WhatsApp · edoerpani · Jun 14, 2023 · Jul 13, 2023 · DGDUVDG · Sep 3, 2024
diff --git a/README.md b/README.md
@@ -82,7 +82,7 @@ You should see a message similar to `[+] Building 6.6s (18/18) FINISHED`. The co
 You can manually execute the Docker container with the following `docker` command
 
 ```bash
-docker run -it -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 whatsapp_proxy:1.0
+docker run -it -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 -p 587:587 -p 7777:7777 whatsapp_proxy:1.0
 ```
 
 You will see lines ending with `Certificate generation completed.`. The HAProxy is running in the background and will continue to do so until you close this process.
@@ -104,6 +104,7 @@ Depending on the scenario in which you utilize your proxy, the proxy container e
 1. 80: Standard web traffic (HTTP)
 2. 443: Standard web traffic, encrypted (HTTPS)
 3. 5222: Jabber protocol traffic (WhatsApp default)
+4. 587 or 7777: *.whatsapp.net traffic including media (HTTPS)
 
 There are also ports configured which accept incoming [proxy headers](https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address/) (version 1 or 2)
 on connections. If you have a network load balancer you can preserve the client IP address if you want.

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
@@ -51,6 +51,8 @@ EXPOSE 8443/tcp
 EXPOSE 5222/tcp
 EXPOSE 8222/tcp
 EXPOSE 8199/tcp
+EXPOSE 587/tcp
+EXPOSE 7777/tcp
 
 # This is the startup command which also runs a background job to manage the WAPOX IPs
 CMD /usr/local/bin/set_public_ip_and_start.sh
diff --git a/proxy/ops/docker-compose.yml b/proxy/ops/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       - "8080:8080" # HTTP with accept-proxy processing
       - "8443:8443" # HTTPS with accept-proxy processing
       - "8222:8222" # JABBER with accept-proxy processing
+      - "587:587"   # whatsapp.net
+      - "7777:7777" # whatsapp.net
     healthcheck:
       test: /usr/local/bin/healthcheck.sh
       interval: 10s

diff --git a/proxy/src/healthcheck.sh b/proxy/src/healthcheck.sh
@@ -8,17 +8,17 @@ curl -s -w 2 "http://127.0.0.1:8199/;csv" > /tmp/stats.txt || exit 1
 
 # First trim off the leading line which is just "#"
 # Then convert the ugly CSV to slightly less ugly JSON
-# Filter out the lines for g_whatsapp_net backend status
+# Filter out the lines for *.whatsapp_net backend status
 # Select the "check_desc" field (Description of the check result)
 # and take all results that do NOT equal "Layer4 check passed" from HAProxy
-RESULT=$(tail -n +1 /tmp/stats.txt | jq -R 'split(",")' | jq -c '. | select(.[1] | contains("g_whatsapp_net"))' | jq --raw-output '.[65]| select(. | test("Layer4 check passed") | not)')
+RESULT=$(tail -n +1 /tmp/stats.txt | jq -R 'split(",")' | jq -c '. | select(.[1] | contains("whatsapp_net"))' | jq --raw-output '.[65]| select(. | test("Layer4 check passed") | not)')
 
 # # CSV output header row:
 # # ["# pxname","svname","qcur","qmax","scur","smax","slim","stot","bin","bout","dreq","dresp","ereq","econ","eresp","wretr","wredis","status","weight","act","bck","chkfail","chkdown","lastchg","downtime","qlimit","pid","iid","sid","throttle","lbtot","tracked","type","rate","rate_lim","rate_max","check_status","check_code","check_duration","hrsp_1xx","hrsp_2xx","hrsp_3xx","hrsp_4xx","hrsp_5xx","hrsp_other","hanafail","req_rate","req_rate_max","req_tot","cli_abrt","srv_abrt","comp_in","comp_out","comp_byp","comp_rsp","lastsess","last_chk","last_agt","qtime","ctime","rtime","ttime","agent_status","agent_code","agent_duration","check_desc","agent_desc","check_rise","check_fall","check_health","agent_rise","agent_fall","agent_health","addr","cookie","mode","algo","conn_rate","conn_rate_max","conn_tot","intercepted","dcon","dses","wrew","connect","reuse","cache_lookups","cache_hits","srv_icur","src_ilim","qtime_max","ctime_max","rtime_max","ttime_max","eint","idle_conn_cur","safe_conn_cur","used_conn_cur","need_conn_est","uweight","agg_server_check_status","-","ssl_sess","ssl_reused_sess","ssl_failed_handshake","h2_headers_rcvd","h2_data_rcvd","h2_settings_rcvd","h2_rst_stream_rcvd","h2_goaway_rcvd","h2_detected_conn_protocol_errors","h2_detected_strm_protocol_errors","h2_rst_stream_resp","h2_goaway_resp","h2_open_connections","h2_backend_open_streams","h2_total_connections","h2_backend_total_streams",""]
 
 if [ "$RESULT" != "" ]
 then
-  echo "[HEALTHCHECKER] Container failed healthchecks, L4 healthcheck on g.whatsapp.net failed"
+  echo "[HEALTHCHECKER] Container failed healthchecks, L4 healthcheck on *.whatsapp.net failed"
   echo "[HEALTKCHECKER] Result $RESULT"
   exit -1;
 fi

diff --git a/proxy/src/proxy_config.cfg b/proxy/src/proxy_config.cfg
@@ -80,6 +80,19 @@ frontend haproxy_v4_xmpp
 
   default_backend wa
 
+frontend haproxy_v4_whatsapp_net
+  maxconn 27495
+  #PUBLIC_IP
+
+  bind ipv4@*:587
+  bind ipv4@*:7777
+
+  default_backend wa_whatsapp_net
+
+backend wa_whatsapp_net
+  default-server check inter 60000 observe layer4
+  server whatsapp_net_443 whatsapp.net:443
+
 backend wa
   default-server check inter 60000 observe layer4 send-proxy
   server g_whatsapp_net_5222 g.whatsapp.net:5222

diff --git a/proxy/src/set_public_ip_and_start.sh b/proxy/src/set_public_ip_and_start.sh
@@ -6,7 +6,7 @@
 
 ## About:
 # This script replaces instances of #PUBLIC_IP in the HaProxy configuration files
-# with the the real public ip. There's an order of priority here which is
+# with the real public ip. There's an order of priority here which is
 # 1. Environment variable
 # 2. AWS EC2 Metadata endpoint
 # 3. Third-party sources