confuses the constant packet reader): By the way, the TOR browser does not start at all (cannot load the network state). HTTPS traffic? PS and yes, I couldn’t get to the Habr / GT from the dacha, even just read it. Not always forced HTTPS is useful. UPD: If someone wants to dig deeper in the dump, then here is a link yadi.sk/d/Gg8IJ1PC3JpQAS Carved exchange with IP 4pda, I think it will be enough?
At first I sinned at 3G speed, browser, OS, etc. etc., but as it turned out, everything was not right.
And the problem is that HTTPS sites via Beeline 3G modem suddenly almost stopped opening. Everyone has become accustomed to Beeline’s “tricks” with interfering with HTTP and adding their code to the pages, with “draining” user data to activate paid subscriptions by clicking on the site, etc. Now training with HTTPS?
Of the problem with HTTPS, I did not immediately guess of course. At first I sinned on the quality of communication, I recalled my youth when “pictures were not downloaded” due to low speed. Well, I checked the speed on popular resources speedtest.net and internet.yandex.ru. Both speedtest and Yandex gave about the same speed, 3-10Mbps. Which is quite normal, considering that we don’t have 4G coverage in the country house, but with 3G everything is fine, the modem works in DC-HSPA + mode and shows “all the sticks”.
I tried to open various other sites, some opened, some did not, some were “torn”, or opened for a very long time. I even checked the speed using iperf from the laptop in the country to the server in the city, the speed was similar to what Yandex and speedt were giving out.
I already began to suspect that the problem is in HTTPS, but why does HTTPS not work, and the rest works? Nonsense?
What else have I tried? For starters, disabled adblock / ublock. Did not help. Instead of my favorite firefox, I launched IE. Did not help. Booted into Ubuntu, there are exactly the same problems in firefox, sites open with brakes. I took another laptop, connected the modem there - on another laptop there are also problems.
He returned to his laptop in firefox, launched the developer panel and began methodically opening sites and watching the loading process on the timeline.
Firstly, it immediately became clear why the drom.ru site “broke”:
It turns out that if you look at the site without https, then the pictures are still loaded (that is, in my case, they are NOT loaded) from the https server.
Secondly, I really made sure that the problem is in HTTPS. To do this, I opened the site http: // w3bsit3-dns.com and https: // w3bsit3-dns.com, and here's what happened: A site with https is not something that does not load at all. It loads, but ... the page code loads 40 seconds, and the entire page with pictures and scripts in full - 8 minutes! Moreover, the same page without SSL is loaded with 0.5 sec code and a full load in 12 seconds. The difference in download time is 40, and in places 80 times! Then it became clear about the "brakes" of other sites. They are no-no and all have js inserts from https servers. After all, https is now fashionable, inexpensive, and in general masthead (and browsers are already starting to swear on non-https sites)
Okay, then the problem with HTTPS is sorted out. But who is to blame? I disconnect the modem from the computer, turn on the access point on the phone (the provider is also Beeline) and ... hurray! Everything works without problems. Hmm, the problem is in the modem itself?
Well, I take the SIM card from the phone, put it into the modem. Modem to the computer. And cheers! Everything works without problems!
I insert the SIM card “modem” back into the modem, and everything returns - HTTPS slows down just hellishly.
For the purity of the experiment, I insert the modem with the "modem SIM card Beeline" into the wifi router, connect to it from the phone - HTTP works on the phone, HTTPS - no. I turn off WIFI, there is Internet on the phone through the "SIM card Beeline".
What are the intermediate conclusions? The problem is NOT: computer, OS, modem, browser. It is tied to a SIM card. HTTPS does not work adequately with this SIM card.
It is worth noting that not all HTTPS works inappropriately, which immediately distracted me from the right path. Namely: the sites https: // google.com, https: // gmail.com, https: // youtube.com (and all videos from it, in HD quality) and https: // yandex.ru worked perfectly. And the Beeline personal account worked on https (but it is not clear with it, it was some kind of nerdy in its best times) But https: // ya.ru is gone (yandex.ru worked)! And they didn’t work either: https: // lenta.ru https: // w3bsit3-dns.com.ru https: // spec.drom.ru https: // ngs.ru/ Of
course, I contacted Beeline technical support, describing the problem. To which I was immediately answered (I quote): " This situation can in no way be connected with us, we just provide you with the Internet. Try accessing another browser“Of course, the operator did not stop what I said in the application that“ I tried a different browser, a different OS and a different computer in general. ”
As a result, I removed the dump of the HTTPS connection to the site using wireshark, but I did not understand what was there Maybe sheyper / polishing, or maybe MitM, or something else (but confuses the constant packet reader): By the way, the TOR browser does not start at all (cannot load the network state). HTTPS traffic? PS and yes, I couldn’t get to the Habr / GT from the dacha, even just read it. Not always forced HTTPS is useful. UPD: If someone wants to dig deeper in the dump, then here is a link yadi.sk/d/Gg8IJ1PC3JpQAS Carved exchange with IP 4pda, I think it will be enough?