Related
Hello Everyone,
I am developing an application which will try to automatically authenticate a phone when connected to a wifi hotspot that is using a BlueSocket system. This is normally used in universities and colleges. I wonder is anyone out there in a BlueSocket campus? And if you are would you use this application?
I'd definitely find an app like this really useful.
I hate having to open my browser and *hope* that it'll redirect me to the bluesocket login page.
Good luck on the app
Great, In my college the blue socket also does that, Sometimes redirects, and sometimes not. I have figured out that if the first page you attempt to access is a secure https:// page, then it won't redirect the traffic. However if its a regular, http:// page, then there is redirection. But that however works when it wants to. Some computers or browsers don't like being redirected like that i believe.
I currently have the app being able to specify what the server url is and login details, but some servers redirect weirdly. I will hopefully upload a beta in a couple of days.
Thanks for your interest.
I have uploaded this app into the market, all feedback should go to the following thread.
http://forum.xda-developers.com/showthread.php?t=1033331
[MARKET LINK]
https://market.android.com/details?id=com.emdnet.bsa
Thanks
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
yukinok25 said:
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
Click to expand...
Click to collapse
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
johnston9234 said:
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
Click to expand...
Click to collapse
yes, a free proxy can be a solution in most cases, here try some in this list first:
http://www.publicproxyservers.com/proxy/list1.html
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
pulser_g2 said:
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
Click to expand...
Click to collapse
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Considering you are at school, you will lack a lot of needed rights to edit certain things. I would know, I had to get around blocks on both Windows and Mac computers my freshman year.
I would advise you use the software, Your Freedom, it's free, but requires an account, you will also need to use a browser such as Firefox, and edit the settings to use the correct IP and Port as a proxy.
It also works on both Mac's and PC's. There is another software that I had used, strictly for windows PC's, but I can't recall the name of it.
Edit: I also ran the software from my flash drive..
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
yukinok25 said:
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Click to expand...
Click to collapse
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
Come on... Surely you ain't gonna abuse that privilege? You got it because you were trusted, not to work round the restrictions that are in your acceptable use policy...
yukinok25 said:
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
Click to expand...
Click to collapse
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
pulser_g2 said:
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
Click to expand...
Click to collapse
haha, All of my schools have used disk freezing software. I thought about putting it on my parent's computer so I don't have to work on it anymore.
Eventhough I generally don't work on it anymore and just have them call someone to work on it for them. hahah.
buttes said:
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
Click to expand...
Click to collapse
Back in my days in high school we just got the many different IT and Librarian passwords/usernames and some teacher's passwords aswell. Then we'd log in to them and download Kazaa (yeah, it was that long ago lol), and downloaded like a gig or two of old NES, SNES, SEGA, Etc roms and started passing them around to everyone. haha.
It got so bad that the school threatened expulsion for everyone that had the games on their user accounts because it was overloading their network and storage space.
For a while they were just searching for the rom's extensions and you could just go and change them to a .txt and then change them back when you wanted to play them, but then they finally realized that the gig of space the roms took up were about 4 times the size of the data we were allowed to have and they could just sort the usernames by the usage of storage space.
The teacher's ones were fun to have though... it allowed you change some grades here and there...especially with my method of madness which I will not describe here. lol
pulser_g2 said:
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Click to expand...
Click to collapse
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
yukinok25 said:
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
Click to expand...
Click to collapse
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
pulser_g2 said:
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
Click to expand...
Click to collapse
True I am agree with you Pulser, thus I am really into this sort of things recently.
I am eager to learn..
Could you please recommend me a book or something (not too advanced) that would help me to understand better LDAP/AD, DNS and everything about security and networking?
I obviously wanna learn just for myself and I definitely don't want to spread or divulge in anyway bad behaviors..
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
if not previously mentioned, you're looking for "Tor" which comes in both installable packages or portable exe files that can be run off flash drives and includes a custom made 'Mozilla Firefox' which comes preloaded with Tor and does not save any browsing information on your client machine, thus this program is completely anon when ran from a flash drive.
www.torproject.org and you're looking for the Stable Portable Browser Bundle
Please thanks me (click thanks) if this helped
really there is a simple way
use kon-boot and bypass admin password and change the settings
kylon said:
really there is a simple way
use kon-boot and bypass admin password and change the settings
Click to expand...
Click to collapse
not if he is on a school network, he would have to physically run kon-boot on the server itself which defeats the purpose because the server would already be logged in as an admin of some kind.
