How do I determine which cookies are being blocked by Chrome 80 - google-chrome

I currently am using Chrome 79 with the flags enabled to emulate the upcoming feature in Chrome 80
chrome://flags/#same-site-by-default-cookies
chrome://flags/#cookies-without-same-site-must-be-secure
When I visit a site with my Developer Tools open and review the console logs, all it says is that it blocked a cookie, with no idication WHAT cookie it blocked.
How do I determine what cookie was blocked?

Try it in Chrome Canary. You still have to manually enable the flags for some reason (despite Canary being Chrome 81 at this point), but you have the option to only show blocked cookies, which provide you with a lot more information.

Related

Google Chrome Flag Confusion

I want to disable security in Android Chrome. On search i come across we can disable security for normal Windows Chrome using the parameter - "chromium-browser --disable-web-security --user-data-dir="[some directory here]""
However when i search how to do it for Android Chrome. I come across chrome://flags option
I have opened and add the addrees in "insecure origins treated as secure" enabled.
But still facing CORS issue
Please advise.

Why is Chome devtools automatically blocking a request?

I am trying to build a PWA (Progressive Web App) but the Chrome devtools console is warning that it is blocking my css and icon file.
Request was blocked by DevTools: "https://example.com/styles/style.css".
I cannot find any information about this happening automatically and, to my knowledge, should only happen if the user has manually requested to block a script. Chrome does not offer any other information about the warnings other than being blocked.
This error means the domain or URL has been blocked in the devtools. Most of the time, it's just because the developer blocked the request without paying attention.
To unblock it, just follow these steps:
Open your devtools
Go to the network tab
Right-click on the request that blocked
Then click Unblock <request-url>

Making fiddler work with chrome

I want to use fiddler to monitor api calls made by my browser when it visits some pages.
The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.
The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.
Solutions I tried that failed -
Four hours of google and stack overflow did not give me any solutions.
Convert the fiddler cert to pk 7 ??? format.
Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.
Install the fiddler cert with admin rights on windows, by "running" it.
Run chrome and ignore cert errors.
Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.
In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.
I was facing similar issue with Fiddler v4.6 and followed these steps:
Fiddler 4.6.1.5+
Click Tools > Fiddler Options.
Click the HTTPS tab.
Ensure that the text says Certificates generated by CertEnroll engine.
Click Actions > Reset Certificates. This may take a minute.
Accept all prompts
Fiddler 4.6.1.4 and earlier
Click Tools > Fiddler Options.
Click the HTTPS tab
Uncheck the Decrypt HTTPS traffic checkbox
Click the Remove Interception Certificates button. This may take a minute.
Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
(Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
Exit and restart Fiddler
Click Tools > Fiddler Options.
Click the HTTPS tab
Re-check the Decrypt HTTPS traffic checkbox
Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)
Reference:
https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
I used these two stack overflow posts -
https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate
https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7
I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.
After I reinstalled fiddler and did what Abir suggested Fiddler still didn't capture any traffic.
In my case it stopped working because I installed a chrome extension named Tunnel Bear, uninstalling the extension solved it for me.
Firefox has its own certificate store so I assume you just installed the DO_NOT_TRUST... Fiddler root cert there and everything worked. Pretty much you should do the same with Windows certificate store in order for Chrome to work. So make sure you remove all the fiddler certificates you previously generated and regenerate.
if fiddler do not capture chrome traffic, one solution is checking extensions. in my case i use zenmate vpn. when i disable this extension, fiddler capture all traffic in chrome

Fiddler suddenly cannot capture anything from broswers

Fiddler had worked well on my laptop, but all of a sudden it cannot capture anything from my browsers. I have no ideas about what I have done may cause this problem.
The version of my fiddler is v4.6.0.5, it cannot capture http requests from all of my browsers, chrome, IE and Edge. My system is Windows 10.
I've carefully read the webpage Fiddler not capturing traffic from browsers
However, solutions works well for others do not work in my situations.
I've tried reinstalled fiddler and reset chrome hundreds of times
http://localhost.fiddler:8888/ cannot be found
http://127.0.0.1:8888 returns "This page returned a HTTP/200 response
Originating Process Information: chrome:79748"
I didn't use any filters
I have no extensions on chrome and close all kinds of VPN software.
I've checked 'Decrypt HTTPS traffic'
Anybody knows how can I solve the problem? Thank you!
I found that some of the software's http request is captured. It seems like that only the browsers' requests are not captured.
I temporarily use the developer tools in chrome for replacement(Ctrl+Shift+I, choose "NetWork"). It can capture the requests missed in Fiddler.
Your output indicates that:
Fiddler is running, and
It isn't blocked by a firewall or other software
Fiddler is not set as your system's proxy
On Fiddler's File menu, does the Capture traffic item have a checkmark next to it? While Fiddler is running, if you click Tools > WinINET Options > LAN Settings, what do you see?
Do you have any third-party antivirus software installed? Is this machine under the control of Group Policy (e.g. on a corporate network)?
If you start Chrome like so: chrome --proxy-server=http://127.0.0.1:8888, what happens?

ERR_SSL_PROTOCOL_ERROR in chrome 39 and 40 but works in chrome 36.Help fix in chrome 39

I am able to access a URL in Chrome 36 and IE8 but in Chrome 39 or 40 or Firefox 35 it throws the error:
Unable to make a secure connection to the server. This may be a
problem with the server, or it may be requiring a client
authentication certificate that you don't have.
Error code: ERR_SSL_PROTOCOL_ERROR}.
It seems that it is an issue related to the SSL certificate. How can I fix this?
Google announced that they would begin removing support for SHA-1 cryptographic hash algorithm beginning with Chrome 39. According to Google:
HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface.
There are several sites which can provide detailed analysis of your SSL certificate chain, such as Qualys SSL Labs' SSL Test.
Google Chrome does have a highly risky command-line option --ignore-certificate-errors which might bypass certain certificate errors. Be aware that ignoring certificate errors puts all of your SSL traffic at risk of being eavesdropped on.
It's also possible that this is a new bug. Google switched from using OpenSSL library to it's own "BoringSSL" library in Chrome 38. To report a bug in Chrome visit chrome://help/ and click "Report an issue".
Try this. In Chrome, enter "chrome://flags/#enable-quic" without the quotes as a URL. CTRL + F to search for "quic", at which point you'll find...
Experimental QUIC protocol. Mac, Windows, Linux, Chrome OS, Android
Enable experimental QUIC protocol support. #enable-quic
Turn that to disabled, and let it restart your browser when prompted below.
Go to Windows Firewall, click on "Restore Defaults", then again. The problem should be fixed.
For me this issue resolved when I turned off my Antivirus Browsing control.
First check that in :
Internet Explorer- go to tools/internet options/advanced in the settings box, scroll all the way to the bottom and select Use TLS 1.0 and it will fix the problem.
SSL 2.0 or 3.0 and these are should also be selected.
Google Chrome-Click "wrench" sign on the tope right of it.Click Options then Under the bonnet in network click Change Proxy Settings and follow the steps above as in Internet Explorer.
If this didn't work try the following steps:
Unhide all the files and folders.
Then go to C:\Windows\System32\drivers\etc\hosts.
Right click on hosts file,then click properties. Then click security tab. After that click edit.
Here,click system and you have to check on allow full control and uncheck deny.
Click OK and then OK.
Now delete the hosts file.
You could read google forum tips from here
or you get all the details solution about err_ssl_protocol_error from here. I hope this will work and fix the error.