You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! First of all, kudos to you for your great job on developing a complete toolbox for dynamic analysis of JS, I really like it :)
I would like to try Otiluke with Aran/Linvail to perform taint analysis of JS. However, despite it works fine for HTTP connections, it gets lost in the case of HTTPS connections (e.g., https://www.google.com/). Looking roughly at the browser/index.js file, it seems that just one instance of HTTP.Server is actually used, while a HTTPS.Agent is present, but (maybe?) without any meaningful purpose.
This is the procedure I followed (on Ubuntu, as superuser):
Install Otiluke globally with npm install -g otiluke
Run otiluke-browser-ca
Install certificate <otiluke-root>/browser/ca/cert.pem on Firefox and restart Firefox
Run otiluke-browser --vpath=<otiluke-root>/test/virus.js --port=8080
On Firefox, configure proxy server for all protocols (HTTP, HTTPS, SOCKS) using :: as host and 8080 as port
When I try to navigate to a site that I have never visited before through HTTPS, Firefox throws a SSL_ERROR_RX_RECORD_TOO_LONG error. What am I doing wrong?
Thank you in advance.
The text was updated successfully, but these errors were encountered:
Hi @eleumasc thanks for your interest. First, know that running aran + linvail on real-world sites will make them extremely slow. Have you tried the regular steps to fix this error -- eg: update firefox, clear cache, restart computer, ... If these steps do not work, maybe some security policies changes since I published this code which was a while ago. In that case, I'm afraid I do not have the time to fix this in the foreseeable future. If you feel like it, you are more than welcome to investigate this and submit a PR.
Hi! First of all, kudos to you for your great job on developing a complete toolbox for dynamic analysis of JS, I really like it :)
I would like to try Otiluke with Aran/Linvail to perform taint analysis of JS. However, despite it works fine for HTTP connections, it gets lost in the case of HTTPS connections (e.g., https://www.google.com/). Looking roughly at the
browser/index.js
file, it seems that just one instance ofHTTP.Server
is actually used, while aHTTPS.Agent
is present, but (maybe?) without any meaningful purpose.This is the procedure I followed (on Ubuntu, as superuser):
npm install -g otiluke
otiluke-browser-ca
<otiluke-root>/browser/ca/cert.pem
on Firefox and restart Firefoxotiluke-browser --vpath=<otiluke-root>/test/virus.js --port=8080
::
as host and8080
as portWhen I try to navigate to a site that I have never visited before through HTTPS, Firefox throws a
SSL_ERROR_RX_RECORD_TOO_LONG
error. What am I doing wrong?Thank you in advance.
The text was updated successfully, but these errors were encountered: