Google Web Light
6,023 views
Skip to first unread message
David Fifield
Nov 27, 2016, 12:31:39 PM11/27/16
to traff...@googlegroups.com
There's this service called Google Web Light that MITMs/proxies web
traffic and somehow transcodes it to be smaller so it uses less mobile
data. Apparently Chrome on Android automatically uses it when it detects
that a page loads slowly (maybe only in certain countries). It might be
interesting for circumvention because it is a service like CGIProxy.
https://webmasters.googleblog.com/2015/04/faster-and-lighter-mobile-web-pages-for.html
http://www.androidpolice.com/2015/06/12/heres-google-web-light-the-new-bare-bones-version-of-websites-for-users-on-slow-connections/
An example of using it (insert your own URL):
https://googleweblight.com/?lite_url=https://example.com/
If you click the Refresh button it gives you a timestamp:
https://googleweblight.com/?lite_url=https://example.com/&lite_refresh=1480266120718
If you pass the "lite_refresh" parameter, it's an open URL redirector:
https://googleweblight.com/?lite_url=http://xyz.bogus.tld/&lite_escape=
I learned about this from my own web server logs. Requests look like
this, with "googleweblight" in the User-Agent string:
64.233.172.155 - - [26/Nov/2016:01:42:37 -0700] "GET / HTTP/1.1" 200 8486 "https://www.google.co.in/" "Mozilla/5.0 (Linux; Android 4.2.1; en-us; Nexus 5 Build/JOP40D) AppleWebKit/535.19 (KHTML, like Gecko; googleweblight) Chrome/38.0.1025.166 Mobile Safari/535.19"
The source address can vary; for example among others I saw:
66.102.8.13 (google-proxy-66-102-8-13.google.com)
66.249.83.151 (google-proxy-66-249-83-151.google.com)
66.249.85.182 (google-proxy-66-249-83-182.google.com)
64.233.172.155 (google-proxy-64-233-172-155.google.com)
64.233.172.157 (google-proxy-64-233-172-157.google.com)
By encoding data in a way that survives the transcoding step, you could
use Google Web Light as a general-purpose proxy. Unfortunately the
googleweblight.com doesn't seem to support domain fronting with the few
Google domains I tried; however googleweblight.com itself may be
difficult to block because of many mobile Chrome users.
traffic and somehow transcodes it to be smaller so it uses less mobile
data. Apparently Chrome on Android automatically uses it when it detects
that a page loads slowly (maybe only in certain countries). It might be
interesting for circumvention because it is a service like CGIProxy.
https://webmasters.googleblog.com/2015/04/faster-and-lighter-mobile-web-pages-for.html
http://www.androidpolice.com/2015/06/12/heres-google-web-light-the-new-bare-bones-version-of-websites-for-users-on-slow-connections/
An example of using it (insert your own URL):
https://googleweblight.com/?lite_url=https://example.com/
If you click the Refresh button it gives you a timestamp:
https://googleweblight.com/?lite_url=https://example.com/&lite_refresh=1480266120718
If you pass the "lite_refresh" parameter, it's an open URL redirector:
https://googleweblight.com/?lite_url=http://xyz.bogus.tld/&lite_escape=
I learned about this from my own web server logs. Requests look like
this, with "googleweblight" in the User-Agent string:
64.233.172.155 - - [26/Nov/2016:01:42:37 -0700] "GET / HTTP/1.1" 200 8486 "https://www.google.co.in/" "Mozilla/5.0 (Linux; Android 4.2.1; en-us; Nexus 5 Build/JOP40D) AppleWebKit/535.19 (KHTML, like Gecko; googleweblight) Chrome/38.0.1025.166 Mobile Safari/535.19"
The source address can vary; for example among others I saw:
66.102.8.13 (google-proxy-66-102-8-13.google.com)
66.249.83.151 (google-proxy-66-249-83-151.google.com)
66.249.85.182 (google-proxy-66-249-83-182.google.com)
64.233.172.155 (google-proxy-64-233-172-155.google.com)
64.233.172.157 (google-proxy-64-233-172-157.google.com)
By encoding data in a way that survives the transcoding step, you could
use Google Web Light as a general-purpose proxy. Unfortunately the
googleweblight.com doesn't seem to support domain fronting with the few
Google domains I tried; however googleweblight.com itself may be
difficult to block because of many mobile Chrome users.
Adam Fisk
Nov 27, 2016, 12:52:54 PM11/27/16
to traff...@googlegroups.com
Very interesting finding David thanks!
--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Adam Fisk
Nov 27, 2016, 10:12:57 PM11/27/16
to Eric Wustrow, traff...@googlegroups.com
I would guess it's at least HTTP/2, but it would be interesting if it
ran over QUIC as well. That would arguably make it more blockable in
some respects (more unique traffic) and less blockable in others (less
likely censors have any mechanism for dealing with it yet).
On Sun, Nov 27, 2016 at 12:23 PM, Eric Wustrow <next...@gmail.com> wrote:
> Are the typical clients that use this service using SPDY/QUIC to access it,
> and not simply HTTP? That might be a consideration for evading detection if
> used directly without domain fronting.
>
> Also worth considering Google's TOS for this service, but maybe Google could
> be convinced to allow it if this became a popular proxy either way (I assume
> they benefit from the user browsing data they now can directly collect).
>
> Eric
--
--
President
Brave New Software Project, Inc.
https://www.getlantern.org
ran over QUIC as well. That would arguably make it more blockable in
some respects (more unique traffic) and less blockable in others (less
likely censors have any mechanism for dealing with it yet).
On Sun, Nov 27, 2016 at 12:23 PM, Eric Wustrow <next...@gmail.com> wrote:
> Are the typical clients that use this service using SPDY/QUIC to access it,
> and not simply HTTP? That might be a consideration for evading detection if
> used directly without domain fronting.
>
> Also worth considering Google's TOS for this service, but maybe Google could
> be convinced to allow it if this became a popular proxy either way (I assume
> they benefit from the user browsing data they now can directly collect).
>
> Eric
>
>
> On Nov 27, 2016 11:53 AM, "Adam Fisk" <af...@getlantern.org> wrote:
>>
>> Very interesting finding David thanks!
>>
>>
>> On Nov 27, 2016 9:31 AM, "David Fifield" <da...@bamsoftware.com> wrote:
>>>
>
> On Nov 27, 2016 11:53 AM, "Adam Fisk" <af...@getlantern.org> wrote:
>>
>> Very interesting finding David thanks!
>>
>>
>> On Nov 27, 2016 9:31 AM, "David Fifield" <da...@bamsoftware.com> wrote:
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Network Traffic Obfuscation" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to traffic-obf...@googlegroups.com.
>>> You received this message because you are subscribed to the Google Groups
>>> "Network Traffic Obfuscation" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Network Traffic Obfuscation" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to traffic-obf...@googlegroups.com.
>> You received this message because you are subscribed to the Google Groups
>> "Network Traffic Obfuscation" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
--
--
President
Brave New Software Project, Inc.
https://www.getlantern.org
Lucas Dixon
Nov 28, 2016, 8:03:22 PM11/28/16
to Adam Fisk, Eric Wustrow, traff...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages