Redirect certain URLs using sys-*?

I want to redirect all *.reddit.com/* URLs to the equivalent *.teddit.net/* URL. I know there are browser extensions that do this but I’d rather not add to my browser fingerprint.

Where would I begin in Qubes’ networking infrastructure to achieve this redirect? I imagine I’d have to run a local webserver to replace the reddit.com with teddit.net. Would I have to do this in sys-net, or should I make a dedicated sys-redirect qube?

If you could do such thing on sys-net, then your internet provider could do similar thing on their routers. If you want have such proxy interfering with https encrypted traffic you will at least need to add certification authority to your browser. Using some browser extension will be easier and safer way to do it.

Within the context of modern networking, it might be problematic/difficult to reach your L7 goals effectively while looking to address at them at L3.

To achieve your goal, you’d likely want to start considering the options available to create an application layer “proxy” which has the capabilities to adjust the traffic you pass.

There are multiple ways to do this. I think runing a DNS proxy can do it. I recommend looking around on r/selfhosted. Find a solution that is secure and you like it, and came back here. Please let me know as I’m intrested in doing something similar.

You can’t just make the DNS return the teddit.com IP address when you query reddit.com, if you do this you are just going to connect to the teddit.com web server and request the reddit.com domain, which doesn’t work.

@ L3, might be worth trying to make an entry into /etc/hosts but, I think many modern web services/sites will choke on this configuration; it may be cumbersome to maintain easily.

Totally didn’t think about it. Isn’t it possible to redirect a website at DNS level?

I don’t think so, the HTTP protocol includes the hostname in the request header.

I looked into using pihole to redirect DNS queries at one point, but didn’t get very far before deciding to just block sites and bookmark my preferred alternatives. That said, I’d be very interested to hear if someone has managed to accomplish this with DNS filtering (or any other method).

The following pi-hole forum discussion on custom redirects has a solution, so probably worth a read.

Here’s some bash to implement the proper tool for the job on a debian-based distro (adjust as necessary for one’s favorite flavor of linux):

#!/bin/bash
# Update & install dependancies
apt update && apt upgrade -y && apt autoremove -y
apt install -y axel

# Dirty download & install mitmproxy suite (distro packages don't work out-of-the-box for `bookworm`, YMMV w/`bullseye`)
axel -q -o /tmp/mitmproxy-9.0.1-linux.tar.gz -n 10 "https://snapshots.mitmproxy.org/9.0.1/mitmproxy-9.0.1-linux.tar.gz"
# <insert_signature_check_here>?
tar -zxvf /tmp/mitmproxy-9.0.1-linux.tar.gz -C /usr/bin

# Run mitmproxy & background
sudo su cool_user_name -c mitmweb &
sleep 5
killall mitmweb

# Install default certificate
mv /home/cool_user_name/.mitmproxy/mitmproxy-ca-cert.pem /usr/share/ca-certificates/mitmproxy.crt
update-ca-certificates

# Run as an unprivileged user
sudo su cool_user_name -c mitmweb &>/dev/null &

+ Configure browser of choice to use 127.0.0.1:8080 as the HTTP(S) proxy
+ Add the certificate (/usr/share/ca-certificates/mitmproxy.crt) to trusted certs within your browser
+ Browse to https://127.0.0.1:8081 to explore the user-friendly GUI interface
+ Adjust config files as necessary to avoid manually having to configure intercepts/redirects etc.

^^^^^ Something similar works well to create sys-mitm.