-correct me if I'm misunderstanding or have missed a key post somewhere-
hi guys,the company i am current working at uses a proxy connection for accessing the internet.(you have to go through the proxy in order to access the internet).but the proxy blocked most websites,so i tried to use a vpn connection over the company proxy to bypass the internet restriction.The problem is ,vpn connections are not allowed to go through the proxy.is there any way to bypass the block to use vpn or bypassing the proxy?I am currently using my company's wifi on an android device.please kindly help me to solve this problem.Sorry for my bad english and thank you for any help.
best wishes,
sunnytse1
*thanks button will be clicked if helped!
Anyone?
Sent from my LG-P880 using XDA Premium HD app
sunnytse1 said:
hi guys,the company i am current working at uses a proxy connection for accessing the internet.(you have to go through the proxy in order to access the internet).but the proxy blocked most websites,so i tried to use a vpn connection over the company proxy to bypass the internet restriction.The problem is ,vpn connections are not allowed to go through the proxy.is there any way to bypass the block to use vpn or bypassing the proxy?I am currently using my company's wifi on an android device.please kindly help me to solve this problem.Sorry for my bad english and thank you for any help.
best wishes,
sunnytse1
*thanks button will be clicked if helped!
Click to expand...
Click to collapse
the company i am current working also use VPN by setting the IP adress
the concrete operation is a little complicated, you'd better google for help
Good luck
The easiest solution would be to use 3G/4G and thus avoid any filter/proxy that your company WiFi has.
Assuming you don't want to do that, you should try to figure out what kind of VPN you're using. There are 4 main types:
1) PPTP - This one is old but supported in almost every OS natively (including Android). It's easy to setup a server for these using any Pro version of Windows. It's also easy to block.
2) L2TP - This one is more secure but also less supported. This one is also fairly easy to block. I think only Server editions of Windows can create this type of VPN.
3) IPSec - This is your Cisco-type VPNs. These tend to be more difficult to setup on the server side. Depending on how the network is configured this may be blocked too (but less likely).
4) OpenVPN - This is probably your best bet to avoid workplace blocking. You can configure it to use any protocol or port that you want, however it is very difficult to configure for a first time user. There are tutorials available online to help. You'll need an app (and maybe root) to use an OpenVPN-based VPN.
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
TexasState said:
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
Click to expand...
Click to collapse
Yeah, that's a workaround indeed, however the setup is long and extensive for anyone. We're still trying to find a QUICK solution that doesn't require a mass setup of every device. I only bounce to my tethering when there's an outage at home or I'm on the road, neither are the best solutions to be spending time switching everything over when I could have just as easily opened the browser on my phone to take care of everything. I found this post from the link you posted in the other thread where we weren't discussing hard solutions, just concepts and ideas, theoretical solutions (hence why there was never a post like this there). It's great to see that the one thing we know is the catalyst has been confirmed once again (HTTP USER-AGENT) as what T-Mo and every other carrier is doing, so this is a solution for not just T-Mo, but every provider. Again, it's a hell of a setup and requires that you keep at least one computer active during the ENTIRE tethering session, also, it appears T-Mo doesn't block Playstation 3 from what I can tell, at least we were able to watch like 3-4 hours of Netflix when we had the 500mb tethering cap without a problem.
This affect nat type? If I use this program? Ps3 online game though
Sent from my SGH-T889 using XDA Premium 4 mobile app
It seems T-Mobile has caught onto using different agents. I was trying to use mobile hotspot on my laptop yesterday. It didn't matter if my UA was android handset or Googlebot, it redirected me to a hotspot upsell page.
Dr. Hax said:
It seems T-Mobile has caught onto using different agents. I was trying to use mobile hotspot on my laptop yesterday. It didn't matter if my UA was android handset or Googlebot, it redirected me to a hotspot upsell page.
Click to expand...
Click to collapse
Go into your APNs and select the tethering APN, if you can edit the hostname from epc.tmobile.com to fast.t-mobile.com or whatever your normal APN is, there are a bunch of threads talking about how to get tethering working, this is just the LAST step, don't come here thinking this is the FIRST step, you're going at it backwards.
TexasState said:
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
Click to expand...
Click to collapse
Doesn't work on ps3...obtaining ip address succeeds but internet connection fails..i added the ip and port 8888 to the fire wall and allowed connection. and when i hover over the two computers it shows two ip addresses i have tried both and same results
metro pcs upsell, lg optimus f3/JB 4.1.2
I'm on the Metro PCS network, i used to have the lg motion and that phone would hotspot my ps3 with no problems. I figured that I would upgrade my phone to the lg optimus F3 and keep hotspoting on the $60 unlimited plan. Much to my surprise I have ran into the same issue many have others have ran into, the tmobile upsell page. mine now says metro pcs upsell. so I have tried many Apps in the store with no possible way around the upsell page. After hours and days of research, its apperhant that tmobile and metro pcs are not restricting the tethering function. I can obtain an ip address but not gain internet access. As have many others. I've rooted my phone using motochopper, i installed titanium backup pro, and rom toolbox pro. I backed up all my apk's to the external and went root browsing for anything that has to do with wifi, hotspot or tether. I wasnt getting anywhere untill today. My LG Optimus F3 runs on JB 4.1.2, instead of finding tethering features i found the open source codes on sharing data and http rules. I dont have much experience with altering codes, but i do know this would be a great starting point for bypassing the upsell reroute. By using romtools pro, i finally found myself using the app manager, from there i clicked on the file networking apk, i scrolled the app display to the right to get to romtools special features, clicked on explore apk. Every rule was laid out in plain text using a notepad. Javax/servlets/resources. Every file in this folder can be read with notepad. There is tons of info regarding internet sharing, web browsing, and what runs and triggers the infamous upsell codes. I've read a few post where developers are trying to find the source of upsell, i hope this helps as a starting point. (Besides that) i was also able to enter the lg hidden menu and uninstall all metro pcs apps with one click
"(Besides that) i was also able to enter the lg hidden menu and uninstall all metro pcs apps with one click""" ????
i am in exact same boat , metropcs , rooted with all tricks tried , and still upsell page .
one interesting thing though is my lg motion can use the F3 wifi for ip camera apps . tried other apps but no go .
"IP camera viewer" has no issues accessing internet by way of a wifi tether on the F3 using my non active LG motion , strange .......the other apps report network errors or just fail to start ( netflix ) perhaps this will help in hunting a bypass on the UPsell crap
Thanks but...
Thanks for providing the most current news about this problem with Tmobile, I have been using HMA / foxfi since Aug 2013. Just a few hours ago it stopped working, couldn't even login to VPN. I lost my useragent switcher when I upgraded Chrome, and couldn't fall back on that either, so thanks for the tip about fiddler.
I am currently online because I caved to the upsell. So my question is, has Tmobile "improved" security on its upsell to the point that VPN's and UA spoofs dont work anymore, and do I have to learn the answer to this by community or by blowing my data limit again? Does anyone have a fresh strategy, or know what's going on in Tmobile business? Do they even care about people like us?
I live by this connection, since other ISP's around here are not worthwhile, and I maintain mobile business with my laptop, and I would prefer to process GB's without having to scavenge for someone else's wifi.
petedude2lu3 said:
Thanks for providing the most current news about this problem with Tmobile, I have been using HMA / foxfi since Aug 2013. Just a few hours ago it stopped working, couldn't even login to VPN. I lost my useragent switcher when I upgraded Chrome, and couldn't fall back on that either, so thanks for the tip about fiddler.
I am currently online because I caved to the upsell. So my question is, has Tmobile "improved" security on its upsell to the point that VPN's and UA spoofs dont work anymore, and do I have to learn the answer to this by community or by blowing my data limit again? Does anyone have a fresh strategy, or know what's going on in Tmobile business? Do they even care about people like us?
I live by this connection, since other ISP's around here are not worthwhile, and I maintain mobile business with my laptop, and I would prefer to process GB's without having to scavenge for someone else's wifi.
Click to expand...
Click to collapse
VPN's no longer work for me either. I'm not getting the upsell page just no internet access at all while tethering.
Thanks TexasState, this was very valuable information that got me completely through T-Mobile's "walled garden" on their unlimited high-speed plan (for phones only) in an area where we don't have any good land-line options. :good:
What are some proactive approaches to making sure T-Mobile doesn't block my line? I'm using a phone basically as a makeshift wifi-router and all our computers run Fiddler. Is there anything else that T-Mobile might do to sniff out cheaters in the future? Is user-agent the only thing they can look at to determine if you're cheating?
Greetings first post here on XDA I have been able to tether via usb on metro/tmobile in OKC ,I am on a rooted F3 (LGMS659) I have tried just about everything a little luck with open garden but too slow for me ,downloaded foxfi wifi ap point no go ,redirected to upsell , tried usb with level one settings ,it works . but I may have done something when I entered the hidden menu 3548#*659# in settings those last two are interesting to me Upsell Url and ATS Start Property On
Took me about 8-10 hours to figure it out but i did it so heres how you get your tether back.
1.Open up your hidden menu.
2.Open Wlan test.
3. Click on UpSell and turn it off.
And turn on your tether app and have fun.
JUN10R831 said:
Took me about 8-10 hours to figure it out but i did it so heres how you get your tether back.
1.Open up your hidden menu.
2.Open Wlan test.
3. Click on UpSell and turn it off.
And turn on your tether app and have fun.
Click to expand...
Click to collapse
After half a day on the unlimited plan with Tea Mobile, this seems to have worked for me. Had to reinstall hiddenmenu.apk on my LG phone because I removed it earlier as bloatware but even after a reinstall as a user (as opposed to system) app, it worked.
Procedure was slightly different due to different model of phone/hidden menu but same basic procedure. BTW, it's unlimited but with 2.5 gb cap for hotspot. Let's just say I'm over the cap.
EDIT: So I got to almost 6 gb in one day, but then I got the redirect of death. I will troubleshoot when I have time later.
dbozam said:
After half a day on the unlimited plan with Tea Mobile, this seems to have worked for me. Had to reinstall hiddenmenu.apk on my LG phone because I removed it earlier as bloatware but even after a reinstall as a user (as opposed to system) app, it worked.
Procedure was slightly different due to different model of phone/hidden menu but same basic procedure. BTW, it's unlimited but with 2.5 gb cap for hotspot. Let's just say I'm over the cap.
Click to expand...
Click to collapse
What model did you use? Mine was in the Hidden Menu --> Settings menu.. and i chose "Upsell Try Off" with no avail.
LG G2 for Tmobile.
S4 "Hidden" Menu
I'm having the same issues as presented above but I'm unable to get into the "hidden" menu using the key code mentioned. I'm running Wicked V10 (it's great). Would love to test this out if I could access the right menu. So far I've gotten into the service menu but that's it.
This is by far the best work around I have found. Everything works. And if you are clever you can edit your user agent rules so they are automatic. Then turn fiddler into a windows service so ya never have to see it again and it just works. Excellent tutorial. The only thing I wish I could do is figure out how to get my Xbox 360 to connect to fiddlers proxy. If anyone knows please post it.
Thanks again OP
-Polluti0n
Sent from my SAMSUNG-SGH-T879 using XDA Premium 4 mobile app
Blank UA causes 403s and ASP issues.
This method works fantastic overall. I have my phone tethered to a router and run fiddler on all needed devices - no upsell message thus far (40GB+ down)
The issue I've run into is that some websites user the User Agent string to serve different content - by using a blank UA many ASP.net websites fail (on _doPostBack, in particular) and several give 403 errors (docs.WooThemes com) so I switched to a mobile UA but then sites serve mobile versions of their content (Amazon com). The next option is a desktop UA, but then I may as well not even switch it at ll?
I'm wondering - does anyone know what specifically T-Mobile looks for in the UA field, or know of a valid UA string that avoids detection but doesn't register as mobile (or give 403's)?
brn2drv99 said:
This method works fantastic overall. I have my phone tethered to a router and run fiddler on all needed devices - no upsell message thus far (40GB+ down)
The issue I've run into is that some websites user the User Agent string to serve different content - by using a blank UA many ASP.net websites fail (on _doPostBack, in particular) and several give 403 errors (docs.WooThemes com) so I switched to a mobile UA but then sites serve mobile versions of their content (Amazon com). The next option is a desktop UA, but then I may as well not even switch it at ll?
I'm wondering - does anyone know what specifically T-Mobile looks for in the UA field, or know of a valid UA string that avoids detection but doesn't register as mobile (or give 403's)?
Click to expand...
Click to collapse
Googlebot and safari 5 for windows work great and are undetected by T-Mobile.
Sent from my SAMSUNG-SGH-T879 using XDA Premium 4 mobile app
Polluti0n said:
Googlebot and safari 5 for windows work great and are undetected by T-Mobile.
Click to expand...
Click to collapse
Seems to work perfectly. Thanks!
For anyone needing it, here's a bare-bones CustomRules js file for Fiddler.
