Wednesday, March 13, 2013

T-Mobile Tethering w/ Google Chrome...or what the hack?

I've been tethering my rooted T-Mobile Android phones for over 2 years now. First I used the myTouch 4g, and more recently a Samsung Galaxy S3.

Recently, however, when connected to my T-Mobile Wifi Hotspot on my laptop, and browsing in Google Chrome my url requests are trapped and I'm redirected to a page like this:

This only seems to happened when browsing non-SSL (http) sites in Chrome and not when using SSL (https), as you can see from a similar request made immediately before this one to Github's SSL address:
Also, this doesn't seem to be happening in Firefox, Safari, or Opera when browsing via a T-Mobile tethered connection. So it begs the question? What is this voodoo? Is T-Mobile reading my Http requests and examining the user agent of the browser and redirecting me?* 

If so why wouldn't they redirect other desktop browsers? 

Furthermore, while I'm tethered, I typically start receiving PUSH messages from T-Mobile badgering me to upgrade to a paid tethering subscription. Again, unless the phone is sending some notification that it is using a tether back to the provider, I'm not sure how they are aware I am tethering.

Background:
Speed/Continued connectivity: Anyways, as I am well short of my monthly cap on bandwidth usage at 4G I haven't had any connectivity problems other than when I'm traveling at high-speeds in a car or train. The speeds are "OK" given my signal and amount of movement. There doesn't seem to be any attempt by T-Mobile to punish this transgression, on my bill or with my connectivity.

Device:
Samsung Galaxy S3 + Android 4.1.1 ROM based AOKP, I've used various ROMs that have tethering available. The most recent of which seem to keep the T-Mobile Hotspot management app, but others don't, and I've had the same issue.

So what is going on here? 

*This was an idea suggested by a colleague of mine after describing the problem. It would make sense, as it would be hard for them to capture the user-agent of an SSL encrypted request. This still begs the question about the other desktop browser user agents!

3 comments:

  1. use wireshark. examine the differences in the raw traffic between the browsers.

    ReplyDelete
  2. "Is T-Mobile reading my Http requests and examining the user agent of the browser and redirecting me?* "

    To verify this:

    Write a program (could be a script utilizing curl) that make the same request to the same site using different Request Headers (User-Agent part)

    ReplyDelete
    Replies
    1. # Chrome 25 on Mac OS X
      curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22" http://www.example.com/

      # Chrome 25 on Android
      curl --user-agent "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.169 Safari/537.22" http://www.example.com/

      # Android default browser
      curl --user-agent "Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; Galaxy Nexus Build/JRO03C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30" http://www.example.com/

      Delete