I want to redirect all *.reddit.com/* URLs to the equivalent *.teddit.net/* URL. I know there are browser extensions that do this but I’d rather not add to my browser fingerprint.
Where would I begin in Qubes’ networking infrastructure to achieve this redirect? I imagine I’d have to run a local webserver to replace the reddit.com with teddit.net. Would I have to do this in sys-net, or should I make a dedicated sys-redirect qube?
If you could do such thing on sys-net, then your internet provider could do similar thing on their routers. If you want have such proxy interfering with https encrypted traffic you will at least need to add certification authority to your browser. Using some browser extension will be easier and safer way to do it.
There are multiple ways to do this. I think runing a DNS proxy can do it. I recommend looking around on r/selfhosted. Find a solution that is secure and you like it, and came back here. Please let me know as I’m intrested in doing something similar.
You can’t just make the DNS return the teddit.com IP address when you query reddit.com, if you do this you are just going to connect to the teddit.com web server and request the reddit.com domain, which doesn’t work.
I looked into using pihole to redirect DNS queries at one point, but didn’t get very far before deciding to just block sites and bookmark my preferred alternatives. That said, I’d be very interested to hear if someone has managed to accomplish this with DNS filtering (or any other method).
Here’s some bash to implement the proper tool for the job on a debian-based distro (adjust as necessary for one’s favorite flavor of linux):
# Update & install dependancies
apt update && apt upgrade -y && apt autoremove -y
apt install -y axel
# Dirty download & install mitmproxy suite (distro packages don't work out-of-the-box for `bookworm`, YMMV w/`bullseye`)
axel -q -o /tmp/mitmproxy-9.0.1-linux.tar.gz -n 10 "https://snapshots.mitmproxy.org/9.0.1/mitmproxy-9.0.1-linux.tar.gz"
tar -zxvf /tmp/mitmproxy-9.0.1-linux.tar.gz -C /usr/bin
# Run mitmproxy & background
sudo su cool_user_name -c mitmweb &
# Install default certificate
mv /home/cool_user_name/.mitmproxy/mitmproxy-ca-cert.pem /usr/share/ca-certificates/mitmproxy.crt
# Run as an unprivileged user
sudo su cool_user_name -c mitmweb &>/dev/null &
+ Configure browser of choice to use 127.0.0.1:8080 as the HTTP(S) proxy
+ Add the certificate (/usr/share/ca-certificates/mitmproxy.crt) to trusted certs within your browser
+ Browse to https://127.0.0.1:8081 to explore the user-friendly GUI interface
+ Adjust config files as necessary to avoid manually having to configure intercepts/redirects etc.
^^^^^ Something similar works well to create sys-mitm.