I am using Fiddler Application to inspect / debug HTTPS , I found that when I am activating the HTTPS Fiddler Automatically Create and Install a certificate , is it possible to achieve the same behavior using FiddlerCore ?
Best Regards
Yuval
The demo application included in the FiddlerCore package (see Program.cs in the SampleApp folder) shows how to enable HTTPS decryption in FiddlerCore. It generates the certificates as needed.
Note that you should follow the instructions in the source code (sync'ing the event handlers to receive notice of errors, and copy the makecert.exe file into the proper folder).
Related
I'm having trouble using Mock Service Worker in a React project. The application is bundled using parceljs inside the dist folder, the pages are visualized correctly however msw is unable to register the service worker. I followed all the setup suggest in the msw documentation but not matter how my application is run in http or https with self-signed certificates, Firefox 100 will output
Failed to get service worker registration(s): Storage access is restricted in this context due to user settings or private browsing mode.
Uncaught (in promise) DOMException: The operation is insecure.
Or Chrome
Uncaught (in promise) Error: [MSW] Failed to register the Service Worker:
Failed to register a ServiceWorker for scope ('https://localhost:1234/') with script ('https://localhost:1234/mockServiceWorker.js'): An SSL certificate error occurred when fetching the script.
at index.js:684:17
at Generator.next (<anonymous>)
at fulfilled (RequestHandler-deps.js:36:47)
Despite following the troubleshooting guidelines here.
The only way to have msw running is to open the application using the anonymous mode in Firefox but in the console the service workers are registered in fallback mode
[MSW] Mocking enabled (fallback mode).
My system is Ubuntu 22.04, nodejs version 16.14, parceljs version 2.5.0, msw version 0.38.1.
As the error suggests, your SSL certificate is not trusted by your browser.
There's a designated Using local HTTPS recipe in MSW documentation, I highly recommend you read it. It lists all the possible ways to resolve this issue.
Context: you cannot register a Service Worker in an insecure environment. Such environments include HTTP or self-signed (untrusted) HTTPS. I believe the latter is precisely your case.
I'd recommend whitelisting localhost, making the browser treat it as secure. In Chrome, you can do that by:
Opening chrome://flags.
Finding the allow-insecure-localhost flag and enabling it.
Alternatively, consider serving your app locally with an actual certificate that the browser may verify. Browsers often provide you with feedback around the certificate validity, mentioning exact things that fail.
Also, if you're running Firefox in a private mode, I think they don't support Service Workers in that scenario. Switch from the private mode back to the regular mode, and the worker should register.
I'm doing application with spring security and Spring MVC in back end and Angular in front end.
My problem is that I do the logged in correctly, but the problem in logged out I implemented correctly in my localhost: http://localhost:8080 worked without problem. When I change it to https:// I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
I want to know how to correct that? And how to know which url blocked by https in the browser for example chrome?
This post which gives a solution to your problem: http://www.learningthegoodstuff.com/2015/08/mixed-http-error-with-spring-security.html
All the details are explained there, basically all you have to do is add this two lines to my application.properties file:
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
I fixed by removing a forward slash from the end of a URL fixing everything.this is help me : GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"
This happens when the server is using http (non secured). You can fix it by enforcing https for all resources in the backend. Check here for more details.
In #Jabir Minjibir's answer there is very good link to describe the error. As sum up, when your application works with httpS scheme you can't make visits to unsecure links which is http.
I got this error and fixed it like I wrote below:
Mixed Content: The page at 'https://stackblitz.com/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint 'http://172.19.0.62:920/'.
This request has been blocked; the content must be served over HTTPS.
You can mask unsecure links with simple-https-proxy npm package. In my experience I was coding an angular sample on httpS://stackblitz.com and I was trying to connect to an Elasticsearch server which doesn't have a domain name. I needed to make it working with ssl but I couldn't modify it's scheme. Thus I installed a proxy which can work secure (httpS).
I installed the npm package:
npm i -g simple-https-proxy#latest
Then I created certificate:
simple-https-proxy --makeCerts=true
Then I ran it
simple-https-proxy --target=http://172.19.0.62:9200 --port=9201 --rewriteBodyUrls=false
In another example:
We are using windows 8.1 for one angular application. Installed the bower and npm, also installed node server.
We can see the login page after npm start but after login success we are not able to redirect. It showing error
Cannot GET /components/home.html
After inspect element Console error like this:
angular.js:11038 GET http://localhost:8081/components/home.html 404 (Not Found)
Header:
Request URL:http://localhost:8081/components/home.html
Request Method:GET
Status Code:404 Not Found
Remote Address:[::1]:8081
Referrer Policy:no-referrer-when-downgrade
Response:
Cannot GET /components/home.html
But it is working on linux machine perfectly. We are using .Net web api so we want to use one machine for both application.
Any help is appreciated. Thanks!
If you have tested on Linux and it works, I would say it is a configuration in paths the server that it is serving the assets. If you are using Express or Webpack to serve you React code, they have good support for Windows, so probably is a local configuration issue.
Try checking for any static paths, e.g. ./foo/bar and replacing them with a more Windows-friendly syntax, for example:
const path = require("path")
path.join("foo", "bar")
i am using browsermob proxy latest version with selenium script
i am intercepting http requests and adding custom headers on every request and routing all http and https traffic through browsermob proxy
when https request is made in firefox and safari i am getting ssl certificate error (when i checked in network tab manually i could see invalid ssl certificate error)
I checked Browsermob little proxy with mitm and created custom certificate .. when i install that test.cer file in browser manually by dragging certificate into browser then my testscript works fine
could you please help me out in this case how to import dynamically created test.cer file into firefox and safari browser?
or am i doing anything wrong in the approach itself ?
Create a browser profile and import this certificate and use the same profile when you are starting the browser driver. This should solve your issue
I'm using Google Cloud Endpoints as back end of a mobile application.
Now i want to implement push notifications for the iOS client but can't load the .p12 certificate from an #ApiMethod, get this error message:
Invalid keystore reference. File does not exist:
/base/data/home/apps/s~my-ws/1.379168523188882449/MyCert.p12"
I added the certificate under /src directory but does not seem to recognize it.
I'm using IntelliJ IDEA, Appengine API 1.9.12, javapns (for Push Notifications) and Maven.
Edit
Maybe i made a step forward.
I put the .p12 file under /src/webapp/WEB-INF/ and added
<configuration>...<webResources><resource><includes><include>*.p12</include>
in my pom.xml.
Then i run mvn clean install && mvn appengine:endpoints_get_discovery_doc and inspected the generated myws-1.0-SNAPSHOT.war. Within the .war file there is my MyCert.p12certificate, but i get this error message now:
java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"/WEB-INF/MyCert.p12\" \"read\")"
Could you check the code that is actually loading the cert? It may be that you need to remove a leading slash from the File constructor. This is not an App Engine thing but a java File thing.
Also, unrelated to your solution but helpful, is a thread here on best ways to store p12 files on App Engine.