Code:
import System;
import Fiddler;
class Handlers
{
static function OnBeforeRequest(oSession: Session) {
// User-Agent Overrides
oSession.oRequest["User-Agent"] = "Mozilla/5.0 (compatible; Googlebot/2.1; +tp://w.google.com/bot.html)";
// Add 'ht' after the + and make it 3 'w's instead of just one
}
}
Hi friends, i try to secure my children phones from accessing not wonted sites. At home i configured mikrotik router so there is no way to bypass restrictions. But i cannot control what they access from mobile network.
The ideal way would be to connect phone to home VPN . Is there a way to force phone use VPN so user could not just switch it off?
In that case all home network rules and restrictions would work.
If you have some ideas about it, please share.
P.S. I did it recently when noticed that 8 year old neighbor children are watching porn...
I never tried it, but you could check if "Multiple users" gives you the chance to create a low privileged user which could maybe not edit network/vpn/dns settings?
Maybe you could setup the main accounts &co from the admin user and secure it with your fingerprint, then grant your childs just the "guest" user access?
Maybe give it a try and check what those users (a new one you create or the guest one) are allowed to do and if that achieves your objective
migors said:
Hi friends, i try to secure my children phones from accessing not wonted sites. At home i configured mikrotik router so there is no way to bypass restrictions. But i cannot control what they access from mobile network.
The ideal way would be to connect phone to home VPN . Is there a way to force phone use VPN so user could not just switch it off?
In that case all home network rules and restrictions would work.
If you have some ideas about it, please share.
P.S. I did it recently when noticed that 8 year old neighbor children are watching porn...
Click to expand...
Click to collapse
My mother utilized Norton Family to limit what could be seen and not seen. You can also utilize the built in family link ability from google to block searches on google and app store. Link for reference: https://protectyoungeyes.com/content/android-parental-controls-complete-guide-parents/
As far as what you are asking, you could use adguard to create the persistent VPN and use their family dns set up. Once done you can always use an app locker to lock the app settings and the app itself so it can't be uninstalled.
maybe you can test an app locker. with it, they can't stop the app vpn if they haven't the code lock
gege0202 said:
maybe you can test an app locker. with it, they can't stop the app vpn if they haven't the code lock
Click to expand...
Click to collapse
You can use an APP locker to lock the settings.
If you can't access the settings you can't turn it off.
migors said:
Hi friends, i try to secure my children phones from accessing not wonted sites. At home i configured mikrotik router so there is no way to bypass restrictions. But i cannot control what they access from mobile network.
The ideal way would be to connect phone to home VPN . Is there a way to force phone use VPN so user could not just switch it off?
In that case all home network rules and restrictions would work.
If you have some ideas about it, please share.
P.S. I did it recently when noticed that 8 year old neighbor children are watching porn...
Click to expand...
Click to collapse
Try private dns: dns-family.adguard.com
Read here: https://www.google.com/amp/s/adguard.com/en/blog/adguard-dns-announcement/amp.html
One problem with the "lock the VPN settings" is that the VPN swithes off fairly randomly. On my phone, I set up a VPN using my home router, and connect to it while on mobile. But at random points in the day it disconnects. It's necessary to go back into VPN settings to turn it back on...
Frankenscript said:
One problem with the "lock the VPN settings" is that the VPN swithes off fairly randomly. On my phone, I set up a VPN using my home router, and connect to it while on mobile. But at random points in the day it disconnects. It's necessary to go back into VPN settings to turn it back on...
Click to expand...
Click to collapse
It's getting convoluted but taker can force reconnect.
Caltinpla said:
Try private dns: dns-family.adguard.com
Read here: https://www.google.com/amp/s/adguard.com/en/blog/adguard-dns-announcement/amp.html
Click to expand...
Click to collapse
I already use opendns, it blocks everything.
I do not see option to add just dns in android. Child just installs some vpn app or connects to some wifi and restrictions does not work.
On other hand if phone is connected to home vpn, there is no way to bypass it.
My microtik bloks all proxy, vpn and routes dns to opendns.
thanks for app locker suggestion. will try it
migors said:
I already use opendns, it blocks everything.
I do not see option to add just dns in android. Child just installs some vpn app or connects to some wifi and restrictions does not work.
On other hand if phone is connected to home vpn, there is no way to bypass it.
My microtik bloks all proxy, vpn and routes dns to opendns.
thanks for app locker suggestion. will try it
Click to expand...
Click to collapse
It's under Wi-Fi and internet setting but only available for Android 9 version. The adguard family dns blocks ad and adult stuff also.