I'm trying to intercept the chrome devtool traffic between puppeteer and chrome.
I see the chrome response in cleartext in Wireshark - Loopback but the request is encrypted.
I suspect the sec-websocket-key value should be useful there but I'm stuck.
Does anyone know how I can get decrypt this part of the traffic ?
Thank you
Related
I have some problems with sniffing chrome http2. I use NetRipper with modified signatures in order to hook functions and I can't find out http2 packets in SSL_Read hook. Do somebody have a solution for that or some extra information in order to figure it out?
NetRipper captures broken packets.
Cannot work with firebase projects locally (I guess after Chrome auto-update). I guess it's not firebase related but Google services in general.
I get CORS error despite the fact I don't use it. CORS extension is disabled.
Error: https://securetoken.googleapis.com/v1/token?key=AIzaSyB2rVH5oURUwciXasOeGlTNW7Lye6naCn0: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://localhost:3000' that is not equal to the supplied origin. Origin 'http://localhost:3000' is therefore not allowed access.
I have tested Safari and it works, so the issue is Chrome related
I'm not an expert on this topic, but as far as I understand Chrome restricted http stuff even more.
I couldn't use https://localhost:3000 as there was no https server
I run webpack server for my js code and I've found solution to set HTTPS=true environment variable and it will enable the https option in webpack dev server.
Chrome doesn't respect such SSL certificate, but if you click Advanced -> Proceed then everything works and I don't get CORS issue any longer.
It may be a better option to generate some SSL certificate that Chrome respects so that you don't have to click Advanced -> Proceed every time, but I'm good with this for now as I can continue working on my projects.
I'm using Fiddler2 on Windows to inspect and analyze HTTPS traffic. To make it less cumbersome, I've installed and trusted the Fiddler2 Root certificate. The Fiddler root certificate makes the browsing experience seamless; all the HTTPS sites are still "secured" (ie: the url is still https, and you still see a certificate lock).
But this becomes problematic when I forget to turn off Fiddler, and find myself browsing sites that I want to remain secured, only to find Fiddler still logging my traffic/content.
Is there a Chrome extension that I can install/use that would visible show when the HTTPS connection is secured by a certificate signed by a specific root?
Unfortunately, it doesn't look like such information is available in the chrome.webRequest API, which you would need to get it in a Chrome Extension.
There was previously a request to Provide information about the TLS connections to extensions via the webRequest API, but it was decided not to be implemented.
I'm trying to inspect the pakets sent over the sctp connection of webrtc datachannels in chrome on my local machine. There isnt really much information which I found about decrypting DTLS-Traffic (e.g. through wireshark). Is there a way to access the certificate generated for the peerconnection? If not, how would one decrypt the traffic by other means? (e.g. some mitm proxy, mostly those are for TLS only though).
the certificate alone won't help, Chrome typically uses DTLS with perfect forward secrecy.
The --disable-webrtc-encryption (see http://peter.sh/experiments/chromium-command-line-switches/) might work in canary.
I was wondering if it is possible to deactivate SSL verification in Chrome or Firefox, so that I can use Wireshark to trace the communication between a Server with self-signed certificate and a web app. Unfortunately, most of the hints I found were already out-dated or do not work at all.
The problem is that accepting the certificate in Firefox or Chrome results in a different SSL handshake. Wireshark can't decrypt this stream anymore.
When I use a native written app (with Java) and disable SSL verification, Wireshark is able to decrypt the stream correctly.
Does anyone know how to decrypt SSL streams with Firefox or Chrome?